Shield with no SSL - Unable to login to Kibana

security

(miss) #1

I am unable to log into Kibana, I have added below role
**** esuser utility**

my_kibana_user:
cluster:
- monitor
indices:
- names: 'logstash-'
privileges:
- view_index_metadata
- read
- names: '.kibana
'
privileges:
- manage
- read
- index

***Users.roles
my_kibana_user:mis###

***Kibana.yml

elasticsearch.username: "kibana"
elasticsearch.password: "kibana123"

shield.encryptionKey: "secret"
shield.skipSslCheck: true
elasticsearch.ssl.verify: false

I restarted kibana and logging into my localhost:5601, asking for username and password; If I enter a wrong username password, UI showing me wrong user name or password. However, after successful authentication it simply stays in login page and not taking to Kibana dashboard. What I am doing wrong, any help please.

Simply Stays in this page after successful authentication


(Jay Modi) #2

The Kibana plugin for shield requires SSL as it uses a cookie with a secure flag. This is taken directly from the documentation for shield.skipSslCheck at https://www.elastic.co/guide/en/shield/current/kibana.html:

Advanced setting. Set to true to enable Kibana to start if server.ssl.cert and server.ssl.key are not specified in kibana.yml. This should only be used if SSL is configured outside of Kibana—for example, you are routing requests through a load balancer or proxy. You must still connect to the Kibana server via HTTPS when using the Shield UI plugin. If you attempt to access Kibana via HTTP, you’ll be stuck at the login screen indefinitely.


(miss) #3

Appreciate it @jaymode , it seems like there is no way to work around SSL with shield. I will go and create a self signed certificate.


(system) #4