Setup AD authentication

security

#1

I am new to ELK, I am trying to setup AD authentication but has run into issues. I am seeing the following error in my log.
failed to parse role [admin]. skipping role...
failed to parse role [power_user]. skipping role..

My roles.yml config file

All cluster rights

All operations on all indices

admin:
cluster: all
indices:
'*': all

Monitoring cluster privileges

All operations on all indices

power_user:
cluster: monitor
indices:
'*': all

When I try to log into Kibana as the AD user I get the following

{"message":"action [indices:data/read/search] is unauthorized for user [es_svc_user@example.dom]: [security_exception] action [indices:data/read/search] is unauthorized for user [es_svc_user@example.dom]","statusCode":403,"error":"Forbidden"}

Any hep will be appreciated


(Ioannis Kakavas) #2

Hi,

As the error message is clearly saying, your role definitions are wrong and your user gets authenticated but is not authorized to do anything because they have no roles, thus no permissions. It's really hard for us to see what is wrong right now, so please update your post and add the text you copied from your roles.yml as preformatted text using the </> button. It's probably your indices field missing a namesand aprivileges subfield. See our documentation about defining roles, this will help you immensely.

Defining the roles is step 1, you also need to setup the role mappings which are the rules that dictate which user get what roles, see our documentation

Finally, we'd suggest that you use the Role Management APIs and the Role Mapping API instead of the file based roles and mappings.