Kibana 7.5 disable authentication

Elastic Stack Kibana
1

Hey

I've configured Elasticsearch for Anonymous access which works.
but because of this I can't login inside of my kibana instance is there a way to disable the login auth screen for kibana ?

2

:slight_smile: its not my password but good catch

3

I believe you are running into this issue: https://github.com/elastic/kibana/issues/35613 There are some other related issues: https://github.com/elastic/kibana/issues/18331 https://github.com/elastic/kibana/issues/54023

Reading through all of those, it seems like we are not recommending setting xpack.security.disabled: false in Kibana, but it's possible that that is what you are looking for.

4

these are my setting for kibana.yaml

apiVersion: kibana.k8s.elastic.co/v1beta1
kind: Kibana
metadata:
  name: kibana
spec:
  version: 7.5.1
  count: 1
  elasticsearchRef:
    name: "elasticsearch"
  config:
    #xpack.security.anonymous.enable: true 
    elasticsearch.hosts: http://elasticsearch-es-http.<namespace>.local:9200
    # elasticsearch.username: "jamal"
    # elasticsearch.password: "jamal"
  http:
    tls:
      selfSignedCertificate:
        disabled: true

These are the setting for elasticsearch.yaml

apiVersion: elasticsearch.k8s.elastic.co/v1beta1
kind: Elasticsearch
metadata:
  name: elasticsearch
spec:
  version: 7.5.1
  nodeSets:
  - name: elastic
    count: 3
    volumeClaimTemplates:
    - metadata:
        name: elasticsearch-data
        parameters:
          type: pd-standard
      spec:
        accessModes:
        - ReadWriteOnce
        resources:
          requests:
            storage: 500Gi
        storageClassName: standard
    config:
      node.master: true
      node.data: true
      node.ingest: true
      node.store.allow_mmap: false
      xpack.security.authc: 
          anonymous:
            username: elastic
            roles: superuser, kibana_user
            authz_exception: false
  http:
    tls:
      selfSignedCertificate:
        disabled: true

but I can't login with any of the passwords ? even after I create a new user in elasticsearch with role kibana_user

kibana doesn't allow you to authenticate the newly created user ?

5

xpack.security.anonymous.enable: true
this configuration is not actually valid and it doesn't work

6

I'm going to ask some of the folks who work on this to take a look. Please change your password as you've pasted it here.

7

Okay, got some more clarity.

As a workaround, we generally recommend that users configure a reverse-proxy that hard-codes a username/password in the Authorization header so when accessing Kibana via the reverse-proxy they're automatically authenticated and can continue to use the user/role management screens and all of the other Kibana RBAC work

It seems like you're using the K8s operator, which might be why you can't disable the the security plugin. You may need to use a reverse proxy as suggested here.

8

sounds good two things

there's an optional flag in the kibana.yaml file
xpack.security.enabled: false

I'm guessing this is not valid cause I'm using the operator

At the end I don't want to authenticate whenever I'm making request to elasticsearch is there a way to only allow authentication from kibana and not from logstash

Unidirectional instead bidirectional

auth kibana ----> elasticsearch ----> no auth <----- logstash

9

If you don't use our official operator, you would be allowed to remove the security requirement. This is a leading source of unintentional data breaches due to having publicly available ES endpoints.

10

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.