Kibana OSS ERROR: missing authentication credentials for REST request

Elastic Stack Kibana
1

Hello,

I have the problem that I can’t use Kibana OSS if my Elasticsearch is protected with basic authentication. I wanted to use the Kibana OSS version and figured out that in version 7.6.2 it was still working but with 7.7.0 and higher I get an error message:

kibana[85674]: {"type":"log","@timestamp":"2020-07-28T06:03:29Z","tags":["error","http"],"pid":85674,"message":"{ [security_exception] missing authentication credentials for REST request [/.kibana/_doc/config%3A7.7.0], with { header={ WWW-Authenticate=\"Basic realm=\\\"security\\\" charset=\\\"UTF-8\\\"\" } } :: {\"path\":\"/.kibana/_doc/config%3A7.7.0\",\"query\":{},\"statusCode\":401,\"response\":\"{\\\"error\\\":{\\\"root_cause\\\":[{\\\"type\\\":\\\"security_exception\\\",\\\"reason\\\":\\\"missing authentication credentials for REST request [/.kibana/_doc/config%3A7.7.0]\\\",\\\"header\\\":{\\\"WWW-Authenticate\\\":\\\"Basic realm=\\\\\\\"security\\\\\\\" charset=\\\\\\\"UTF-8\\\\\\\"\\\"}}],\\\"type\\\":\\\"security_exception\\\",\\\"reason\\\":\\\"missing authentication credentials for REST request [/.kibana/_doc/config%3A7.7.0]\\\",\\\"header\\\":{\\\"WWW-Authenticate\\\":\\\"Basic realm=\\\\\\\"security\\\\\\\" charset=\\\\\\\"UTF-8\\\\\\\"\\\"}},\\\"status\\\":401}\",\"wwwAuthenticateDirective\":\"Basic realm=\\\"security\\\" charset=\\\"UTF-8\\\"\"}\n at respond (/usr/share/kibana/node_modules/elasticsearch/src/lib/transport.js:349:15)\n at checkRespForFailure (/usr/share/kibana/node_modules/elasticsearch/src/lib/transport.js:306:7)\n at HttpConnector.<anonymous> (/usr/share/kibana/node_modules/elasticsearch/src/lib/connectors/http.js:173:7)\n at IncomingMessage.wrapper (/usr/share/kibana/node_modules/elasticsearch/node_modules/lodash/lodash.js:4929:19)\n at IncomingMessage.emit (events.js:203:15)\n at endReadableNT (_stream_readable.js:1145:12)\n at process._tickCallback (internal/process/next_tick.js:63:19)\n status: 401,\n displayName: 'AuthenticationException',\n message:\n '[security_exception] missing authentication credentials for REST request [/.kibana/_doc/config%3A7.7.0], with { header={ WWW-Authenticate=\"Basic realm=\\\\\"security\\\\\" charset=\\\\\"UTF-8\\\\\"\" } }',\n path: '/.kibana/_doc/config%3A7.7.0',\n query: {},\n body:\n { error:\n { root_cause: [Array],\n type: 'security_exception',\n reason:\n 'missing authentication credentials for REST request [/.kibana/_doc/config%3A7.7.0]',\n header: [Object] },\n status: 401 },\n statusCode: 401,\n response:\n '{\"error\":{\"root_cause\":[{\"type\":\"security_exception\",\"reason\":\"missing authentication credentials for REST request [/.kibana/_doc/config%3A7.7.0]\",\"header\":{\"WWW-Authenticate\":\"Basic realm=\\\\\"security\\\\\" charset=\\\\\"UTF-8\\\\\"\"}}],\"type\":\"security_exception\",\"reason\":\"missing authentication credentials for REST request [/.kibana/_doc/config%3A7.7.0]\",\"header\":{\"WWW-Authenticate\":\"Basic realm=\\\\\"security\\\\\" charset=\\\\\"UTF-8\\\\\"\"}},\"status\":401}',\n wwwAuthenticateDirective: 'Basic realm=\"security\" charset=\"UTF-8\"',\n toString: [Function],\n toJSON: [Function],\n isBoom: true,\n isServer: false,\n data: null,\n output:\n { statusCode: 401,\n payload:\n { statusCode: 401,\n error: 'Unauthorized',\n message:\n '[security_exception] missing authentication credentials for REST request [/.kibana/_doc/config%3A7.7.0], with { header={ WWW-Authenticate=\"Basic realm=\\\\\"security\\\\\" charset=\\\\\"UTF-8\\\\\"\" } }' },\n headers:\n { 'WWW-Authenticate': 'Basic realm=\"security\" charset=\"UTF-8\"' } },\n reformat: [Function],\n [Symbol(ElasticsearchError)]: 'Elasticsearch/notAuthorized',\n [Symbol(SavedObjectsClientErrorCode)]: 'SavedObjectsClient/notAuthorized' }"}

After that I tried the “normal” Kibana release and it works fine.
Do I miss anything? I looked in to the release notes but didn’t find anything.

Logstash-Version: 7.8.0
Elasticsearch-Version: 7.8.0

1 Like
2

User authentication is only available in the default distribution. You should always run the default distributions of Kibana and Elasticsearch, and not mix the two.

3

I don't know if I understand you correctly, do you mean it is not supported in the Kibana OSS release?

Because I thought the Kibana OSS release is like the Kibana release out of the repro but with only the open source code and without the non-free features...
You even have the settings for the user authentication in the kibana.yml file.

4

There's no code in Kibana OSS to implement the authentication methods, but Elasticsearch is still expecting authentication. Hence you get the error because Kibana cannot talk to Elasticsearch correctly.

5

So it will only work with the Kibana version out of the default distribution?

If I install only the OSS versions of the software, could I get the authentication running there or is this a feature only of the standard version?

6

Authentication is only part of the default distribution, yes.

7

Ok, thanks a lot for the help :smiley:

8

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.