Security Exception in ES


(Alexander Sombillo) #1

Hello,

We have enabled Elastic Shield on our Elasticsearch plugin, however we are unable to create restorepoints as seen below.

Problem is, it keeps giving us a security exception when the acct has all the priveleges possible.

I tried googling the WWW-Authenticate, but it just points to ES's Documentation.

Can you guys help me on determining why cant this user access the Snapshots? I want to view them first before I create some snapshots. :smiley:

Thanks,


(Mark Walkom) #2

Can you provide the role and role mapping for the user?


(David Pilato) #3

Yeah a common error (I ran into it) is to invert roles and users in role_mapping.yml...


(Alexander Sombillo) #4

Hey,

@warkolm, @dadoonet

Appreciate the Help, but apologies from my end. Was a typo on my end, I am probably dyslexic now.
:slight_smile:

It is working now, just probably gonna take this Topic down.

Thanks,


(srikanth) #5

I face the same error when i try to perform any operation in ES-5.0.0

Ex:
curl -XPOST 'localhost:9200/elk/elastic?pretty' -d '

{
"tag" : "working out with ES"
}'

Result:
{
"error" : {
"root_cause" : [
{
"type" : "security_exception",
"reason" : "missing authentication token for REST request [/elk/elastic?pretty]",
"header" : {
"WWW-Authenticate" : "Basic realm="security" charset="UTF-8""
}
}
],
"type" : "security_exception",
"reason" : "missing authentication token for REST request [/elk/elastic?pretty]",
"header" : {
"WWW-Authenticate" : "Basic realm="security" charset="UTF-8""
}
},
"status" : 401
}

role_mapping.yml:

Role mapping configuration file which has elasticsearch roles as keys

that map to one or more user or group distinguished names

#roleA: this is an elasticsearch role

- groupA-DN this is a group distinguished name

- groupB-DN

- user1-DN this is the full user distinguished name

#power_user:

- "cn=admins,dc=example,dc=com"

#user:

- "cn=users,dc=example,dc=com"

- "cn=admins,dc=example,dc=com"

- "cn=John Doe,cn=other users,dc=example,dc=com"

what do i do to make it work,Please do help


(Mark Walkom) #6

Please start your own thread.


(Mark Walkom) #7