[Shield] Kibana error on startup


(Pierre Jacquot) #1


I'm trying to use Shield with elasticSearch and kibana, but I get the following error when I launch kibana

"level":50,"err":{"message":"AuthorizationException[action [cluster:monitor/health] is unauthorized for user [XXXXX]]","name":"Error","stack":"Error: AuthorizationException[action [cluster:monitor/health] is unauthorized for user [XXXXX]]

I have follow the instruction describe is the topic bellow without any success :

Here is the elasticSearch configuration related to shield :
shield.authc.realms.default.type: esusers
shield.authc.realms.default.order: 0
shield.authc.realms.default.files.users: /etc/elasticsearch/shield/user
shield.authc.realms.default.files.users_roles: /etc/elasticsearch/shield/users_roles
shield.authc.realms.default.files.roles: /etc/elasticsearch/shield/roles

and the content of /etc/elasticsearch/shield/user file

here is the content of users_roles file :

roles files have not been updated, and I have try multiple test with admin and kibana4 roles without success.
Anyone have an idea of the origin of this issue ?

(Jay Modi) #2

Hi Pierre,

I am sorry that you have not had success getting Kibana to work with Shield, lets work on resolving that. What did you configure in your kibana.yml? What versions of Kibana, Elasticsearch, and Shield are you using?

Are you able to issue curl commands to the elasticsearch node protected by shield with success?


(Pierre Jacquot) #3


I'm sorry for the missing information.
Here is a quick view of the product versions :

Elastic search : Version: 1.7.0, Build: 929b973/2015-07-16T14:31:07Z, JVM: 1.8.0_40
Kibana : Version : 4.1.1
Shield : Version 1.3.2

Here is the content of my kybana.yml file

port: 5601
host: ""
elasticsearch_url: "http://localhost:9200"
elasticsearch_preserve_host: true
kibana_index: ".kibana"
kibana_elasticsearch_username: toto
kibana_elasticsearch_password: aaaaaa
default_app_id: "discover"
request_timeout: 300000
shard_timeout: 0
verify_ssl: true
 - plugins/dashboard/index
 - plugins/discover/index
 - plugins/doc/index
 - plugins/kibana/index
 - plugins/markdown_vis/index
 - plugins/metric_vis/index
 - plugins/settings/index
 - plugins/table_vis/index
 - plugins/vis_types/index
 - plugins/visualize/index

I have tested connection use the folllowing url and it's works

curl -u toto:aaaaaa http://localhost:9200
"status" : 200,
"name" : "ELK INT",
"cluster_name" : "elasticsearch",
"version" : {
"number" : "1.7.0",
"build_hash" : "929b9739cae115e73c346cb5f9a6f24ba735a743",
"build_timestamp" : "2015-07-16T14:31:07Z",
"build_snapshot" : false,
"lucene_version" : "4.10.4"
"tagline" : "You Know, for Search"

(Jay Modi) #4

Can you try to curl http://localhost:9200/_cluster/health instead? The root URL only requires authentication and not authorization.

(Pierre Jacquot) #5


I have test it, and I get an error of authorization also.
I have checked the following parameters

> shield.authc.realms.default.files.roles: /etc/elasticsearch/shield/roles

and correct it with

shield.authc.realms.default.files.roles: /etc/elasticsearch/shield/roles.yml

but I still have an issue.


(Jay Modi) #6

Ah, I think the issue is that setting should be:

shield.authz.store.file.roles: /etc/elasticsearch/shield/roles.yml

(Pierre Jacquot) #7

Hello Jaymode,

I have updated the line as you tell me to do and it's works as expected !
Thanks for your help !

(system) #8