Kibana Docker Login issues

I seem to be having a redirect issue with my kibana's login page on my elk stack. Below is my yml for the docker-compose.
After starting this up I added myself as a user on the elasticsearch api and the user exists.
When I go to host:5601 it redirects to http://host:5601/login?next=%2F#?_g=() for login and if I try login into my account or the elastic superuser account it opens the loading and just reopens the login page, implying there was no login error as this doesn't appear.
I assume the next query parameter needs something specific there but:

  1. how do I have it default to that for other users?
  2. what should it be?
version: '2'
services:
  elasticsearch:
    image: docker.elastic.co/elasticsearch/elasticsearch:7.2.0
    container_name: elasticsearch
    environment:
      - cluster.name=docker-cluster
      - discovery.type=single-node
      - "ES_JAVA_OPTS=-Xms512m -Xmx512m"
      - xpack.security.enabled=true
      - xpack.security.audit.enabled=true
      - ELASTIC_USERNAME=elastic
      - ELASTIC_PASSWORD=<>
    ports:
      - 9200:9200
      - 9300:9300
    volumes:
      - /med/General/joji/data:/usr/share/elasticsearch/data
    networks: 
      - elk001
  kibana:
    image: docker.elastic.co/kibana/kibana:7.2.0
    container_name: kibana
    environment:
      - ELASTICSEARCH_HOSTS=http://elasticsearch:9200
      - "ES_JAVA_OPTS=-Xms512m -Xmx512m"
      - XPACK_SECURITY_ENABLED=true
      - ELASTICSEARCH_USERNAME=elastic
      - ELASTICSEARCH_PASSWORD=<>
    depends_on: 
      - elasticsearch
    ports:
      - 5601:5601
    networks: 
      - elkjoji
networks:
  elk001:
    driver: bridge

Do you see any errors in the browser console?

Can you share a HAR capture of all the network requests when you try to login? (Beware that the password will be visible in the capture so be sure to rotate it).

Hi Rudolf,

So there is the following error on loading:

login?next=%2Fapp%2Fkibana:372 Refused to execute inline script because it violates the following Content Security Policy directive: "script-src 'unsafe-eval' 'nonce-afKRNyqCvmYiJXwJ'". Either the 'unsafe-inline' keyword, a hash ('sha256-SHHSeLc0bp6xt4BoVVyUy+3IbVqp3ujLaR+s+kSP5UI='), or a nonce ('nonce-...') is required to enable inline execution.

but right below it is the bootstrap library:

^ A single error about an inline script not firing due to content security policy is expected!

I then tried to login as the elastic user (HAR for that attempt)

I had created a new user using just the elastic api called temp and assigned it the superuser and kibana_system roles. For that user login attempt I first tried to login with an incorrect password and then with the correct password (HAR file).

I had discounted the exception the first time around given that bootstrap gave the warning but maybe that is the issue?

As the log suggests, a single error is expected.

From your HAR capture It doesn't even look like your browser is sending the login credentials to the Kibana server, did you maybe stop recording before pressing "login"?

I noticed you didn't set a cookie encryption secret so you can try specifying xpack.security.encryptionKey="something_at_least_32_characters"

Can you share the Kibana server logs?

I don't think so as I clicked record and then moved directly to keyboard entered details and hit enter and then used the mouse to switch off recording to ensure it caught the entire process, but I do notice the first 401 attempt doesn't show.
So I did a similar procedure:

  1. a normal attempt with correct password
  2. a purposeful 401 attempt.

The kibana docker logs do seem to indicate the request doesn't really come through. If you want other logs just tell me which ones and if possible where they are in the container.

I did see the option for the encryption key, but was just trying to get the user system to work first. Took me a while to piece together the yaml configs this far and then I hit this issue.

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.