I encounter a trouble in the Shield installation
My installation is based on
- ElasticSearch 2.2.0
- Shield 2.2.0
/usr/share/elasticsearch/bin/plugin install file:///data/ELK/sources/plugin-shield/shield-2.2.0.zip /usr/share/elasticsearch/bin/shield/esusers useradd admin -p mypassword -r admin /usr/share/elasticsearch/bin/shield/esusers useradd user -p mypassword -r user /usr/share/elasticsearch/bin/shield/esusers useradd kibana4-server -r kibana4_server -p mypassword /data/ELK/kibana/bin/kibana plugin -i shield -u file:///data/ELK/sources/plugin-shield/shield-2.2.0.tar.gz
The user "user" belongs to the group "user":
## Read-only operations on indices #user: # indices: # '*': # privileges: read
I put in
shield: authc: realms: esusers1: type: esusers order: 0 shield.audit.enabled: true
elasticsearch.username: kibana4-server elasticsearch.password: mypassword # SSL for outgoing requests from the Kibana Server to the browser (PEM formatted) server.ssl.cert: /data/ELK/sslcert/mycert.crt server.ssl.key: /data/ELK/sslcert/mycert.key shield.encryptionKey: "mypassphrase" shield.sessionTimeout: 600000
When I open https: //xx.xx.xx.xx:5600
I get the login window.
I can log but I have 2 problems
With a user that does not exist I'm logged correctly ... It's very strange!
When I connect with the user "user" which belongs to the group "user", I can delete indice. But with the "user" role privileges, it supposed to be refused!
http: //xx.xx.xx.xx:5600 is already open. I don't have any login windows to access of elasticsearch web interface
Can you help me ?