Logs cannot be written and doesn't work basic auth after setting OIDC

cass1ope1a · May 24, 2024, 3:50pm

I need to switch Kibana to OIDC auth through keycloak
I have default user dev with basic auth and logs writing by vector (with username logstash) to elasticsearch

When i switch on OIDC, i cannot auth with that dev user and my logs stop writing, because user logstash unable to auth (401)

How can I fix that?

There is a part of my elasticsearch.yml config:

...

xpack.security.enabled: true
xpack.security.transport.ssl.enabled: true
xpack.security.transport.ssl.verification_mode: certificate
xpack.security.transport.ssl.keystore.path: /usr/share/elasticsearch/config/elastic.p12
xpack.security.transport.ssl.truststore.path: /usr/share/elasticsearch/config/elastic.p12
xpack.security.transport.ssl.keystore.password: ""
xpack.security.transport.ssl.truststore.password: ""


xpack.security.http.ssl.enabled: true
xpack.security.http.ssl.keystore.path: /usr/share/elasticsearch/config/someserver.some.domain.p12

xpack:
  security:
    authc:
      realms:
        oidc.oidc1:
          order: 2
          rp.client_id: my_user
          rp.response_type: code 
          rp.redirect_uri: http://somebalancer/kibana/api/security/oidc/callback
          op.issuer: https://some.keycloak.server/auth/realms/somerealm
          op.authorization_endpoint: https://some.keycloak.server/auth/realms/somerealm/protocol/openid-connect/auth
          op.token_endpoint: https://some.keycloak.server/auth/realms/somerealm/protocol/openid-connect/token
          op.jwkset_path: https://some.keycloak.server/auth/realms/somerealm/protocol/openid-connect/certs
          op.userinfo_endpoint: https://some.keycloak.server/auth/realms/somerealm/protocol/openid-connect/userinfo
          op.endsession_endpoint: https://some.keycloak.server/auth/realms/somerealm/protocol/openid-connect/logout
          rp.post_logout_redirect_uri: http://somebalancer/kibana/security/logged_out
          claims.principal: sub
          ssl.certificate_authorities: /usr/share/elasticsearch/config/keycloak.cer
          ssl.verification_mode: none
          claims.groups: groups

...

Part of kibana.yml:

xpack.security.enabled: true

xpack.security.authc.providers:
  oidc.oidc1:
    order: 0
    realm: oidc1
    description: "Log in with my OpenID Connect" 
  basic.basic1:
    order: 1

...

leandrojmp · May 24, 2024, 6:26pm

Do you have a license? What do you have in the Kibana and Elasticsearch logs?

Topic		Replies	Views
Kibana OIDC Keycloak 401 Unauthorized Kibana elastic-stack-security , docker	3	2755	September 15, 2021
Authentication failed for an OpenID integration Elasticsearch elastic-stack-security	3	2167	March 23, 2020
Authentication problem using OIDC Kibana	4	3907	January 30, 2020
Unable to configure oidc Elasticsearch elastic-stack-security	7	2791	June 27, 2020
Elasticsearch 7.0.1 OIDC/SAML support Elasticsearch elastic-stack-security , docker	3	373	September 5, 2019

Logs cannot be written and doesn't work basic auth after setting OIDC

Related Topics