Kibana Superuser elastic not able to login after X-Pack installation


(Murali Krishna) #1

Hi,

I have installed X-Pack on ELK stack version 6.2.4 without any errors. However in Kibana UI console screen ( Management > Security > Users or Roles> I am getting error message as "You do not have permission to manage users. Please contact your administrator.". It is showing as "kibana" only even after logging in as "elastic". Pls help with resolution.


(Ioannis Kakavas) #2

Hi Murali,

Please make sure you clear all the cookies you might have for the specific domain via which you access kibana or try in an "incognito" tab.


(Murali Krishna) #3

Hi Ioannis, Thanks. I tried with clearing cookies etc but facing the same issue. However it is working fine when I tried in an "incognito" tab.

What shall I do now ?


(Ioannis Kakavas) #4

You can restart your browser and this will fix it for you.

Out of curiosity, did you actually find and delete the sid cookie for Kibana and the domain you are accessing kibana via ? Or did you "clear all cookies" or something similar?

Can you also clarify your sequence of actions when you experienced this issue ? Did you log in as the kibana user first ? Did you explicitly logout before trying to log in as elastic user?


(Murali Krishna) #5

Hi Ioannis,

Browser restart has solved the issue. Thanks a lot.

Regards,


(Ioannis Kakavas) #6

Ι will try to explain what happened here for the benefit of anyone having the same issue:

The problem you were facing wasn't because of cookies ( that's why clearing them didn't work ) but because of Basic Authentication.

To trigger this, one needs to either

  1. Run with X-Pack installed in Elasticsearch but not in Kibana
  2. Run with X-Pack installed in both but security explicitly disabled in Kibana

In this case, while trying to access Kibana the browser will prompt the user to provide a Basic Authentication username/password that is stored in the browser's cache. This will be sent in all subsequent requests to Kibana as an Authorization header.
When the user later enables security in Kibana X-Pack, they will get prompted for authentication via a form, but when submitting the form, the Authorization header will be also sent, Kibana will read this and log them in with the credentials used in the original Basic Authentication event and not the ones entered in the login form.

Clearing the cookies doesn't help as the Authorization header value is stored in the Browser's cache that is cleared on restart.


(system) #7

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.