Login page for Kibana 7.6 Basic license

nityaraj06 · May 7, 2020, 12:23pm

Hi,

I have been looking at options to add a login page in the Kibana 7.6 basic license. I have tried it using x-pack but it seems like it is not possible with basic license.
Followed these links -
https://www.elastic.co/guide/en/elasticsearch/reference/6.3/configuring-security.html
https://www.elastic.co/guide/en/kibana/current/using-kibana-with-security.html
Could anyone help me here?
@Christian_Dahlqvist
Thanks!

Christian_Dahlqvist · May 7, 2020, 12:28pm

Look at the correct version of the docs. Security is available with the basic license in 7.6 but not 6.3. Also note that this forum is manned by volunteers so do not ping people not already involved in the thread.

nityaraj06 · May 7, 2020, 12:54pm

Apologies for listing out the incorrect link, I did follow the instructions for 7.6 and below is the error I'm receiving in the kibana logs

{"type":"log","@timestamp":"2020-05-07T12:51:21Z","tags":["warning","plugins","licensing"],"pid":9736,"message":"License information could not be obtained from Elasticsearch due to [security_exception] failed to authenticate user [kibana], with { header={ WWW-Authenticate=\"Basic realm=\\\"security\\\" charset=\\\"UTF-8\\\"\" } } :: {\"path\":\"/_xpack\",\"statusCode\":401,\"response\":\"{\\\"error\\\":{\\\"root_cause\\\":[{\\\"type\\\":\\\"security_exception\\\",\\\"reason\\\":\\\"failed to authenticate user [kibana]\\\",\\\"header\\\":{\\\"WWW-Authenticate\\\":\\\"Basic realm=\\\\\\\"security\\\\\\\" charset=\\\\\\\"UTF-8\\\\\\\"\\\"}}],\\\"type\\\":\\\"security_exception\\\",\\\"reason\\\":\\\"failed to authenticate user [kibana]\\\",\\\"header\\\":{\\\"WWW-Authenticate\\\":\\\"Basic realm=\\\\\\\"security\\\\\\\" charset=\\\\\\\"UTF-8\\\\\\\"\\\"}},\\\"status\\\":401}\",\"wwwAuthenticateDirective\":\"Basic realm=\\\"security\\\" charset=\\\"UTF-8\\\"\"} error"}

Kindly help me with this, I will untag the other people from the list.

Christian_Dahlqvist · May 7, 2020, 1:13pm

Have you configured security in Elasticsearch? What does you config look like? What have you done so far? Is there anything in the Elasticsearch logs?

nityaraj06 · May 7, 2020, 1:28pm

Yes i have configured my 2 node es cluster and kibana:
x-pack license shows this -

`{
  "license" : {
  .
  .
  "status" : "active",
    "type" : "basic"
.
.
  }
}

Configs:

========node 1=========elasticsearch.yml=====

#xpack.security.enabled: true

#xpack.security.transport.ssl.enabled: true

#xpack.security.transport.ssl.verification_mode: certificate 
#xpack.security.transport.ssl.keystore.path: E:\elasticsearch\config\elastic-certificates.p12 
#xpack.security.transport.ssl.truststore.path: E:\elasticsearch\config\elastic-certificates.p12 

========node 2=========elasticsearch.yml=====

#xpack.security.enabled: true
#xpack.security.transport.ssl.enabled: true

#xpack.security.transport.ssl.verification_mode: certificate 
#xpack.security.transport.ssl.keystore.path: E:\elasticsearch\config\elastic-certificates.p12 
#xpack.security.transport.ssl.truststore.path: E:\elasticsearch\config\elastic-certificates.p12 

========node1=========kibana.yml=====

#elasticsearch.username: "kibana"
#elasticsearch.password: "kibanapwd"

#xpack.security.encryptionKey: "12345678123456781234567812345678"

Elasticsearch logs have this now:

Caused by: javax.net.ssl.SSLHandshakeException: General SSLEngine problem
	at sun.security.ssl.Handshaker.checkThrown(Handshaker.java:1529) ~[?:?]
	at sun.security.ssl.SSLEngineImpl.checkTaskThrown(SSLEngineImpl.java:535) ~[?:?]

Caused by: java.security.cert.CertPathValidatorException: Path does not chain with any of the trust anchors
	at sun.security.provider.certpath.PKIXCertPathValidator.validate(PKIXCertPathValidator.java:154) ~[?:?]
	at sun.security.provider.certpath.PKIXCertPathValidator.engineValidate(PKIXCertPathValidator.java:80) ~[?:?]

Caused by: sun.security.validator.ValidatorException: PKIX path validation failed: java.security.cert.CertPathValidatorException: Path does not chain with any of the trust anchors
	at sun.security.validator.PKIXValidator.doValidate(PKIXValidator.java:362) ~[?:?]
	at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:270) ~[?:?]

Christian_Dahlqvist · May 7, 2020, 1:52pm

It looks like the parameters enabling security are commented out which is any no security is enabled.

nityaraj06 · May 7, 2020, 1:54pm

They are uncommented in the config files, I have restarted es and kibana and now facing the errors as mentioned above.

The xpack license is basic, hope that is not an issue.

nityaraj06 · May 8, 2020, 1:27pm

Hi,

I have been able to setup basic authentication myself and encrypted communication between the elasticsearch nodes. However, now I want to setup Active Directory based authentication but I have a basic license currently. Is this possible in any way?

Thanks! @Christian_Dahlqvist

Christian_Dahlqvist · May 8, 2020, 2:57pm

Active Directory integration is not available with the free Basic license. For that you need a commercial license.

nityaraj06 · May 10, 2020, 4:25pm

Ok, thank you so much for the reply

system · June 7, 2020, 4:25pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.