Error when testing sample about Security Extensions and Custom Realms from Elasticsearch blog post

Uiidoi12 · December 6, 2018, 8:31am

Hi,

I followed steps from this blog post and tried the following commands to test, after installing the plugin on my Elasticsearch instance:

$ curl 'localhost:9200/webstore-45/_doc/1' -d '{ "name":"store-45-item-1" }' \
  -u elastic -XPUT -H "Content-Type: application/json" 
$ curl 'localhost:9200/webstore-45/_doc/2' -d '{ "name":"store-45-item-2" }' \
  -u elastic -XPUT -H "Content-Type: application/json" 
$ curl 'localhost:9200/webstore-50/_doc/1' -d '{ "name":"store-50-item-1" }' \
  -u elastic -XPUT -H "Content-Type: application/json" 
$ curl 'localhost:9200/webstore-50/_doc/2' -d '{ "name":"store-50-item-2" }' \
  -u elastic -XPUT -H "Content-Type: application/json"

$ ClaimJson='{"principal":"store-45-user","storeId":45,"role":"reader"}'
$ unzip certs.zip webstore/webstore.key
$ ClaimSig="$( printf '%s' "$ClaimJson" | \
    openssl dgst -sha256 -sign webstore/webstore.key | base64)"

then the call to:

curl "localhost:9200/_xpack/security/_authenticate" \
    -H "x-web-store-claims: $ClaimJson" -H "x-web-store-sig: $ClaimSig"

gives me the following error:

{
  "error": {
    "root_cause": [
      {
        "type": "illegal_argument_exception",
        "reason": "a header name cannot contain the following prohibited characters: =,;: \\t\\r\\n\\v\\f: ="
      }
    ],
    "type": "illegal_argument_exception",
    "reason": "a header name cannot contain the following prohibited characters: =,;: \\t\\r\\n\\v\\f: ="
  },
  "status": 400
}

Just FYI I'm running Elasticsearch with docker and executing those commands from host machine.
Tried with both v6.3 and 6.5.1

Any help please?

Thanks

Uiidoi12 · December 6, 2018, 11:14am

Ok it seems I found a solution by adding:

ClaimSig=`echo $ClaimSig | sed 's/\n//g' | sed 's/\t//g' | sed 's/ //g'`

Now the problem is that the _authenticate call:

curl "localhost:9200/_xpack/security/_authenticate" \
    -H "x-web-store-claims: $ClaimJson" -H "x-web-store-sig: $ClaimSig"

returns:

{
   "error" : {
      "header" : {
         "WWW-Authenticate" : "Basic realm=\"security\" charset=\"UTF-8\""
      },
      "reason" : "missing authentication token for REST request [/_xpack/security/_authenticate]",
      "root_cause" : [
         {
            "header" : {
               "WWW-Authenticate" : "Basic realm=\"security\" charset=\"UTF-8\""
            },
            "reason" : "missing authentication token for REST request [/_xpack/security/_authenticate]",
            "type" : "security_exception"
         }
      ],
      "type" : "security_exception"
   },
   "status" : 401
}

Any idea?
Thanks

TimV · December 10, 2018, 4:58am

At a guess, it doesn't look like you've configured a webstore realm

Uiidoi12 · December 10, 2018, 1:44pm

yes, you are right. I forgot to configure it!

Thanks a lot!

system · January 7, 2019, 1:44pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.