Not able enter into the kibana with correct credentials

(Sukesh) #1

Hi , i activated the kibana , asking username and password , if i enter wrong credentials it is throwing invalid username password please give me the solution for this! but if it is correct not able enter into the kibana

Kibana Server :Authentication Exception
(Tim Sullivan) #2

Sounds like you have the Shield plugin for Kibana installed. Do you also have the Shield plugin for Elasticsearch installed?

If so, let us know the steps you did to install the plugins for Elasticsearch and Kibana, and how you added the user accounts.

The versions for the software you are using could help too.

(Sukesh) #3

Yes @tsullivan ullivan , i was installed shield for kibana and elasticsearch , the version of ES is 2.3.1 and kibana 4.5.0 window ,shield 2.3.1 .

steps : first i was installed the shiled for elasticsearch
as per this link

after that i installed shield for kibana but while kibana installation i did not set the ssl certicate path because that is sounds me bit confused so i used
shield.skipSslCheck: true
this command to skip the ssl check

(Tim Sullivan) #4

Try adding shield.useUnsafeSessions: true in your Kibana.yml.

Shield plugin with 2.3 is only supported with SSL, and the skip SSL option is just to terminate SSL outside the kibana server, not bypass SSL altogether.

(Sukesh) #5

Hi @tsullivan ,

i tried shield.useUnsafeSessions: true but it is throwing the fatal error
FATAL { [ValidationError: child "shield" fails because ["useUnsafeSessions" is n
ot allowed]]
name: 'ValidationError',
[ { message: '"useUnsafeSessions" is not allowed',
path: 'shield.useUnsafeSessions',
type: 'object.allowUnknown',
context: [Object] } ],
{ pkg:
{ version: '4.5.0',
buildNum: 9889,
buildSha: 'ff5cfc5d05a58e53f7acaa762428fa803318d31e' },
pid: { exclusive: false },
{ host: '',
port: 5601,
maxPayloadBytes: 1048576,
autoListen: true,
basePath: '',
ssl: {},
cors: false,
xsrf: [Object] },
{ silent: false,
quiet: false,
verbose: false,
events: {},
dest: 'stdout',
filter: {},
json: false },
plugins: { scanDirs: [Object], paths: [], initialize: true },
{ enabled: true,
bundleFilter: '!tests',
bundleDir: 'C:\Users\\Downloads\kibana-4.5.0-windows\kibana-4
viewCaching: true,
lazy: false,
lazyPort: 5602,
lazyHost: 'localhost',
lazyPrebuild: false,
lazyProxyTimeout: 300000,
useBundleCache: true,
unsafeCache: '/\/\\[\/\\]/',
sourceMaps: false,
profile: false },
{ enabled: true,
defaultServerUrl: 'http://
proxyFilter: [Object],
ssl: {},
proxyConfig: [Object] },
{ useUnsafeSessions: true,
skipSslCheck: true,
encryptionKey: '
sessionTimeout: 600000 } },
annotate: [Function] }

so i removed it ,and run the kibana it is showing exception like

FATAL { [Error: HTTPS is required. Please set server.ssl.key and server.ssl.cert
in kibana.yml.]
cause: [Error: HTTPS is required. Please set server.ssl.key and server.ssl.cer
t in kibana.yml.],
isOperational: true }

now i got the "openssl-1.0.2.tar " but dont know how to set and where i can get the path to server.key ,server.crt please help in this .

(Tim Sullivan) #6

I apologize. the useUnsafeSessions will be available in version 2.4

Have you seen these documentation pages about setting up encryption with Shield? You have an option to use self-signed certificates if you do not need to have your certificate signed by a trusted CA.

(Sukesh) #7

Yes @tsullivan , i gone through that ,but i did not understand anything , i can do up to user creation but SSL certification thing is bit confusing .i have openssl 1.0.2 in that where i can get the server.key,server.crt file paths ?

(Tim Sullivan) #8

i have openssl 1.0.2 in that where i can get the server.key,server.crt file paths ?

The openssl command generates those files. There are a lot of ways to generate the private key and certificate, and we don't cover how to do it in our documentation. But this site gives the openssl commands you can run to generate those files:

To summarize it:

  1. Generate a private key:
openssl genrsa -des3 -passout pass:x -out server.pass.key 2048
openssl rsa -passin pass:x -in server.pass.key -out server.key
  1. Generate a certificate signing request:
openssl req -new -key server.key -out server.csr
  1. Generate an SSL certificate:
openssl x509 -req -sha256 -days 365 -in server.csr -signkey server.key -out server.crt

(system) #9