Problems enabling authentication to elasticsearch

Rodrigo_Ceballos · June 12, 2020, 7:57pm

Hi.

We are new to this tool and enable elastic and kibana, however I have not been able to enable security, to make us register with a user in Kibana. I did the following to enable security:

1.- I stopped Kibana and Elastic
2.- Add xpack.security.enabled: true to file elasticsearch.yml
3.- I enable option elasticsearch.username and elasticsearch.password on file kibana.yml
elasticsearch.username: "kibana"
elasticsearch.password: "pass"
4.- I started Elastic and Kibana

In Kibana log (kibana.stdout) I get the following error

"{"type":"log","@timestamp":"2020-06-12T18:02:41Z","tags":["error","savedobjects-service"],"pid":13036,"message":"Unable to retrieve version information from Elasticsearch nodes."}
{"type":"log","@timestamp":"2020-06-12T18:03:11Z","tags":["warning","plugins","licensing"],"pid":13036,"message":"License information could not be obtained from Elasticsearch due to [security_exception] failed to authenticate user [kibana], with { header={ WWW-Authenticate="Basic realm=\"security\" charset=\"UTF-8\"" } } :: {"path":"/_xpack","statusCode":401,"response":"{\"error\":{\"root_cause\":[{\"type\":\"security_exception\",\"reason\":\"failed to authenticate user [kibana]\",\"header\":{\"WWW-Authenticate\":\"Basic realm=\\\"security\\\" charset=\\\"UTF-8\\\"\"}}],\"type\":\"security_exception\",\"reason\":\"failed to authenticate user [kibana]\",\"header\":{\"WWW-Authenticate\":\"Basic realm=\\\"security\\\" charset=\\\"UTF-8\\\"\"}},\"status\":401}","wwwAuthenticateDirective":"Basic realm=\"security\" charset=\"UTF-8\""} error"}
"
In Elastic log (elasticsearch.log):

"[2020-06-12T14:01:59,289][INFO ][o.e.c.r.a.AllocationService] [DataLake.localdomain] Cluster health status changed from [RED] to [YELLOW] (reason: [shards started [[.apm-agent-configuration][0]]]).
[2020-06-12T14:02:41,251][INFO ][o.e.x.s.a.AuthenticationService] [DataLake.localdomain] Authentication of [kibana] was terminated by realm [reserved] - failed to authenticate user [kibana]
"
I would appreciate if you can help me

Regards

Rodrigo

corey.robertson · June 12, 2020, 9:05pm

Hi @Rodrigo_Ceballos

See the documentation for Enabling Security. Did you run the step to set all the system passwords? After doing that, you should be able to update kibana.yml with username kibana_system and whatever password you gave.

Hope that helps.

tenet_testuser1 · June 12, 2020, 9:18pm

I ran the x-pack password auto command this morning... I did not see the username as kibana_system.

Am I missing something?

corey.robertson · June 15, 2020, 1:36pm

@tenet_testuser1 Yes I believe you are correct. I was using version 7.8 which introduces the kibana_system user, previous versions should be just kibana as you said.

You should be running the command on elasticsearch bin/elasticsearch-setup-passwords interactive to setup the accounts. This will be the account Kibana uses to access Elasticsearch, not for you to use to sign in to Kibana.

Rodrigo_Ceballos · June 15, 2020, 2:36pm

thanks for the info. I was able to enable security without problems with the data you gave me.

Regards Rodrigo

tenet_testuser1 · June 15, 2020, 10:46pm

I would like my web application, written in react, with users authenticated via oauth too be able to view kibana reports.

The kibana reports are invoked via menu options in the react app. The concept works!!!! But there are couple of issues. Need help.

I want to lock down any kibana, es, logstash access. Currently, users can access management console. How do I secure this.
Ideally, when the user logs on to the app, I want them to be able to run/view kibana reports by logging in as a read only user in kibana... This should be seamless, behind the scenes. How do I accomplish this?

I noticed, the dashboard role is deprecated in 7.7

Thanks

system · July 13, 2020, 10:54pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.