Nothing showing on Kibana after enabling security features

Hi,

I just followed this tutorial on how to enable security features on the Elastic Stack. After restarting Elasticsearch and Kibana, add the password configured, I am logged in but there is nothing showing appart from an option to select your space and nothing else:

Xpack

How can I fix this?

Hey @Booooooo,

A couple of questions for you:

What version of Kibana/ES are you using?

Can you make the following Elasticsearch API calls using the same username and password you used to login to Kibana, and paste the results here? Redact any sensitive information if you have names/emails in the output:

Replace http://localhost:9200 in the examples below with your actual Elasticsearch URL

1 Like

Hi @Larry_Gregory,

Thanks for the reply.

I am running the Stack on 7.5.0.

http://localhost:9200/_security/_authenticate

{"username":"kibana","roles":["kibana_system"],"full_name":null,"email":null,"metadata":{"_reserved":true},"enabled":true,"authentication_realm":{"name":"reserved","type":"reserved"},"lookup_realm":{"name":"reserved","type":"reserved"}}

http://localhost:9200/_security/user/_privileges

{"cluster":["cluster:admin/xpack/monitoring/bulk","cluster:admin/xpack/security/privilege/builtin/get","delegate_pki","manage_index_templates","manage_oidc","manage_saml","manage_token","monitor"],"global":[{"application":{"manage":{"applications":["kibana-*"]}}}],"indices":[{"names":[".management-beats"],"privileges":["create_index","read","write"],"allow_restricted_indices":false},{"names":[".monitoring-*"],"privileges":["read","read_cross_cluster"],"allow_restricted_indices":false},{"names":[".code-*",".code_internal-*"],"privileges":["all"],"allow_restricted_indices":false},{"names":[".apm-agent-configuration"],"privileges":["all"],"allow_restricted_indices":false},{"names":[".kibana*",".reporting-*"],"privileges":["all"],"allow_restricted_indices":false}],"applications":[],"run_as":[]}

I have followed the tutorial up to this page part, and then I stopped not to mess things up even further. :slight_smile:

Well that's interesting...

Ok, one more idea for you to try:

Can you set logging.verbose: true in your kibana.yml, restart Kibana, and login again?
If you could then provide the log file, we can try to diagnose this further.

1 Like

Hi @Larry_Gregory,

Sorry, I have mofified my post as I made a silly mistake. I have used curl this time and was able to retrieve the information I've posted now.

Any ideas?

I think the most likely thing here is that the kibana user does not have the appropriate priviledges. But I am not sure how or where to modify that on the stack. Am I on the right track here?

ah ha! You've run into a common "gotcha". The kibana user is intentionally not authorized to access Kibana itself. This user is one one you set in your kibana.yml for elasticsearch.username:

elasticsearch.username: kibana
elasticsearch.password: changeme

This account is what we call the "kibana system" user. We have an open issue to change this to make it clearer: https://github.com/elastic/kibana/issues/25879

To actually login to kibana, you need to use an account with the appropriate privileges. Since you're just getting started, I'd recommend logging in with the built-in elastic superuser. Can you give that a try and let me know how you make out?

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.