I am trying to generate a security token when a user is logging in. It has been mentioned in the following documentation that "to generate a token" using a query, we need to include a valid "admin" token in the header.
However, any security token will expire after 24 hours, including the "admin" token. So the question is that how can we generate an admin token in the server side which will not expire? Probably I am using the wrong strategy to quest a user token using the admin token, but what will be the appropriate way to do this?
However, this method does not work since it require an existing token to perform the request. Which means "we need a token to request a token". My question is that how can we remove this restriction, so we can directly request a token with user name and password only.
I'm genuinely curious about the reason you're trying to use the token API. A lot of the time when I get questions about how to use it, it turns out that it's not the right fit for the problem that the person wants to use it for.
If you do have a particular reason for wanting to use this API, then I'd love to understand what it is.
Reading between the lines, I think you are being thrown off course by the error message that Elasticsearch returns if you fail to provide authentication credentials for your request ("missing authentication token for REST request"). That error does not specifically refer to tokens from the token management API, it refers to any credentials. You could provide an oauth token, but you can also provide a username+password for native Elasticsearch or LDAP users, or a SSL PKI certificate.
Hi Tim,
I'm currently stuck with the same problem as BO_GAO when I try to use the User Management APIs to create a new user. From my POV, in order to use those APIs, i have to somehow generate a token but I don't know exactly how. Could you give me any tips?
Thanks in advance
90% of the time when people think that they want to use the token management APIs, they are mistaken. Those APIs serve a very specific purpose, and are rarely the solution to the problem you have.
Please take a step back and describe what you are trying to do, and why you think the token management APIs will help with that.
I'm trying to protect my Elastic clusters by using User Authentication feature in xpack. I choose native realm to handle my authentication process. So far I've follow this instruction: https://www.elastic.co/guide/en/x-pack/current/native-realm.html
Setting up native realm is fine for me, but when i try to use User Management APIs to manage my Native users (create, alter, delete), I ran into this error message
when trying to execute this:
curl -X POST "localhost:9200/_xpack/security/user/jacknich" -H 'Content-Type: application/json' -d'
{
"password" : "j@rV1s",
"roles" : [ "admin", "other_role1" ],
"full_name" : "Jack Nicholson",
"email" : "jacknich@example.com",
"metadata" : {
"intelligence" : 7
}
}
'
So i thought somehow i need to generate a token, correct me if i'm wrong since i'm very new to Elasticsearch let alone xpack, kibana and logstash
Looks like you are trying to create user 'jacknich' but you are not providing credentials(username and password) in curl request to describe who is creating user 'jacknich'.
The request is missing Authorization header.
Ex. curl invocation with credentials [-u elastic:password]:
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.
