Status code 403 unauthorized for user [_anonymous] is returned for anonymous user with a custom role which is Stack Management plugin not displayed

Elastic Stack Kibana
1

Is that possible to configure Elasticsearch and Kibana for anonymous user with a custom role which is Stack Management plugin in NOT displayed when security is turned off? Many thanks in advance.

Below are my steps:

  1. Create a custom role
    curl -XPUT http://server:9200/security/role/CUSTOM_ROLE -H 'Content-Type: application/json' -d'
    {
    "cluster" : ,
    "indices" : [
    {
    "names" : ,
    "privileges" : [
    "view_index_metadata",
    "read"
    ],
    "field_security" : {
    "grant" : [
    "*"
    ],
    "except" :
    },
    "allow_restricted_indices" : false
    }
    ],
    "applications" : [
    {
    "application" : "kibana-.kibana",
    "privileges" : [
    "feature_discover.all",
    "feature_dashboard.all",
    "feature_canvas.all",
    "feature_maps.all",
    "feature_ml.all",
    "feature_graph.all",
    "feature_visualize.all"
    ],
    "resources" : [
    "space:default"
    ]
    }
    ],
    "run_as" : ["_anonymous"],
    "metadata" : { },
    "transient_metadata" : {
    "enabled" : true
    }
    }
    '

  2. Set up in ElasticSearch.yml with

  • xpack.security.authc.anonymous.username: _anonymous
  • xpack.security.authc.anonymous.roles: CUSTOM_ROLE
  1. Set up in Kibana.yml with
  • xpack.security.enabled: false

*** Actual Result:

  • Kibana UI returns with {"statusCode":403,"error":"Forbidden","message":"action [indices:data/read/search] is unauthorized for user [_anonymous]: security_exception"}

  •      Kibana’s log returns ",\"statusCode\":403,\"response\":\"{\\\"error\\\":{\\\"root_cause\\\":[{\\\"type\\\":\\\"security_exception\\\",\\\"reason\\\":\\\"action [cluster:monitor/xpack/info] is unauthorized for user [_anonymous]”
2

Hello!

I believe in the kibana.yml file you actually need to leave xpack.security.enabled: true and also set:

xpack.security.authc.providers:
  anonymous.anonymous1:
    order: 0
    credentials: "_anonymous"

FYI the docs for this feature in Kibana are here: Authentication in Kibana | Kibana Guide [7.11] | Elastic

3

@joshdover Thanks so much for response.
Unfortunately I am still getting error 403 when xpack.security.enabled: true and xpack.security.authc.providers:
anonymous.anonymous1:
order: 0
credentials: "elastisearch_anonymous_user"

4

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.