I'm currently trying to set a CNAME to a Clouded Kibana. In my attempt to do so, i contacted the support (during the trial period) who was kind enough to confirm that i needed a reverse proxy to work the problem and make the CNAME point to the said reverse proxy - see link bellow :
I'm currently working on a reverse proxy via nginx. After configuring the proxy, whenever i try to access Kibana i get the following message
{"statusCode":401,"error":"Unauthorized","message":"[security_exception] unable to authenticate user [elastic] for REST request
[/_xpack/security/_authenticate], with { header={ WWW-Authenticate={ 0=\"Bearer realm=[\\\](file:///)
"security[\\\](file:///)"\" & 1=\"ApiKey\" & 2=\"Basic realm=[\\\](file:///)"security[\\\](file:///)"
charset=[\\\](file:///)"UTF-8[\\\](file:///)"\" } } }"}
I tried to authenticate via curl but i get the same error after being asked for my password
After researching the issues thanks to the following links :
I understand that i need to update the kibana.yml file or set some x-pack configurations.
Could you explain how i'm suppose to do so on Elastic Cloud ?
Is there a way to work the problem through the dev console or should i set the file via curl ?
Could you give me additional insights on how to do so ?
Thanks! I didn't bother with SSL locally, but I was able to get the following to work for my test cloud instance. My test instance was created a while ago, so ignore the difference in domain name.
Unnecessary, but I also renamed the elasticsearch upstream entry to kibana to better reflect what we're actually connecting to:
The elastic account that the Cloud admin console creates for you should work for both Kibana and Elasticsearch. My only advice is to double check those credentials.
If you base64-decode the username and password, can you login to Kibana with those credentials if you navigate there directly (bypassing the proxy)?
To log in to ES, i have to use my email address and for kibana i have the elastic account that the Cloud admin console created for me, so i have 2 different accounts for ES and Kibana
If i base64-decode the username:password i can indeed log in Kibana on the connexion panel
Maybe there is something to change on the Kibana side ?
When i do the following :
As far as I know, the account with your email address should just be needed to authenticate to the Cloud Admin Console. The elastic user account should work for both Kibana and Elasticsearch (Kibana delegates all auth to Elasticsearch, there are no separate accounts between the two).
There shouldn't be any changes required on the Kibana side. You mentioned you created another user. If you run GET /_xpack/security/user, it should show you all of the users that you created
A solution has been found and it was simple yet strange :
I encoded the base64 username:password with openssl
Our CTO used an other solution : https://www.base64encode.org/
and it worked !
Apparently the algorithms are different, it might be worth writing this possible issue with openssl somewhere
Also, we managed to make it work with tokens
Thanks a lot for taking time on this, i can now move on other issues !
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.