Getting access denied error while acessing monitoring tab in kibana

Hi,

We have set up a dedicated monitoring cluster and saml/filebased authentication is setup for user authentication.

When I connect to kibana through file based authentication user(elk_user-username) and try to acess the monitoring tab,I am able to access the tab(same user is present in monitoring cluster as well and superuser/monitoring_user privs has been granted to the user).While for saml authentication I have granted monitoring_user privileges to all the AD groups present in both monitoring and production cluster.But still I get the below error while logging in through my id.

You are not authorized to access Monitoring. To use Monitoring, you need the privileges granted by both the kibana_user and monitoring_user roles.

If you are attempting to access a dedicated monitoring cluster, this might be because you are logged in as a user that is not configured on the monitoring cluster.

Please suggest if we can access the monitoring tab with saml authentication with our current setup.If Yes,any changes that has to be done in elasticsearch.yml file or please confirm if the user has to be present in monitoring cluster (through native realm/file based authentication) and we cannot access monitoring tab through saml authentication.

Thanks,
Aravind

Hi @arvind297,

Looks like you're hitting this issue and, unfortunately, currently SAML realm doesn't support external monitoring cluster since when you login with SAML you get an elasticsearch security token for the cluster you are logged in to and those tokens are cluster specific (see more details on that issue).

Having said that, it's something that we really would like to solve in the near term.

Best,
Oleg

Hi Oleg,

Thanks for the update.

Thanks,
Aravind

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.