Hello, I'm trying to create my custom kibana plugin and I'm having difficulties setting up the dev environnement. I'm working on a debian 9 vm and have followed the kibana contributing guide.
after forking and clonning the kibana project (master branch) I used the following commands inside the kibana directory :
-
yarn kbn bootstrap
-
yarn es snapshot
-
yarn start
I logged in with the default login and password (kibana and changeme) and I get a 403 error on the page.
I checked the logs and found the following information :
server error [14:50:58.982] [debug][auth][security][session] Error: Unauthorized
at validate (/home/exploit/kibana/node_modules/hapi-auth-cookie/lib/index.js:153:49)
at Object.authenticate (/home/exploit/kibana/node_modules/hapi-auth-cookie/lib/index.js:226:26)
at module.exports.internals.Manager.execute (/home/exploit/kibana/node_modules/hapi/lib/toolkit.js:35:106)
at module.exports.internals.Auth.test (/home/exploit/kibana/node_modules/hapi/lib/auth.js:92:54)
at Session.test [as get] (/home/exploit/kibana/x-pack/legacy/plugins/security/server/lib/authentication/session.ts:63:46)
at Authenticator.get [as getSessionValue] (/home/exploit/kibana/x-pack/legacy/plugins/security/server/lib/authentication/authenticator.ts:265:43)
at Authenticator.getSessionValue [as authenticate] (/home/exploit/kibana/x-pack/legacy/plugins/security/server/lib/authentication/authenticator.ts:157:40)
at Object.authenticate (/home/exploit/kibana/x-pack/legacy/plugins/security/server/lib/authentication/authenticator.ts:293:19)
at authenticate (/home/exploit/kibana/x-pack/legacy/plugins/security/server/routes/api/v1/authenticate.js:34:68)
at module.exports.internals.Manager.execute (/home/exploit/kibana/node_modules/hapi/lib/toolkit.js:35:106)
at Object.internals.handler (/home/exploit/kibana/node_modules/hapi/lib/handler.js:50:48)
at exports.execute (/home/exploit/kibana/node_modules/hapi/lib/handler.js:35:36)
at Request._lifecycle (/home/exploit/kibana/node_modules/hapi/lib/request.js:263:62)
at process._tickCallback (internal/process/next_tick.js:68:7)
server log [14:50:59.022] [debug][basic][security] Trying to authenticate user request to /api/security/v1/login.
server log [14:50:59.024] [debug][basic][security] Trying to authenticate via login attempt.
server log [14:50:59.038] [debug][plugin] Checking Elasticsearch version
server log [14:50:59.055] [debug][basic][security] Request has been authenticated via login attempt.
server respons [14:50:58.952] POST /api/security/v1/login 204 139ms - 9.0B
server log [14:50:59.140] [debug][basic][security] Trying to authenticate user request to /.
server log [14:50:59.144] [debug][basic][security] Trying to authenticate via login attempt.
server log [14:50:59.147] [debug][basic][security] Username and password not found in payload.
server log [14:50:59.148] [debug][basic][security] Trying to authenticate via header.
server log [14:50:59.150] [debug][basic][security] Authorization header is not presented.
server log [14:50:59.172] [debug][basic][security] Trying to authenticate via state.
server log [14:50:59.180] [debug][basic][security] Request has been authenticated via state.
server log [14:50:59.210] [debug][plugins][spaces] SpacesClient.getAll(), using RBAC. Found 1 spaces
server log [14:50:59.437] [debug][plugins][spaces] SpacesClient.getAll(), authorized for 0 spaces, derived from ES privilege check: {"default":{"login:":false}}
server log [14:50:59.438] [debug][plugins][spaces] SpacesClient.getAll(), using RBAC. returning 403/Forbidden. Not authorized for any spaces.
server log [14:50:59.444] [debug][license][xpack] Calling [data] Elasticsearch _xpack API. Polling frequency: 30001
server respons [14:50:59.124] GET / 403 529ms - 9.0B
It seems the authentication has not been taken into account, I've tried disabling it but without success.