Is authentification in Kibana available with a basic license? [Solved : yes since 6.8]

Elastic Stack Kibana
1

Hi,

I'm willing to set up an authentification system on my Kibana installation, in order to have one "admin" account which can manage everything he wants on the plateform, and one "viewer" account which can only create/see visualizations, dashboard, use the discovery tab, etc...
(In a nutshell, the admin can access the Dev Tools and Management tabs, and the viewer can't).

I have a ca, and a certificate for my node, and that's what my node configuration looks like :

xpack.security.enabled: true
cluster.name: cluster_de_test_NR
node.name: node-y 
xpack.security.transport.ssl.enabled: true
xpack.security.transport.ssl.verification_mode: certificate 
xpack.security.transport.ssl.keystore.path: certs/elastic-certificates.p12 
xpack.security.transport.ssl.truststore.path: certs/elastic-certificates.p12
node.max_local_storage_nodes: 2

The problem is that when I start Elasticsearch and execute the command "bin/elasticsearch-setup-passwords interactive", I receive the following error message :

Unexpected response code [403] from calling GET http://127.0.0.1:9200/_security/_authenticate?pretty
It doesn't look like the X-Pack security feature is available on this Elasticsearch node.
Please check if you have installed a license that allows access to X-Pack Security feature.

ERROR: X-Pack Security is not available.

By asking to our common friend Google, I found this topic : Elasticsearch 6.3: X-Pack and remote connection doesn't work where dadoonet explains that the authentification isn't available for basic licenses.

However, when I took a look at elasticsearch subscriptions page, I saw this (I'm sorry the page didn't seems to want to switch in english) :

image
image.png693×487 17.6 KB

English equivalent for the 3 lines about Security :

  • Crypted Communication
  • Role-based access control
  • Native and File-based authentification

So, if Native authentification and Role-based access control are available with a basic license, can't I do what I described earlier ?
And if I can, do you have any clue to resolve my problem ?

Thanks a lot for taking the time to read this, and I'm sorry if my english is a bit approximative :frowning:

2

You need version 6.8, 7.1 or higher for security to be part of basic license.

3

Thanks for the fast answer :slight_smile:

I'm currently using 7.1 version, so I can assume it's ok.

Would you have any idea to help me resolving my error then ?

Thanks again for your help.

4

Thanks @Christian_Dahlqvist

Hi

You are right on both. In 6.3, Security is not in Basic.
We've have made it available from 6.8 and 7.0 in Basic.

Please read this & this blog post which gives you complete details.

5

Thanks a lot !

That's the first time in my life I see such fast answers on a forum ! x)

I'm checking the links you gave me and I hope it'll help me resolving my issue !

6

Hi guys, I come back to you.

So after reading the stuff you linked me, I confirmed that I'm using the 7.1 version of Elasticsearch and that I can theorically use Xpack Security features with a basic license.

But.
I followed the tutorial from the second link you gave me, so I could confirm that I had already done the right steps. I made everything a second time, but in the end I still get the same error when I use the command to define passwords:

Unexpected response code [403] from calling GET http://127.0.0.1:9200/_security/_authenticate?pretty
It doesn't look like the X-Pack security feature is available on this Elasticsearch node.
Please check if you have installed a license that allows access to X-Pack Security feature.

ERROR: X-Pack Security is not available.

I wondered if for an unknown reason, Xpack would not have been installed by default with elasticsearch, so I downloaded the archive, but when I use the install command, the prompt answers me that Xpack is already installed with my elasticsearch version.

7

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.