New users do not receive mails and can not log in

Matteo_Fiore · October 19, 2020, 8:01am

Hello,

I am having some problems creating new users and granting them access.

What I am doing
Stack Management > Users > Create User

When trying to log in with the new user I receive "Invalid username or password. Please try again."

I have been researching a bit and found this thread.
In order to check if the default realm was enabled, I ran

GET /_security/user/{username}

Based on the documentation

If the user is not defined in the native realm, the request 404s.

But I do receive an answer in the form

{
  "username" : {
    "username" : "username",
    "roles" : [ ],
    "full_name" : "FullName",
    "email" : "xyz@aaa.lk",
    "metadata" : { },
    "enabled" : true
  }
}

Any suggestions on why I am not able to log in with any newly created users?

Thank you beforehand.

Best,
Matteo Fiore

Matteo_Fiore · October 19, 2020, 12:51pm

Update:

Using
GET /_cluster/settings?include_defaults=true
I have been digging around and found out that the realms settings look like

{
  "realms": {
    "saml": {
      "cloud-xyz": {
        ...
        "order": "3"
      }
    },
    "native": {
      "native": {
        "order": "1"
      }
    },
    "file": {
      "found": {
        "order": "0"
      }
    }
  }
}

I have been trying to use the

PUT /_cluster/settings
{
  "persistent": {
    "xpack": {
      "security": {
        "authc": {
          "realms": {
            "native": {
              "native": {
                "order": 0
              }
            }
          }
        }
      }
    }
  }
}

to change the order but no luck so far.

ikakavas · October 19, 2020, 1:37pm

You should not need to change the realm settings in your cloud instance. The defaults are fine you can't and there is no need to set the native to order 0.
New users do not receive mails

They shouldn't , this is not a functionality that elastic cloud offers at this time ( i.e. deployment users getting notified of account creation via email )
I have been researching a bit and found this thread.

This is about and on premise installation and not applicable to your case

Can you clarify where do you try to login ? Is it the same kibana instance as the one you created the user in? What version is your kibana + es cluster ?

Matteo_Fiore · October 19, 2020, 2:02pm

Hi,
Thank you for your answer.

Ok, I realized I was making a rather silly mistake. I was trying to log in into cloud.elastic.co instead of logging in into Kibana.

How can I create users so that they log-in and manage the deployments?

Also, I've been trying to connect to ES through Spark using the newly created users.

(
      spark.read
      .format("org.elasticsearch.spark.sql")
      .option("es.nodes.wan.only","true")
      .option("es.net.http.auth.user", "username")
      .option("es.net.http.auth.pas", "password")
      .option("es.nodes", "node")
      .option("es.port", "port")
      .load("index/test-index")
)

But what I obtain is (for both elastic and newly created user):

org.elasticsearch.hadoop.rest.EsHadoopInvalidRequest: org.elasticsearch.hadoop.rest.EsHadoopRemoteException: security_exception: unable to authenticate user [username] for REST request [/]
null

At first, I thought that the issue was the same as not being able to log-in in the UI, but then trying to connect using

from datetime import datetime
from elasticsearch import Elasticsearch

es = Elasticsearch(['endpoint'], http_auth=('username', 'password'))

doc = {
    'author': 'kimchy2',
    'text': 'Elasticsearch: cool. bonsai cool.',
    'timestamp': datetime.now(),
}
res = es.index(index="test-index", id=3, body=doc)
print(res['result'])

does not result in error.

Would you be able to help with that issue as well?
Thank you beforehand!

system · November 16, 2020, 2:02pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.