Hi,
with xpack and TLS for elasticserach + kibana disable i can use ldap authentication via apache. I can login to kibana with my ldap account.
Kibana config:
server.port: 5601
server.host: "myhost"
elasticsearch.hosts: ["http://myhost:9200"]
Apache config:
ProxyPreserveHost On
ProxyRequests On
ProxyPass / http://myhost:5601/
ProxyPassReverse / myhost:5601/
When i enable xpack + TSL for elasticserach , i got login prompt from Kibana but it doest not authenticate me and i am getting this error in kibana log:
{"type":"log","@timestamp":"2022-08-18T08:52:06+00:00","tags":["info","plugins","security","authentication"],"pid":15222,"message":"Authentication attempt failed: {"error":{"root_cause":[{"type":"security_exception","reason":"unable to authenticate user [] for REST request [/_security/_authenticate]","header":{"WWW-Authenticate":["Basic realm=\"security\" charset=\"UTF-8\"","Bearer realm=\"security\"","ApiKey"]}}],"type":"security_exception","reason":"unable to authenticate user [] for REST request [/_security/_authenticate]","header":{"WWW-Authenticate":["Basic realm=\"security\" charset=\"UTF-8\"","Bearer realm=\"security\"","ApiKey"]}},"status":401}"}
and url then looks like this: /login?msg=UNAUTHENTICATED&next=%2Fapp%2Fkibana
Kibana config:
server.port: 5601
server.host: "myhost"
elasticsearch.hosts: ["https://myhost:9200"]
elasticsearch.username: "kibana_system"
elasticsearch.password: "password"
elasticsearch.ssl.certificateAuthorities: [ "/etc/kibana/certs/elasticsearch-ca.pem" ]
server.ssl.enabled: true
server.ssl.certificate: /etc/kibana/certs/myhost.crt
server.ssl.key: /etc/kibana/certs/myhost.key
xpack.encryptedSavedObjects.encryptionKey: 94b33f3aac75ff4de33e0f96d571d2ac1
xpack.reporting.encryptionKey: 5f2e646cb037823edr34af0841fa0e20
xpack.security.encryptionKey: 9024c01f834159c23aew23de5d8fd7d
What is wrong with my confiugration? did i forgot anything? Why ldap authnetication is working with xpack disable and not working with xpack enabled?
Thank you for any hint.