Login page for Kibana 7.6 Basic license

Hi,

I have been looking at options to add a login page in the Kibana 7.6 basic license. I have tried it using x-pack but it seems like it is not possible with basic license.
Followed these links -
https://www.elastic.co/guide/en/elasticsearch/reference/6.3/configuring-security.html
https://www.elastic.co/guide/en/kibana/current/using-kibana-with-security.html
Could anyone help me here?
@Christian_Dahlqvist
Thanks!

Look at the correct version of the docs. Security is available with the basic license in 7.6 but not 6.3. Also note that this forum is manned by volunteers so do not ping people not already involved in the thread.

Apologies for listing out the incorrect link, I did follow the instructions for 7.6 and below is the error I'm receiving in the kibana logs

{"type":"log","@timestamp":"2020-05-07T12:51:21Z","tags":["warning","plugins","licensing"],"pid":9736,"message":"License information could not be obtained from Elasticsearch due to [security_exception] failed to authenticate user [kibana], with { header={ WWW-Authenticate=\"Basic realm=\\\"security\\\" charset=\\\"UTF-8\\\"\" } } :: {\"path\":\"/_xpack\",\"statusCode\":401,\"response\":\"{\\\"error\\\":{\\\"root_cause\\\":[{\\\"type\\\":\\\"security_exception\\\",\\\"reason\\\":\\\"failed to authenticate user [kibana]\\\",\\\"header\\\":{\\\"WWW-Authenticate\\\":\\\"Basic realm=\\\\\\\"security\\\\\\\" charset=\\\\\\\"UTF-8\\\\\\\"\\\"}}],\\\"type\\\":\\\"security_exception\\\",\\\"reason\\\":\\\"failed to authenticate user [kibana]\\\",\\\"header\\\":{\\\"WWW-Authenticate\\\":\\\"Basic realm=\\\\\\\"security\\\\\\\" charset=\\\\\\\"UTF-8\\\\\\\"\\\"}},\\\"status\\\":401}\",\"wwwAuthenticateDirective\":\"Basic realm=\\\"security\\\" charset=\\\"UTF-8\\\"\"} error"}

Kindly help me with this, I will untag the other people from the list.

Have you configured security in Elasticsearch? What does you config look like? What have you done so far? Is there anything in the Elasticsearch logs?

Yes i have configured my 2 node es cluster and kibana:
x-pack license shows this -

`{
  "license" : {
  .
  .
  "status" : "active",
    "type" : "basic"
.
.
  }
}

Configs:

========node 1=========elasticsearch.yml=====

#xpack.security.enabled: true

#xpack.security.transport.ssl.enabled: true

#xpack.security.transport.ssl.verification_mode: certificate 
#xpack.security.transport.ssl.keystore.path: E:\elasticsearch\config\elastic-certificates.p12 
#xpack.security.transport.ssl.truststore.path: E:\elasticsearch\config\elastic-certificates.p12 

========node 2=========elasticsearch.yml=====

#xpack.security.enabled: true
#xpack.security.transport.ssl.enabled: true

#xpack.security.transport.ssl.verification_mode: certificate 
#xpack.security.transport.ssl.keystore.path: E:\elasticsearch\config\elastic-certificates.p12 
#xpack.security.transport.ssl.truststore.path: E:\elasticsearch\config\elastic-certificates.p12 

========node1=========kibana.yml=====

#elasticsearch.username: "kibana"
#elasticsearch.password: "kibanapwd"

#xpack.security.encryptionKey: "12345678123456781234567812345678"

Elasticsearch logs have this now:

Caused by: javax.net.ssl.SSLHandshakeException: General SSLEngine problem
	at sun.security.ssl.Handshaker.checkThrown(Handshaker.java:1529) ~[?:?]
	at sun.security.ssl.SSLEngineImpl.checkTaskThrown(SSLEngineImpl.java:535) ~[?:?]

Caused by: java.security.cert.CertPathValidatorException: Path does not chain with any of the trust anchors
	at sun.security.provider.certpath.PKIXCertPathValidator.validate(PKIXCertPathValidator.java:154) ~[?:?]
	at sun.security.provider.certpath.PKIXCertPathValidator.engineValidate(PKIXCertPathValidator.java:80) ~[?:?]

Caused by: sun.security.validator.ValidatorException: PKIX path validation failed: java.security.cert.CertPathValidatorException: Path does not chain with any of the trust anchors
	at sun.security.validator.PKIXValidator.doValidate(PKIXValidator.java:362) ~[?:?]
	at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:270) ~[?:?]

It looks like the parameters enabling security are commented out which is any no security is enabled.

They are uncommented in the config files, I have restarted es and kibana and now facing the errors as mentioned above.

The xpack license is basic, hope that is not an issue.

Hi,

I have been able to setup basic authentication myself and encrypted communication between the elasticsearch nodes. However, now I want to setup Active Directory based authentication but I have a basic license currently. Is this possible in any way?

Thanks! @Christian_Dahlqvist

Active Directory integration is not available with the free Basic license. For that you need a commercial license.

1 Like

Ok, thank you so much for the reply :slight_smile: