I upgraded an elastic cloud cluster from v6 to elastic+kibana v7.1.1. I have other kibanas in dedicated servers (1 per customer) that I also upgraded to 7.1.1. Each of the other kibanas where using a dedicated kibana index.
After the upgrade, on the othes kibanas, the kibana users cannot log in, with a 403 error shown as json in the browser. I found two insane ways to bypass that :
switch the kibana.index to .kibana
give every user the superuser role
My login problem seems to a security one. But I can't find a way to grant a specific user an acces to a specific kibana index.
{"type":"log","@timestamp":"2019-06-11T20:51:31Z","tags":["debug","legacy-service"],"pid":793,"message":"Request will be handled by proxy POST:/api/security/v1/login."}
{"type":"error","@timestamp":"2019-06-11T20:51:31Z","tags":["debug","security","auth","session"],"pid":793,"level":"error","error":{"message":"Unauthorized","name":"Error","stack":"Error: Unauthorized\n at validate (/usr/share/kibana/node_modules/hapi-auth-cookie/lib/index.js:153:49)\n at Object.authenticate (/usr/share/kibana/node_modules/hapi-auth-cookie/lib/index.js:226:26)\n at module.exports.internals.Manager.execute (/usr/share/kibana/node_modules/hapi/lib/toolkit.js:35:106)\n at module.exports.internals.Auth.test (/usr/share/kibana/node_modules/hapi/lib/auth.js:92:54)\n at Session.get (/usr/share/kibana/node_modules/x-pack/plugins/security/server/lib/authentication/session.js:56:47)\n at Authenticator.authenticate (/usr/share/kibana/node_modules/x-pack/plugins/security/server/lib/authentication/authenticator.js:132:49)\n at Object.server.expose.request [as authenticate] (/usr/share/kibana/node_modules/x-pack/plugins/security/server/lib/authentication/authenticator.js:288:60)\n at handler (/usr/share/kibana/node_modules/x-pack/plugins/security/server/routes/api/v1/authenticate.js:34:68)\n at module.exports.internals.Manager.execute (/usr/share/kibana/node_modules/hapi/lib/toolkit.js:35:106)\n at Object.internals.handler (/usr/share/kibana/node_modules/hapi/lib/handler.js:50:48)\n at exports.execute (/usr/share/kibana/node_modules/hapi/lib/handler.js:35:36)\n at Request._lifecycle (/usr/share/kibana/node_modules/hapi/lib/request.js:263:62)\n at process._tickCallback (internal/process/next_tick.js:68:7)"},"message":"Unauthorized"}
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.