Security Exception when Running Sample Security Plugin

Elastic Stack Elasticsearch
1

I have followed the steps from This post

But at the step to authenticate using this command:
curl "localhost:9200/_xpack/security/_authenticate"
-H "x-web-store-claims: $ClaimJson" -H "x-web-store-sig: $ClaimSig"

I get the following error:
{"error":{"root_cause":[{"type":"security_exception","reason":"missing authentication credentials for REST request [/_xpack/security/_authenticate]","header":{"WWW-Authenticate":"Basic realm="security" charset="UTF-8""}}],"type":"security_exception","reason":"missing authentication credentials for REST request [/_xpack/security/_authenticate]","header":{"WWW-Authenticate":"Basic realm="security" charset="UTF-8""}},"status":401}

It looks like the elasticsearch instance is not using the custom realm, but I do not know the reason. I have followed every steps in the tutorial (to my best knowledge), please let me know if I have missed anything.

2

Since you haven't provided any details about the steps you took, it is impossible for us to offer any specific advice.

3

The steps are all described in the blog post I've linked.

I'll also describe what I did below:

  1. Build the plugin with mvn package, which generates a .zip file
  2. start up elasticsearch using docker-compose up
  3. copy the .zip file into the container
  4. install the plugin using bin/elasticsearch-plugin command
  5. replace the elasticsearch.yml file with the settings described in the blog post
  6. restart the container
  7. try the curl command in my original post

Here are my docker-compose.yml and elasticsearch.yml:

docker-compose.yml:
version: '3'

services:
elasticsearch:
image: elasticsearch_backup:latest
container_name: elasticsearch_secured
#volumes:
#- ./config/elasticsearch.yml:/usr/share/elasticsearch/config/elasticsearch.yml
environment:
- discovery.type=single-node
- xpack.security.enabled=true
ports:
- 9200:9200

kibana:
image: docker.elastic.co/kibana/kibana:7.5.0
container_name: kibana_secured
environment:
ELASTICSEARCH_USERNAME: elastic
ELASTICSEARCH_PASSWORD: UzpQs3XkdoLrv31sycoC
ports:
- 5601:5601

elasticsearch.yml:
cluster.name: "docker-cluster"
network.host: 0.0.0.0
xpack.security.authc.realms:
file.file:
order: 0

native.native:
order: 1

webstore.webstore:
certificate: webstore/webstore.crt

4

I know the steps in the blog post - I wrote it.
I also know that those steps work, which is why you need to describe what you did so that we can work out where you might have deviated from the steps described in that blog.

I think the most likely problem here is that you're trying to do this in docker, and mess with the yml file inside the container. My guess is that the yml you are editing isn't actually used by the elasticsearch process in the container.

The other issue you have is that plugin code in the blog post generates a plugin for Elasticsearch 6.3, it looks like you are running Elasticsearch 7.5. How did you update the code for the newer version?

5

The problems you mentioned had all been addressed before I asked the question. I tried the ES setup on Windows as well and it did not work either. As of the plugin code, I referred to the breaking changes page of 7.0 and updated the code accordingly.
Could you please provide your docker-compose.yml (if you used one) as well as the elasticsearch.yml?
Also, just making sure, does this security plugin work on free version?
Thanks

6

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.