Error when testing sample about Security Extensions and Custom Realms from Elasticsearch blog post

security

#1

Hi,

I followed steps from this blog post and tried the following commands to test, after installing the plugin on my Elasticsearch instance:

$ curl 'localhost:9200/webstore-45/_doc/1' -d '{ "name":"store-45-item-1" }' \
  -u elastic -XPUT -H "Content-Type: application/json" 
$ curl 'localhost:9200/webstore-45/_doc/2' -d '{ "name":"store-45-item-2" }' \
  -u elastic -XPUT -H "Content-Type: application/json" 
$ curl 'localhost:9200/webstore-50/_doc/1' -d '{ "name":"store-50-item-1" }' \
  -u elastic -XPUT -H "Content-Type: application/json" 
$ curl 'localhost:9200/webstore-50/_doc/2' -d '{ "name":"store-50-item-2" }' \
  -u elastic -XPUT -H "Content-Type: application/json" 
$ ClaimJson='{"principal":"store-45-user","storeId":45,"role":"reader"}'
$ unzip certs.zip webstore/webstore.key
$ ClaimSig="$( printf '%s' "$ClaimJson" | \
    openssl dgst -sha256 -sign webstore/webstore.key | base64)"

then the call to:

curl "localhost:9200/_xpack/security/_authenticate" \
    -H "x-web-store-claims: $ClaimJson" -H "x-web-store-sig: $ClaimSig"

gives me the following error:

{
  "error": {
    "root_cause": [
      {
        "type": "illegal_argument_exception",
        "reason": "a header name cannot contain the following prohibited characters: =,;: \\t\\r\\n\\v\\f: ="
      }
    ],
    "type": "illegal_argument_exception",
    "reason": "a header name cannot contain the following prohibited characters: =,;: \\t\\r\\n\\v\\f: ="
  },
  "status": 400
}

Just FYI I'm running Elasticsearch with docker and executing those commands from host machine.
Tried with both v6.3 and 6.5.1

Any help please?

Thanks


#2

Ok it seems I found a solution by adding:

ClaimSig=`echo $ClaimSig | sed 's/\n//g' | sed 's/\t//g' | sed 's/ //g'`

Now the problem is that the _authenticate call:

curl "localhost:9200/_xpack/security/_authenticate" \
    -H "x-web-store-claims: $ClaimJson" -H "x-web-store-sig: $ClaimSig"

returns:

{
   "error" : {
      "header" : {
         "WWW-Authenticate" : "Basic realm=\"security\" charset=\"UTF-8\""
      },
      "reason" : "missing authentication token for REST request [/_xpack/security/_authenticate]",
      "root_cause" : [
         {
            "header" : {
               "WWW-Authenticate" : "Basic realm=\"security\" charset=\"UTF-8\""
            },
            "reason" : "missing authentication token for REST request [/_xpack/security/_authenticate]",
            "type" : "security_exception"
         }
      ],
      "type" : "security_exception"
   },
   "status" : 401
}

Any idea?
Thanks


(Tim Vernum) #3

At a guess, it doesn't look like you've configured a webstore realm


#4

yes, you are right. I forgot to configure it!

Thanks a lot!