Kibana-Authentication attempt failed: UNEXPECTED_SESSION_ERROR(using basic and anonymous auth)

Hello All,

I've a requirement where in while user will login to kibana then it should always ask username and password to login and I have custom webui which has integrated dashboards from kibana using iframe and here in custom webui the user should not be asked any crentials -for this I have used anonymous user.
Below is my kibana.yml config and by this I 'm able to achieve above two requirements i.e
1)login to kibana page- Ask always username and password(basic auth)
2)login to custom webui-Dont prompt any credentials to authenticate and direct login (anonymous user)

After few minutes both from kibana and web ui i get : An unexpected authentication error occurred. Please log in again.
I am not sure how to resolve this. Below is the image attached which happens after every few minutes(ex after 20 min the user is logged out with below error, also below are the logs from kibana)

KIBANA 8.8.2
Plz help understand how to rectify or am I doing something wrong ?

kibana.yml used:

server.name: mis
elasticsearch.hosts:
- https://abc:443
elasticsearch.ssl.certificateAuthorities: '/p/data/cert/ece_proxy_root_ca.pem'
elasticsearch.ssl.verificationMode: none
server.port: 5601
server.host: abc
logging.appenders.default:
  type: file
  fileName: /p/app/mis/kibana/kibana-8.8.2/logs/kibana.log
  layout:
    type: pattern
server.publicBaseUrl: http://abc:5601
elasticsearch.username: my_user
elasticsearch.password: ${elasticsearch.password}
xpack.security.authc.providers.basic.basic1.order: 0
xpack.security.authc.providers.anonymous.kibana_default_user.order: 1
xpack.security.authc.selector.enabled: false
xpack.security.authc.providers.anonymous.kibana_default_user.credentials.username: my_user
xpack.security.authc.providers.anonymous.kibana_default_user.credentials.password: ${xpack.security.authc.providers.anonymous.kibana_default_user.credentials.password}

kibana.log for above kibana.yml

[2023-08-29T09:28:34.313+02:00][ERROR][plugins.fleet] Failed to fetch latest version of synthetics from registry: Error connecting to package registry: request to https://epr.elastic.co/search?package=synthetics&prerelease=true&kibana.version=8.8.2 failed, reason: getaddrinfo ENOTFOUND epr.elastic.co
[2023-08-29T09:28:34.361+02:00][INFO ][plugins.synthetics] Installed synthetics index templates
[2023-08-29T09:28:35.893+02:00][INFO ][plugins.ml] Task ML:saved-objects-sync-task: No ML saved objects in need of synchronization
[2023-08-29T09:28:38.609+02:00][INFO ][status] Kibana is now available (was degraded)
[2023-08-29T09:30:45.782+02:00][INFO ][plugins.security.routes] Logging in with provider "basic1" (basic)
[2023-08-29T09:35:48.216+02:00][INFO ][plugins.security.authentication] Authentication attempt failed: UNEXPECTED_SESSION_ERROR
[2023-08-29T09:35:48.227+02:00][INFO ][plugins.security.authentication] Authentication attempt failed: UNEXPECTED_SESSION_ERROR
[2023-08-29T09:35:57.238+02:00][INFO ][plugins.security.authentication] Authentication attempt failed: UNEXPECTED_SESSION_ERROR
[2023-08-29T09:37:48.958+02:00][INFO ][plugins.security.authentication] Authentication attempt failed: UNEXPECTED_SESSION_ERROR
[2023-08-29T09:38:24.715+02:00][INFO ][plugins.security.routes] Logging in with provider "basic1" (basic)
[2023-08-29T09:41:18.861+02:00][INFO ][plugins.security.routes] Logging in with provider "basic1" (basic)
[2023-08-29T09:45:54.905+02:00][INFO ][plugins.security.routes] Logging in with provider "basic1" (basic)
[2023-08-29T09:46:08.822+02:00][INFO ][plugins.security.routes] Logging in with provider "basic1" (basic)
[2023-08-29T09:49:39.525+02:00][INFO ][plugins.security.routes] Logging in with provider "basic1" (basic)
[2023-08-29T09:52:55.554+02:00][INFO ][plugins.security.routes] Logging in with provider "basic1" (basic)
[2023-08-29T09:55:57.877+02:00][INFO ][plugins.security.routes] Logging in with provider "basic1" (basic)
[2023-08-29T10:01:52.724+02:00][INFO ][plugins.security.routes] Logging in with provider "basic1" (basic)
[2023-08-29T10:14:25.521+02:00][INFO ][plugins.security.routes] Logging in with provider "basic1" (basic)
[2023-08-29T10:16:22.261+02:00][INFO ][plugins.security.routes] Logging in with provider "basic1" (basic)
[2023-08-29T10:20:29.181+02:00][INFO ][plugins.security.routes] Logging in with provider "basic1" (basic)
[2023-08-29T10:28:36.216+02:00][INFO ][plugins.ml] Task ML:saved-objects-sync-task: No ML saved objects in need of synchronization
[2023-08-29T10:41:31.393+02:00][INFO ][plugins.security.authentication] Authentication attempt failed: UNEXPECTED_SESSION_ERROR
[2023-08-29T10:59:52.193+02:00][INFO ][plugins.security.routes] Logging in with provider "basic1" (basic)
[2023-08-29T11:10:12.459+02:00][INFO ][plugins.fleet] Fleet Usage: {"agents_enabled":true,"agents":{"total_enrolled":0,"healthy":0,"unhealthy":0,"offline":0,"inactive":0,"unenrolled":0,"total_all_statuses":0,"updating":0},"fleet_server":{"total_enrolled":0,"healthy":0,"unhealthy":0,"offline":0,"updating":0,"total_all_statuses":0,"num_host_urls":1}}
[2023-08-29T11:10:52.022+02:00][INFO ][plugins.security.routes] Logging in with provider "basic1" (basic)
[2023-08-29T11:28:36.541+02:00][INFO ][plugins.ml] Task ML:saved-objects-sync-task: No ML saved objects in need of synchronization
[2023-08-29T11:35:38.948+02:00][INFO ][plugins.security.authentication] Authentication attempt failed: UNEXPECTED_SESSION_ERROR
[2023-08-29T11:40:51.661+02:00][INFO ][plugins.security.routes] Logging in with provider "basic1" (basic)
[2023-08-29T12:28:36.775+02:00][INFO ][plugins.ml] Task ML:saved-objects-sync-task: No ML saved objects in need of synchronization
[2023-08-29T12:49:01.347+02:00][INFO ][plugins.security.authentication] Authentication attempt failed: UNEXPECTED_SESSION_ERROR
[2023-08-29T13:25:16.283+02:00][INFO ][plugins.fleet] Fleet Usage: {"agents_enabled":true,"agents":{"total_enrolled":0,"healthy":0,"unhealthy":0,"offline":0,"inactive":0,"unenrolled":0,"total_all_statuses":0,"updating":0},"fleet_server":{"total_enrolled":0,"healthy":0,"unhealthy":0,"offline":0,"updating":0,"total_all_statuses":0,"num_host_urls":1}}
[2023-08-29T13:28:37.166+02:00][INFO ][plugins.ml] Task ML:saved-objects-sync-task: No ML saved objects in need of synchronization
[2023-08-29T13:35:40.011+02:00][INFO ][plugins.fleet] Running Fleet Usage telemetry send task
[2023-08-29T13:55:16.413+02:00][INFO ][plugins.fleet] Fleet Usage: {"agents_enabled":true,"agents":{"total_enrolled":0,"healthy":0,"unhealthy":0,"offline":0,"inactive":0,"unenrolled":0,"total_all_statuses":0,"updating":0},"fleet_server":{"total_enrolled":0,"healthy":0,"unhealthy":0,"offline":0,"updating":0,"total_all_statuses":0,"num_host_urls":1}}
[2023-08-29T14:28:37.375+02:00][INFO ][plugins.ml] Task ML:saved-objects-sync-task: No ML saved objects in need of synchronization
[2023-08-29T14:35:40.276+02:00][INFO ][plugins.fleet] Running Fleet Usage telemetry send task
[2023-08-29T15:23:47.206+02:00][INFO ][plugins.security.routes] Logging in with provider "basic1" (basic)
[2023-08-29T15:35:40.521+02:00][INFO ][plugins.fleet] Running Fleet Usage telemetry send task
[2023-08-29T16:28:37.946+02:00][INFO ][plugins.ml] Task ML:saved-objects-sync-task: No ML saved objects in need of synchronization

Also note :I am using keystore to not show credentials and in last line in kibana.yml i.e
xpack.security.authc.providers.anonymous.kibana_default_user.credentials.password--- I want to use ${elasticsearch.password} i.e (xpack.security.authc.providers.anonymous.kibana_default_user.credentials.password:${elasticsearch.password) ,as my password is same for both basic and anonymous so i want to use ${elasticsearch.password} both places(basic and anonymous).......But if I configure with this value i.e(xpack.security.authc.providers.anonymous.kibana_default_user.credentials.password:${elasticsearch.password)....My kibana dont start hence I tried creating -xpack.security.authc.providers.anonymous.kibana_default_user.credentials.password: ${xpack.security.authc.providers.anonymous.kibana_default_user.credentials.password}, and with this kibana start but I keep on getting below errors in kibana after few minutes and user logout happens
([2023-08-29T09:30:45.782+02:00][INFO ][plugins.security.routes] Logging in with provider "basic1" (basic)
[2023-08-29T09:35:48.216+02:00][INFO ][plugins.security.authentication] Authentication attempt failed: UNEXPECTED_SESSION_ERROR)

With above kibana.yml:
Successfully able to login in custom web ui without need of authentication(anonymous user), now when I try to login kibana page i get below image, on click of that able to login kibana also. With all this settings I get -Authentication attempt failed: UNEXPECTED_SESSION_ERROR) after few minutes in both custom web ui and kibana page and again need to put credentials and same cycle continue after every few minutes :neutral_face:

Can someone please help here as unable to understand what exactly can be reason and how to best handle this?
Logs also don't provide much info to proceed further.

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.