Everything was working fine until installing shield. This is my first time to configure the shield plug. Could you please help to resolve this issue? Thank you very much!

My environment:
OS: CentOS 7
elasticsearch-2.1.1
logstash-2.1.1
kibana-4.3.1

Testing result

curl -u es_admin -XGET 'http://localhost:9200/'

Enter host password for user 'es_admin':
{
"name" : "Dmitri Smerdyakov",
"cluster_name" : "elasticsearch",
"version" : {
"number" : "2.1.1",
"build_hash" : "40e2c53a6b6c2972b3d13846e450e66f4375bd71",
"build_timestamp" : "2015-12-15T13:05:55Z",
"build_snapshot" : false,
"lucene_version" : "5.3.1"
},
"tagline" : "You Know, for Search"
}

curl -u es_admin -XPUT 'localhost:9200/people/person/l?pretty' -d '{"name" : "Administrator"}';

Enter host password for user 'es_admin':
{
"_index" : "people",
"_type" : "person",
"_id" : "l",
"_version" : 1,
"_shards" : {
"total" : 2,
"successful" : 1,
"failed" : 0
},
"created" : true
}

Error message

[2016-01-21 21:41:08,099][INFO ][rest.suppressed ] /_bulk Params: {}
ElasticsearchSecurityException[missing authentication token for REST request [/_bulk]]
at org.elasticsearch.shield.support.Exceptions.authenticationError(Exceptions.java:39)
at org.elasticsearch.shield.authc.DefaultAuthenticationFailureHandler.missingToken(DefaultAuthenticationFailureHandler.java:65)
at org.elasticsearch.shield.authc.InternalAuthenticationService.authenticate(InternalAuthenticationService.java:96)
at org.elasticsearch.shield.rest.ShieldRestFilter.process(ShieldRestFilter.java:71)
at org.elasticsearch.rest.RestController$ControllerFilterChain.continueProcessing(RestController.java:265)
at org.elasticsearch.rest.RestController.dispatchRequest(RestController.java:176)
at org.elasticsearch.http.HttpServer.internalDispatchRequest(HttpServer.java:128)
at org.elasticsearch.http.HttpServer$Dispatcher.dispatchRequest(HttpServer.java:86)
at org.elasticsearch.http.netty.NettyHttpServerTransport.dispatchRequest(NettyHttpServerTransport.java:348)
at org.elasticsearch.http.netty.HttpRequestHandler.messageReceived(HttpRequestHandler.java:63)
at org.jboss.netty.channel.SimpleChannelUpstreamHandler.handleUpstream(SimpleChannelUpstreamHandler.java:70)
at org.jboss.netty.channel.DefaultChannelPipeline.sendUpstream(DefaultChannelPipeline.java:564)
... ....
... ...

Is the error returning during that put, or somewhere else?

Hello Mark,
Thank you very much for your reply.

Yes. This is a error message of Elasticsearch during data input. My system can not display any new log because of the error.

Did you setup Logstash correctly - https://www.elastic.co/guide/en/shield/current/logstash.html?

Hello Mark,

Thank you very much for your advice!

My steps:

1. create a logstash user:

esusers useradd elk -r logstash

esusers list
elk : logstash
es_admin : admin

2. Modify logstash configuration file:
output {
elasticsearch {
hosts => "10.7.1.86"
user => "elk"
password => "koooooooo"
}
stdout { codec=> rubydebug }
}

3. Check the configuration file roles.yml:

logstash:
cluster: indices:admin/template/get, indices:admin/template/put
indices:
'logstash-*':
privileges: indices:data/write/bulk, indices:data/write/delete, indices:data/write/update, indices:data/read/search, indices:data/read/scroll, create_index

New error message are:

Logstash:
Attempted to send a bulk request to Elasticsearch configured at '["http://10.7.1.86:9200/"]', but an error occurred and it failed! Are you sure you can reach elasticsearch from this machine using the configuration provided? {:client_config=>{:hosts=>["http://10.7.1.86:9200/"], :ssl=>nil, :transport_options=>{:socket_timeout=>0, :request_timeout=>0, :proxy=>nil, :ssl=>{}}, :transport_class=>Elasticsearch::Transport::Transport::HTTP::Manticore, :headers=>{"Authorization"=>"Basic ZWxrOmtvYmF0aW1l"},

Elasticsearch:
[2016-01-22 15:37:55,668][INFO ][rest.suppressed ] /_bulk Params: {}
ElasticsearchSecurityException[unable to authenticate user [elk] for REST request [/_bulk]]
at org.elasticsearch.shield.support.Exceptions.authenticationError(Exceptions.java:39)
at org.elasticsearch.shield.authc.DefaultAuthenticationFailureHandler.unsuccessfulAuthentication(DefaultAuthenticationFailureHandler.java:35)
at org.elasticsearch.shield.authc.InternalAuthenticationService.authenticate(InternalAuthenticationService.java:111)
at org.elasticsearch.shield.rest.ShieldRestFilter.process(ShieldRestFilter.java:71)
at org.elasticsearch.rest.RestController$ControllerFilterChain.continueProcessing(RestController.java:265)
at org.elasticsearch.rest.RestController.dispatchRequest(RestController.java:176)

Shield with the same configure file is working fine in new environment:
CentOS 7
logstash-2.2.1
logstash-2.2.1
kibana-4.4.1

I'm having the same issue:
CentOS 7
elasticsearch 2.0.1
logstash 2.0.0
kibana 4

I updated to
elasticsearch 2.2.0
logstash 2.2.2
kibana 4.2.0

and I still have the issue

Note. In my case, with the last version of everything, on a centos, I have still habe this as logs in elasticsearch, but in kibana the roles are working as expected..

Can this error be generated if we have a dashboard with multiple indices, and we have access only to one part of them?

This exception may occur in normal operation. What happens is a browser/client will send a request to a server without authentication credentials and then you get the missing authentication token exception, which will return to the browser/client as a challenge for authentication. This causes the client to request credentials from the user (basic auth popup in a browser) and send them back to the server.

Guys,

Having the same issue, did anyone figure out the solution ? I saw some people just upgraded and it worked and for some like above it did not. Also it there any specific reason for this issue to happen?

I reset my password for the user "es_admin" and also created new user as per below with the role "kibana4_server"

bin/shield/esusers useradd alpha -r kibana4_server -p xxxxxxx

Then I restart the elastic-search and did worked for me.