Session Expired in kibana after installing certificates

olorasde · March 6, 2017, 9:00am

Hi,

I recently installed the certificates (the crt and key files) in my kibana installation (version 5.1.1) and after a few seconds of apparent correct operation, Kibana closes the session indicating that it is expired.

Reviewing the Kibana log a bit, these messages appear to me:

...
{"type":"response","@timestamp":"2017-03-06T08:45:44Z","tags":[],"pid":29606,"method":"get","statusCode":304,"req":{"url":"/plugins/kibana/assets/wrench.svg","method":"get","headers":{"host":"kibana-server:5601","connection":"keep-alive","user-agent":"Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/56.0.2924.87 Safari/537.36","accept":"image/webp,image/,/;q=0.8","referer":"https://kibana-server:5601/login?next=%2Fapp%2Fkibana%23%2Fdashboard%3F_g%3D()&msg=SESSION_EXPIRED","accept-encoding":"gzip, deflate, sdch, br","accept-language":"es-ES,es;q=0.8","if-none-match":""088a9a98c99e406dca2354af14f688ad84826b97-gzip"","if-modified-since":"Tue, 06 Dec 2016 13:06:25 GMT"},"remoteAddress":"10.188.177.100","userAgent":"10.188.177.100","referer":"https://kibana-server:5601/login?next=%2Fapp%2Fkibana%23%2Fdashboard%3F_g%3D()&msg=SESSION_EXPIRED"},"res":{"statusCode":304,"responseTime":2,"contentLength":9},"message":"GET /plugins/kibana/assets/wrench.svg 304 2ms - 9.0B"}
{"type":"response","@timestamp":"2017-03-06T08:45:44Z","tags":[],"pid":29606,"method":"get","statusCode":304,"req":{"url":"/plugins/monitoring/monitoring.svg","method":"get","headers":{"host":"kibana-server:5601","connection":"keep-alive","user-agent":"Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/56.0.2924.87 Safari/537.36","accept":"image/webp,image/,/;q=0.8","referer":"https://kibana-server:5601/login?next=%2Fapp%2Fkibana%23%2Fdashboard%3F_g%3D()&msg=SESSION_EXPIRED","accept-encoding":"gzip, deflate, sdch, br","accept-language":"es-ES,es;q=0.8","if-none-match":""5123718863c7374e8313a78750040fbc65440756-gzip"","if-modified-since":"Thu, 12 Jan 2017 11:37:20 GMT"},"remoteAddress":"10.188.177.100","userAgent":"10.188.177.100","referer":"https://kibana-server:5601/login?next=%2Fapp%2Fkibana%23%2Fdashboard%3F_g%3D()&msg=SESSION_EXPIRED"},"res":{"statusCode":304,"responseTime":4,"contentLength":9},"message":"GET /plugins/monitoring/monitoring.svg 304 4ms - 9.0B"}
{"type":"response","@timestamp":"2017-03-06T08:45:44Z","tags":[],"pid":29606,"method":"get","statusCode":304,"req":{"url":"/plugins/kibana/assets/settings.svg","method":"get","headers":{"host":"kibana-server:5601","connection":"keep-alive","user-agent":"Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/56.0.2924.87 Safari/537.36","accept":"image/webp,image/,/;q=0.8","referer":"https://kibana-server:5601/login?next=%2Fapp%2Fkibana%23%2Fdashboard%3F_g%3D()&msg=SESSION_EXPIRED","accept-encoding":"gzip, deflate, sdch, br","accept-language":"es-ES,es;q=0.8","if-none-match":""4f859e27d4917026ff1590805887902b14ce79d5-gzip"","if-modified-since":"Tue, 06 Dec 2016 13:06:25 GMT"},"remoteAddress":"10.188.177.100","userAgent":"10.188.177.100","referer":"https://kibana-server:5601/login?next=%2Fapp%2Fkibana%23%2Fdashboard%3F_g%3D()&msg=SESSION_EXPIRED"},"res":{"statusCode":304,"responseTime":3,"contentLength":9},"message":"GET /plugins/kibana/assets/settings.svg 304 3ms - 9.0B"}
{"type":"response","@timestamp":"2017-03-06T08:45:44Z","tags":[],"pid":29606,"method":"get","statusCode":304,"req":{"url":"/plugins/security/images/person.svg","method":"get","headers":{"host":"kibana-server:5601","connection":"keep-alive","user-agent":"Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/56.0.2924.87 Safari/537.36","accept":"image/webp,image/,/;q=0.8","referer":"https://kibana-server:5601/login?next=%2Fapp%2Fkibana%23%2Fdashboard%3F_g%3D()&msg=SESSION_EXPIRED","accept-encoding":"gzip, deflate, sdch, br","accept-language":"es-ES,es;q=0.8","if-none-match":""becef0294f6fdb73b9bf3ce52750e7e1b246e88f-gzip"","if-modified-since":"Thu, 12 Jan 2017 11:37:21 GMT"},"remoteAddress":"10.188.177.100","userAgent":"10.188.177.100","referer":"https://kibana-server:5601/login?next=%2Fapp%2Fkibana%23%2Fdashboard%3F_g%3D()&msg=SESSION_EXPIRED"},"res":{"statusCode":304,"responseTime":5,"contentLength":9},"message":"GET /plugins/security/images/person.svg 304 5ms - 9.0B"}
{"type":"response","@timestamp":"2017-03-06T08:45:44Z","tags":[],"pid":29606,"method":"get","statusCode":304,"req":{"url":"/plugins/security/images/logout.svg","method":"get","headers":{"host":"kibana-server:5601","connection":"keep-alive","user-agent":"Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/56.0.2924.87 Safari/537.36","accept":"image/webp,image/,/*;q=0.8","referer":"https://kibana-server:5601/login?next=%2Fapp%2Fkibana%23%2Fdashboard%3F_g%3D()&msg=SESSION_EXPIRED","accept-encoding":"gzip, deflate, sdch, br","accept-language":"es-ES,es;q=0.8","if-none-match":""668bb08fe12a79ded121708cef3beebc475a2bea-gzip"","if-modified-since":"Thu, 12 Jan 2017 11:37:21 GMT"},"remoteAddress":"10.188.177.100","userAgent":"10.188.177.100","referer":"https://kibana-server:5601/login?next=%2Fapp%2Fkibana%23%2Fdashboard%3F_g%3D()&msg=SESSION_EXPIRED"},"res":{"statusCode":304,"responseTime":3,"contentLength":9},"message":"GET /plugins/security/images/logout.svg 304 3ms - 9.0B"}
...

In my kibana.yml the only thing I added is:

server.ssl.cert: /data/conf/kibana/certificates/file.crt
server.ssl.key: /data/conf/kibana/certificates/file.key

That matches the location of my files with the certificates.

I have tried following the steps described here https://www.elastic.co/guide/en/x-pack/current/kibana.html although really, just needing the https configuration between kibana and the browser, I have only executed the step 3.

If I set the variable:

Xpack.security.encryptionKey: "ueurd9jwerdw8erudw9ruw8e9jdrewhj"

I do not get this error, but all the pages in kibana are blank, with no content.

Any ideas?

Thank you,

olorasde · March 6, 2017, 9:01am

As additional information, I have xpack installed in kibana and also in elasticsearch.

jbudz · March 7, 2017, 6:49pm

If xpack.security.encryptionKey isn't set, a new one will randomly be generated on startup causing previous sessions to be invalidated when the server is restarted. Setting xpack.security.encryptionKey is the right path to fix that. Can you share more details on the encryptionKey error? If you open the browser's developer tools are there any console errors and are there any errors logged from the kibana server?

olorasde · March 8, 2017, 9:22am

Hi jbudz,

Thanks for your answer.

We have seen that simply letting it happen 24h, access by https works correctly.

We assume that it must be what you say, that we did not define the variable Xpack.security.encryptionKey and for that reason it failed us.

We assume that, since it is not defined and generated automatically, somehow until the previous one does not expire, it does not end up functioning properly the access.

When I can get back to this subject I will tell you more about the lack of content in the browser when we decided on the variable.

Regards,

system · April 5, 2017, 9:23am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.