Native Authentication in ElasticSearch 2.3.4

security

(jk) #1

Hi, I am using ElasticSearch 2.3.4 version. Trying to implement native authentication in 2.3.4.

Have added the below configuration in elasticsearch.yml.
shield:
authc:
realms:
native1:
type: native
order: 0
enabled: true
And tried to create a user using the below POST rest call
http://localhost:9200/POST /_shield/user/ironman { "password" : "j@rV1s", "roles" : [ "admin", "other_role1" ], "full_name" : "Tony Stark", "email" : "tony@starkcorp.co", "metadata" : { "intelligence" : 7 } }

Was unable to create the user using the above call. I dont see any plugin in my plugins folder. Should there be any plugin for authentication or is that supported default?

Please help me on how to create a user and authenticate the calls.


(Ioannis Kakavas) #2

Hi there,

This is a very very old version of Elasticsearch. Can't you update or install version 6 instead ? 6.6.0 is the last released version.

In 2.3.4, you'd need to install and configure the Shield plugin


(jk) #3

Firstly, thanks for the reply.
Have installed shield and license plugins and then created a user using the below command
"bin/shield/esusers useradd username -r admin"

Using the below code creaing a connection and tried to access ElasticSearch. But the authentication is failing and getting the exception "The remote server returned an error: (401) Unauthorized"

IConnectionPool connectionPool = this._connectionPool.ToLower().Equals(staticConnectionPool) ? new StaticConnectionPool(nodes) : new SniffingConnectionPool(nodes);

ConnectionSettings connectionSettings = new ConnectionSettings(connectionPool).BasicAuthentication("es_user","testpwd");

connectionSettings.ThrowExceptions(true);

ElasticClient client = new ElasticClient(connectionSettings);

Could you please help on what is missing here?


(jk) #4

It worked after I changed type to from 'native' to 'file' in the below configuration (elasticsearch.yml).

shield:
authc:
realms:
file1:
type: file
order: 0