Kibana doesn’t work authentication with Shield


(munees) #1

I have installed and configured ELK (Elasticsearch2.2.0, Logstash2.2.2, and kibana-4.4.1-windows) and updated Elasticsearch with shield plugin to enable authentication. I have craeted new role and user in order to restrict access to specific user to access specific indices. But I got an error that says:

Error: [index_not_found_exception] no such index, with: {"index":"[logstash-*]"}
ErrorAbstract@http://localhost:5601/bundles/kibana.bundle.js?v=9693:74977:20
StatusCodeError@http://localhost:5601/bundles/kibana.bundle.js?v=9693:75139:6
respond@http://localhost:5601/bundles/kibana.bundle.js?v=9693:76344:16
checkRespForFailure@http://localhost:5601/bundles/kibana.bundle.js?v=9693:76307:8
[24]</AngularConnector.prototype.request/<@http://localhost:5601/bundles/kibana.bundle.js?v=9693:74925:8
processQueue@http://localhost:5601/bundles/commons.bundle.js?v=9693:42357:29
scheduleProcessQueue/<@http://localhost:5601/bundles/commons.bundle.js?v=9693:42373:28
$RootScopeProvider/this.$get</Scope.prototype.$eval@http://localhost:5601/bundles/commons.bundle.js?v=9693:43601:17
$RootScopeProvider/this.$get</Scope.prototype.$digest@http://localhost:5601/bundles/commons.bundle.js?v=9693:43412:16
$RootScopeProvider/this.$get</Scope.prototype.$apply@http://localhost:5601/bundles/commons.bundle.js?v=9693:43709:14
done@http://localhost:5601/bundles/commons.bundle.js?v=9693:38158:37
completeRequest@http://localhost:5601/bundles/commons.bundle.js?v=9693:38356:8
requestLoaded@http://localhost:5601/bundles/commons.bundle.js?v=9693:38297:1

There is no problem when accessing with admin account. This is the roles.yml file

stature:
  cluster: 
      - cluster:monitor/nodes/info
      - cluster:monitor/health 
  indices:
    'logstashstature':
      privileges: indices:admin/mappings/fields/get, indices:admin/validate/query, indices:data/read/search, indices:data/read/msearch, indices:data/read/field_stats, indices:admin/get
    '.kibana':
      privileges: indices:admin/exists, indices:admin/mapping/put, indices:admin/mappings/fields/get, indices:admin/refresh, indices:admin/validate/query, indices:data/read/get, indices:data/read/mget, indices:data/read/search, indices:data/write/delete, indices:data/write/index, indices:data/write/update

(Krushnat Khawale) #2

Your stack trace says, INDEX NOT FOUND. Its not security error.


(munees) #3

Actually i have index with index names using * as a wildcard (e.g. logstash-2015.12.21) and also a index with name 'logstashstature' . I created role for accessing that index only (roles.yml).
There is no problem when logging kibana with a user has admin role.


(Krushnat Khawale) #4

@munees But the index clearly says,

To figure it out, create a index starts with logstash- and then try login.


(Josh Star Long) #5

The error you are having is because your configured role is not having access to the default index which is logstash-. I have been playing around with kibana and I noticed that in addition to the .kibana index all users must have access to the index logstash-.
Try sometime like this:

logstashstature:
cluster:
- cluster:monitor/nodes/info
- cluster:monitor/health
indices:
'logstashstature':
privileges: all
'.kibana':
privileges: all
'logstash-*':
privileges: all

Then create a user on shield with the role logstashstature
That is esusers useradd munees -r logstashstature -p passwordofmunees
Sorry I have updated my answer. The roles has to be logstashstature in the roles.yml file of kibana.


(munees) #6

I have made this change. now i got new error message on the top of kibana discover window
that says:

Discover: [security_exception] action [indices:data/read/msearch] is unauthorized for user [statureuser]


(munees) #7

my role name is just stature, is there any need to change that to logstashstature


(Josh Star Long) #8

I have updated my answer please take a look on the changes.


(munees) #9

The same error is still exist

Discover: [security_exception] action [indices:data/read/msearch] is unauthorized for user [munees]


(Josh Star Long) #10

What are your configuration?


(munees) #11

means?


(Josh Star Long) #12

I means please provide all the configurations that you did.


(munees) #13

I just added the role in roles.yml and added user with the role using esusers


(Josh Star Long) #14

Does the user munees has priviledges for data/read/msearch on all the indices which are in his roles.
that is for the index logstashstucture, .kibana and logstash-*?


(munees) #15

already updated privileges: all on all the indices. with the same settings

logstashstature: cluster: - cluster:monitor/nodes/info - cluster:monitor/health indices: 'logstashstature': privileges: all '.kibana': privileges: all 'logstash-*': privileges: all


(Josh Star Long) #16

Try changing the name of your index maybe the issue is because the name of the index is the same as that of the role. That is change logstashstature to logstashindex.
Then make sure the index logstashindex exist in elasticsearch.
Login and query that index.


(munees) #17

changed indexname and role name to different.The same error is still exist.


(Krushnat Khawale) #18

Use following permissions,

user_testuser1: 
  indices: 
    'user_testuser1*': 
      privileges: all  
    '.kibana': 
      privileges:  indices:admin/create, indices:admin/exists, indices:admin/mapping/put, indices:admin/mappings/fields/get, indices:admin/refresh, indices:admin/validate/query, indices:data/read/get, indices:data/read/mget, indices:data/read/search, indices:data/write/delete, indices:data/write/index, indices:data/write/update

(system) #19