Kibana not loading after providing credential, It is coming back to login page itself

I have setup my ELK stack kibana instance in Azure kubernetes. I have exposed my kibana service to external load balancer and accessing the load balancer service using DNS from NGINX ingress.

I have tried accessing elastic search endpoint using below cmd , it is giving me resopnse
curl --cacert tls.crt -u elastic:$PW https://:9200$NAME-es-http/

After clearing browser cache (I tried in both chrome and edge latest version browser)

When i try to hit the DNS

Welcome to Elastic page is loading correctly without any console error.

Then after i tried logging in using the username -elastic and corresponding generated password.

it again downloading some 21.5 MB resource in console again showing the same login page to enter credential.

Please help me to solve this

What version of Chrome and what version of the stack you are using?
Can you try in an incognito window /any other browser ? Do the logs say anything ?

My chrome version is Version 89.0.4389.82 (Official Build) (64-bit)

I also tried in incognito window same problem.

I checked kibana pod log also no errors.

As suggested in another discussion i have used
xpack.security.sameSiteCookies : None

under my config section of my kibana yaml

That gives me internal server down so i removed it.

What do the kibana logs say ?
Can you try in Firefox ?

Kibana pod log is continuously generating not able track the logs.

Is anyother place i need to check the log for kubernetes pod ??

only error we are getting is in UI "Your browser does not meet the security requirements for Kibana."

And we also tried in firefox same issue,

In console alone we are getting below warning

Below message we got in kibana pod looks suspicious.

{"type":"response","@timestamp":"2021-03-13T07:46:03Z","tags":,"pid":7,"method":"post","statusCode":401,"req":{"url":"/internal/security/login","method":"post","headers":{"host":"xxx-dev-xxx.xxxxx.com","x-real-ip":"xx.x.x.xx","x-forwarded-for":"xx.0.5.xx","x-forwarded-host":"xxxx-dev-xx.xxx.com","x-forwarded-port":"443","x-forwarded-proto":"https","connection":"close","content-length":"190","sec-ch-ua":""Google Chrome";v="89", "Chromium";v="89", ";Not A Brand";v="99"","sec-ch-ua-mobile":"?0","user-agent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.82 Safari/537.36 managedpc (xxxxxxx)","kbn-version":"7.10.1","content-type":"application/json","accept":"/","origin":"https://xxxxx-dev-xx.xxxx.com","sec-fetch-site":"same-origin","sec-fetch-mode":"cors","sec-fetch-dest":"empty","referer":"https://xxxx-dev-xx.xxxx.com/login?next=%2F","accept-encoding":"gzip, deflate, br","accept-language":"en-US,en;q=0.9"},"remoteAddress":"xx.0.5.xx","userAgent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.82 Safari/537.36 managedpc (xxxxxxx)","referer":"https://xx-dev-xx.xxxx.com/login?next=%2F"},"res":{"statusCode":401,"responseTime":24,"contentLength":9},"message":"POST /internal/security/login 401 24ms - 9.0B"}

Kibana shows this message if a browser doesn't support content-security-policy . Which shouldn't be a problem for all the modern browsers except IE11.

Do you have a proxy in front of Kibana that could affect set CSP headers?
More details: Provide a doc link to IE 11 users when showing "Your browser does not meet the security requirements.." · Issue #38781 · elastic/kibana · GitHub

Thanks
Rashmi

yes we have defined below set of proxy rules,

annotations:
kubernetes.io/ingress.class: nginx
nginx.org/client-max-body-size: 4m
nginx.org/proxy-connect-timeout: 30s
nginx.org/proxy-read-timeout: 20s
#nginx.ingress.kubernetes.io/backend-protocol: "HTTPS"
#nginx.org/redirect-to-https: "True"
#ingress.kubernetes.io/ssl-redirect: "True"
nginx.org/server-snippets: |
add_header X-Frame-Options SAMEORIGIN always;
add_header X-Content-Type-Options nosniff always;
add_header Cache-Control "private, max-age=31536000" always;
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
add_header Content-Security-Policy "default-src 'self' 'unsafe-inline' 'unsafe-eval'; connect-src https://.XXX.com https://.elastic.co https://grafana.com 'unsafe-inline' blob:; worker-src https://*.XXX.com 'unsafe-inline' blob:; img-src 'self' data:; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval' ; font-src 'self' data:; block-all-mixed-content; upgrade-insecure-requests" always;
add_header X-XSS-Protection "1; mode=block" always;
location = /robots.txt {
return 200 "User-agent: *\nDisallow: /\n";
}

nginx.org/location-snippets: |
  proxy_hide_header Cache-Control;
  proxy_hide_header Content-Security-Policy;

pls let me know if above headers are blocking anything

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.