Hello,
I'm trying to create authentication page before accessing Kibana index page,
then access kibana's fonctionnalities (get, delete, update dashboards...) depending on wich role the user have.
I looked on the "Kibana's shields" guide for creating users and roles on Kibana 4
but i don't understand how to do it or wich conf files to update??
Shield is an Elasticsearch plugin, so to configure users and roles, you have to do that in the Elasticsearch config/shield directory (e.g. roles.yml). The Shield guide talks about how to configure users and roles in detail, for instance in the Authorization section: https://www.elastic.co/guide/en/shield/current/authorization.html
All configuration changes in Kibana 4 that are required to work with shield are in kibana.yml, but are limited to configuring the right Kibana username and password to talk to Elasticsearch... the rest is handled by ES+Shield, and are described here: https://www.elastic.co/guide/en/shield/current/_shield_with_kibana_4.html
Note that at present Kibana 4 just presents a basic authentication login screen to users and simply passes those credentials to ES+Shield to authorize (or reject) access to the data. In 4.2, we're working on a dedicated login screen and user session support: https://github.com/elastic/kibana/issues/3904
Thanks for the reply,
i created a roles.yml file in /config/shield. this is its content:
# All cluster rights
# All operations on all indices
admin:
cluster: all
indices:
'*': all
# Monitoring cluster privileges
# All operations on all indices
power_user:
cluster: monitor
indices:
'*': all
# Only read operations on indices
user:
indices:
'*': read
# Only read operations on indices named events_*
events_user:
indices:
'events_*': read
# Only GET read action on index named events_index
get_user:
indices:
'events_index': 'indices:data/read/get'
what i have to do next to see the authentication screen?
And to be able to access kibana through différents roles??
Sorry but the doc is not clear..
Thanks in advance.
In general, there are two places you have to modify:
Shield configuration files living in elasticsearch config/shield directory
https://www.elastic.co/guide/en/shield/current/_shield_with_kibana_4.html
kibana.yml in your Kibana 4 installation. Instructions here:
https://www.elastic.co/guide/en/kibana/current/production.html#configuring-kibana-shield
Looking at your roles file, for one, you're still missing the kibana4_server role. Once you have that, make sure to follow instructions in step (2) above.
Hi,
Still not working..
I'm asking for the result of this configuration..
After this config, i have to specify the user and password in the kibana.yml file before each start of Kibana? like this?
# If your Elasticsearch is protected with basic auth, this is the user credentials
# used by the Kibana server to perform maintence on the kibana_index at statup. Your Kibana
# users will still need to authenticate with Elasticsearch (which is proxied thorugh
# the Kibana server)
# kibana_elasticsearch_username: user
# kibana_elasticsearch_password: pass
And i'm asking for the password declaration.. where to configure the user's password??
Ensure the kibana4_server role exists in the roles file.
Then, according to the Shield guide, add a user:
bin/shield/esusers useradd kibana4_server -r kibana4_server
This command will prompt you for the password.
This makes sense 
I'll try this later.
Thanks
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.