Kibana 6.4 prompting basic authentication after upgrading ELK stack from 5.6 to 6.4

preddy75 · January 21, 2019, 4:21pm

Hi,

We have a large Kubernetes setup that uses ELK for logging. Filebeat->Logstash->Elasticsearch->Kibana (searchguard turned on).

After upgrading Elasticsearch to 6.4 from 5.6 (Kibana still at 5.6) Kibana started prompting us for basic authentication information in an execution path that used to utilize header information from successful login from corporate login page.

Then we turned on KIbana 6.4 and got same behavior. This makes us think that it is Elasticsearch is causing this. I posted our Searchguard plugin configuration below, the Elasticsearch searchguard configuration, and our Kibana configuration (unchanged from version upgrades).

If anyone can shed light it would be greatly appreciated, we have been looking at this for a few days and are stumped.

 ----------------------------------

 Searchguard plugin config:

searchguard:
dynamic:
http:
xff:
enabled: false
internalProxies: 192.168.0.10|192.168.0.11
remoteIpHeader: "x-forwarded-for"
proxiesHeader: "x-forwarded-by"
trustedProxies: "proxy1|proxy2"
authc:
authenticaton_internal:
enabled: true
order: 0
authentication_backend:
type: internal
http_authenticator:
type: basic
authentication_gl:
enabled: true
order: 1
authentication_backend:
type: com.proprietary.searchguard.auth.oursauthstuff.GlobalLoginAuthenticationBackend
http_authenticator:
type: com.proprietary.searchguard.auth.oursauthstuff.HTTPGlobalLoginAuthenticator
authentication_ourauthstuff:
enabled: true
order: 2
authentication_backend:
type: com.proprietary.searchguard.auth.oursauthstuff.OurAuthenticationBackend
http_authenticator:
type: basic
authz:
authorization_ourauthstuff:
enabled: true
order: 0
authorization_backend:
type: com.proprietary.searchguard.auth.oursauthstuff.K8sOurStuffAuthorizationBackend

------------------------------

Searchguard configuration on Elasticsearch nodes


elasticsearch.yml: |
cluster.name: mycluster
node:
  name: ${HOSTNAME}
  master: false
  data: true
  ingest: ${INGEST_NODE:true}
  max_local_storage_nodes: 1
network:
  host: 0.0.0.0

path:
  data: /usr/share/elasticsearch/data
  logs: /usr/share/elasticsearch/logs

bootstrap:
  memory_lock: true
  system_call_filter: false

http:
  enabled: true
  compression: true
  cors:
    enabled: false
  port: 9200

transport:
  tcp:
    port: 9300

discovery.zen:
  minimum_master_nodes: 3
  ping_timeout: 3s
  ping.unicast.hosts: "elasticsearch-discovery-internal-svc.ourstuff"

# Disable X-Pack components
xpack.security.enabled: false
xpack.watcher.enabled: false
xpack.ml.enabled: false
xpack.graph.enabled: false

thread_pool:
  bulk:
    queue_size: 600

#SGAAF Config
searchguard:
  enterprise_modules_enabled: false
  ssl:
    transport:
      enable_openssl_if_available: true
      enabled: true
      keystore_type: JKS
      keystore_filepath: <keystore path -- removed for posting>
      keystore_password: ${KEYSTORE_PASSWORD}
      truststore_type: JKS
      truststore_filepath: <truststore path -- removed for posting>
      truststore_password: ${TRUSTSTORE_PASSWORD}
      enforce_hostname_verification: false
    http:
      enable_openssl_if_available: true
      enabled: true
      keystore_type: JKS
      keystore_filepath: <keystore path -- removed for posting>
      keystore_password: ${KEYSTORE_PASSWORD}
      truststore_type: JKS
      truststore_filepath: <truststore path -- removed for posting>
      truststore_password: ${TRUSTSTORE_PASSWORD}

  # Admin users
  authcz.admin_dn:
  - <removed for posting>

Below is our kibana.yml configuration (cleansed for this post):

server:
  host: "0.0.0.0"
  name: kibana
  basePath: "/kibana"

xpack.reporting.encryptionKey: <removed for posting>

xpack.apm.ui.enabled: false
xpack.grokdebugger.enabled: false
xpack.searchprofiler.enabled: false
  
xpack.security.enabled: false
xpack.graph.enabled: false
xpack.ml.enabled: false
xpack.watcher.enabled: false

searchguard.basicauth.login.title: "Kibana Login"
searchguard.basicauth.login.subtitle: "Please enter your Global Login credentials."

elasticsearch:
  url: "https://elasticsearch-http-internal-svc.com-ourstuff-elkpaas:9200"
  preserveHost: true
  ssl:
    verificationMode: none
  requestTimeout: 3000000
  pingTimeout: 3000000
  requestHeadersWhitelist: ['authorization', 'cookie']

kibana:
  index: ".kibana"
  defaultAppId: "discover"

ops.interval: 5000
console.enabled: false

bhavyarm · January 21, 2019, 4:29pm

Hello,

I am not sure how searchguard works.

These are upgrade docs: https://www.elastic.co/guide/en/elastic-stack/current/upgrading-elastic-stack.html

We also need to generate passwords: https://www.elastic.co/guide/en/elasticsearch/reference/current/setup-passwords.html

Please note searchguard is a commercial independent plugin and we don't support it.

Thanks,
Bhavya

preddy75 · January 21, 2019, 5:34pm

Thank you. Looking at this now, but we have passwords generated for all elk components. Having a look at the links you posted.

system · February 18, 2019, 5:34pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.