Unable to grant an API Key, request does not contain an authorization header

Elastic Stack Kibana
,
1

I have configured the ELK SIEM in Security Onion setup but while adding new rules (security>detection>manage detection rules>create new rule> create and activate rule) I am facing subjected error-
image

I can confirm prerequisite are configured.
Here is my config-
elasticsearch.yml

{%- set NODE_ROUTE_TYPE = salt['pillar.get']('elasticsearch:node_route_type', 'hot') %}
    {%- set NODEIP = salt['pillar.get']('elasticsearch:mainip') %}
    {%- set TRUECLUSTER = salt['pillar.get']('elasticsearch:true_cluster', False) %}
    {%- if TRUECLUSTER is sameas true %}
      {%- set ESCLUSTERNAME = salt['pillar.get']('elasticsearch:true_cluster_name') %}
    {%- else %}
      {%- set ESCLUSTERNAME = salt['pillar.get']('elasticsearch:esclustername') %}
    {%- endif %}
    {%- set NODE_ROLES = salt['pillar.get']('elasticsearch:node_roles', ['data', 'ingest']) %}
    cluster.name: "{{ ESCLUSTERNAME }}"
    network.host: 0.0.0.0
    path.logs: /var/log/elasticsearch
    action.destructive_requires_name: true
    transport.bind_host: 0.0.0.0
    transport.publish_host: {{ grains.host }}
    transport.publish_port: 9300
    cluster.routing.allocation.disk.threshold_enabled: true
    cluster.routing.allocation.disk.watermark.low: 95%
    cluster.routing.allocation.disk.watermark.high: 98%
    cluster.routing.allocation.disk.watermark.flood_stage: 98%
    xpack.ml.enabled: false
    xpack.security.enabled: true
    xpack.security.transport.ssl.enabled: true
    xpack.security.transport.ssl.verification_mode: none
    xpack.security.transport.ssl.key: /usr/share/elasticsearch/config/elasticsearch.key
    xpack.security.transport.ssl.certificate: /usr/share/elasticsearch/config/elasticsearch.crt
    xpack.security.transport.ssl.certificate_authorities: [ "/usr/share/elasticsearch/config/ca.crt" ]
    xpack.security.http.ssl.enabled: true
    xpack.security.http.ssl.client_authentication: none
    xpack.security.http.ssl.key: /usr/share/elasticsearch/config/elasticsearch.key
    xpack.security.http.ssl.certificate: /usr/share/elasticsearch/config/elasticsearch.crt
    xpack.security.http.ssl.certificate_authorities: /usr/share/elasticsearch/config/ca.crt
    xpack.security.authc:
      anonymous:
        username: *del-uname*
        roles: superuser
        authz_exception: true
    node.name: {{ grains.host }}
    script.max_compilations_rate: 1000/1m
    {%- if TRUECLUSTER is sameas true %}
      {%- if grains.role == 'so-manager' %}
        {%- if salt['pillar.get']('nodestab', {}) %}
    node.roles: [ master, data, remote_cluster_client ]
    discovery.seed_hosts:
       - {{ grains.master }}
          {%- for SN, SNDATA in salt['pillar.get']('nodestab', {}).items() %}
       - {{ SN.split('_')|first }}
          {%- endfor %}
        {%- endif %}
      {%- else %}
    node.roles: {{ NODE_ROLES }}
    node.attr.box_type: {{ NODE_ROUTE_TYPE }}
    discovery.seed_hosts:
       - {{ grains.master }}
      {%- endif %}
    {%- endif %}
    {%- if TRUECLUSTER is sameas false %}
    node.attr.box_type: {{ NODE_ROUTE_TYPE }}
    {%- endif %}
    indices.query.bool.max_clause_count: 1500

kibana.yml

{%- set ES = salt['pillar.get']('manager:mainip', '') -%}
    server.name: kibana
    server.host: "0"
    server.basePath: /kibana
    elasticsearch.hosts: [ "https://{{ ES }}:9200" ]
    elasticsearch.ssl.verificationMode: none
    xpack.encryptedSavedObjects.encryptionKey: *del_key*
    xpack.reporting.encryptionKey: *del_key*
    xpack.security.encryptionKey: *del_key*
    elasticsearch.requestTimeout: 90000
    logging.dest: /var/log/kibana/kibana.log
    telemetry.enabled: false
    security.showInsecureClusterWarning: false
    xpack.security.authc.providers:
      anonymous.anonymous1:
        order: 0
        credentials: "del"
2

It looks like you're using anonymous authentication to Kibana is that correct?

Can you also confirm what version of Kibana you are using?

1 Like
3

yes it is anonymous authentication.

xpack.security.authc:
  anonymous:

Kibana version 7.11.2

4

Nothing wrong with anonymous authentication right?

5

Hey @Nil_Battey_Sannata, how are your credentials defined for anonymous access? If you're using an API Key, then this is an expected limitation. You can tell if you're using an API Key if your auth provider is configured in either of the following ways:

xpack.security.authc.providers:
  anonymous.anonymous1:
    order: 0
    credentials:
      apiKey: your_key_here

xpack.security.authc.providers:
  anonymous.anonymous1:
    order: 0
    credentials:
      apiKey.id: your_key_id
      apiKey.key: your_key_secret

If you're using either of those configurations, can you try switching to the username/password format instead, and let us know if that works?

xpack.security.authc.providers:
  anonymous.anonymous1:
    order: 0
    credentials:
      username: your_anonymous_username
      password: your_anonymous_password
1 Like
6

This is current authentication config. It has credentials and not API key.
elasticsearch.yml

xpack.security.authc:
  anonymous:
    username: uname
    roles: superuser
    authz_exception: true

kibana.yml

xpack.security.authc.providers:
  anonymous.anonymous1:
    order: 0
    credentials: "elasticsearch_anonymous_user"
7

Hi @Larry_Gregory Can you please take a look at config?

8

This solved my problem. Thanks for support!

credentials:
      username: your_anonymous_username
      password: your_anonymous_password
9

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.