Login Dialog with Shield and Kibana 3?

security

(Kyle Tippetts) #1

I've installed and configured Elasticsearch (latest) and Shield (latest). I've set up Kibana 3. I've made all the configuration changes in the long version of the Shield setup (including trying the shield.authc configuration in elasticsearch.yml for anonymous user access). I've created a user and assigned the kibana3 role.

When I go to https://192.168.10.25/kibana/, I expected to get a login dialog where I could enter a configured username/password, but I instead get the Connection Failed page. If I then, from the browser, hit Elasticsearch at https://192.168.10.101:9200 and enter the username/password I get the expected JSON response:

{
"status" : 200,
  "name" : "node01",
  "cluster_name" : "vgvm-elasticsearch-centoos6.5",
  "version" : {
    "number" : "1.6.0",
    "build_hash" : "cdd3ac4dde4f69524ec0a14de3828cb95bbb86d0",
    "build_timestamp" : "2015-06-09T13:36:34Z",
    "build_snapshot" : false,
    "lucene_version" : "4.10.4"
  },
  "tagline" : "You Know, for Search"
}

Then, if I re-enter the url to kibana (or remove the "#/connectionFailed/ bit and refresh), I get the default Kibana dashboard.

Is there a way to get kibana to display a login prompt so I don't have to hit the elasticsearch node directly and login there first? Or better yet, what am I missing in all of this?


(Mark Walkom) #2

What are you using to server KB3 (apache/nginx), and what does the config for that look like?


(Kyle Tippetts) #3

I'm using Apache. Here's the ssl.conf

LoadModule ssl_module modules/mod_ssl.so

Listen 443

SSLPassPhraseDialog  builtin
SSLSessionCache         shmcb:/var/cache/mod_ssl/scache(512000)
SSLSessionCacheTimeout  300
SSLMutex default
SSLRandomSeed startup file:/dev/urandom  256
SSLRandomSeed connect builtin
SSLCryptoDevice builtin

<VirtualHost _default_:443>
  ErrorLog logs/ssl_error_log
  TransferLog logs/ssl_access_log
  LogLevel warn

  SSLEngine on
  SSLProtocol all -SSLv2
  SSLCipherSuite ALL:!ADH:!EXPORT:!SSLv2:RC4+RSA:+HIGH:+MEDIUM:+LOW
  SSLCertificateFile /etc/pki/tls/certs/server.crt
  SSLCertificateKeyFile /etc/pki/tls/certs/server.key

  <Files ~ "\.(cgi|shtml|phtml|php3?)$">
    SSLOptions +StdEnvVars
  </Files>
  <Directory "/var/www/cgi-bin">
    SSLOptions +StdEnvVars
  </Directory>

  SetEnvIf User-Agent ".*MSIE.*" \
         nokeepalive ssl-unclean-shutdown \
         downgrade-1.0 force-response-1.0

  CustomLog logs/ssl_request_log \
          "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
</VirtualHost>

(Steve Kearns) #4

Kibana 3 has your browser directly connect to Elasticsearch to run queries, etc. This means your browser starts by pointing at 192.168.10.25 which has K3, but then makes a request to 192.168.10.101, which is a "cross-origin request" (CORS). In recent versions of Elasticsearch, we disable CORS by default for security reasons. In this case, I'm guessing you will need to re-enable CORS. We outline this process in our Shield docs:

https://www.elastic.co/guide/en/shield/current/_shield_with_kibana_3.html#cors

Hope that helps!


(Kyle Tippetts) #5

I have CORS enabled; here's what I have in elasticsearch.yml:

http.cors.enabled: true
http.cors.allow-origin: "https://192.168.10.25"
http.cors.allow-credentials: true

and in K3's config.js, I have this for the elasticsearch url definition:

elasticsearch: {server: "https://192.168.10.101:9200", withCredentials: true},

(system) #6