Kibana LDAP authentication via apache proxy

Hi,

with xpack and TLS for elasticserach + kibana disable i can use ldap authentication via apache. I can login to kibana with my ldap account.

Kibana config:

server.port: 5601
server.host: "myhost"
elasticsearch.hosts: ["http://myhost:9200"]

Apache config:

ProxyPreserveHost On
ProxyRequests On
ProxyPass / http://myhost:5601/
ProxyPassReverse / myhost:5601/

When i enable xpack + TSL for elasticserach , i got login prompt from Kibana but it doest not authenticate me and i am getting this error in kibana log:

{"type":"log","@timestamp":"2022-08-18T08:52:06+00:00","tags":["info","plugins","security","authentication"],"pid":15222,"message":"Authentication attempt failed: {"error":{"root_cause":[{"type":"security_exception","reason":"unable to authenticate user [] for REST request [/_security/_authenticate]","header":{"WWW-Authenticate":["Basic realm=\"security\" charset=\"UTF-8\"","Bearer realm=\"security\"","ApiKey"]}}],"type":"security_exception","reason":"unable to authenticate user [] for REST request [/_security/_authenticate]","header":{"WWW-Authenticate":["Basic realm=\"security\" charset=\"UTF-8\"","Bearer realm=\"security\"","ApiKey"]}},"status":401}"}

and url then looks like this: /login?msg=UNAUTHENTICATED&next=%2Fapp%2Fkibana

Kibana config:

server.port: 5601
server.host: "myhost"
elasticsearch.hosts: ["https://myhost:9200"]
elasticsearch.username: "kibana_system"
elasticsearch.password: "password"
elasticsearch.ssl.certificateAuthorities: [ "/etc/kibana/certs/elasticsearch-ca.pem" ]
server.ssl.enabled: true
server.ssl.certificate: /etc/kibana/certs/myhost.crt
server.ssl.key: /etc/kibana/certs/myhost.key
xpack.encryptedSavedObjects.encryptionKey: 94b33f3aac75ff4de33e0f96d571d2ac1
xpack.reporting.encryptionKey: 5f2e646cb037823edr34af0841fa0e20
xpack.security.encryptionKey: 9024c01f834159c23aew23de5d8fd7d

What is wrong with my confiugration? did i forgot anything? Why ldap authnetication is working with xpack disable and not working with xpack enabled?

Thank you for any hint.

What do you mean by xpack? Do you mean xpack security? If it was disabled, I don't know how you were able to login with ldap.

Yes, xpack.security. By ldap i mean not direct ldap intergration. In my case authentication is done via apache.

You might want to consider elasticsearch's official support of LDAP integration LDAP user authentication | Elasticsearch Guide [8.3] | Elastic

1 Like

Yes, but not with Free version.

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.