LOGOUT buttom does not logout from superuser, redirects to space_selector and not redirects to login_page

Hi!
I have a basic license. When i deployed the stack i used NGINX to have a basic auth and a web server/proxy.
Now I have just deployed the xpack security using native realm to have a basic auth with different users. I created 2 new users different from the superuser (that of nginx).
Now that i have both, when i try to click on LOGOUT to select a different account from the superuser, kibana superuser does not logout and kibana redirects to space_selector...why?? Someone can help me?
I think that there is a conflict between x-pack security and nginx. Maybe nginx does not logout, the x-pack is still seeing the superuser signed in and does not logout.

I think that there is a conflict between x-pack security and nginx. Maybe nginx does not logout, the x-pack is still seeing the superuser signed in and does not logout.

This sounds right. If your nginx is configured to add the Authentication header on every request, then you will not be able to actually log out completely from the client. You will most likely need to remove the headers for the super user.

Ok @joshdover! Thanks to confirm my idea. But how can i trigger the elimination of Authentication header when i click on Logout? Or do you think i have to remove the nginx authentication and keep only the proxy/web server function? Is it possible?

If you have the included security enabled, I see no reason to keep the nginx authentication header, nor do I know of how to make nginx omit this header in some cases. It's probably quite dangerous to be allow any user to have superuser access since you now have native security set up.

1 Like

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.