Unable to log in elastic using the non-default user's username and password

pingz · January 29, 2020, 3:15am

I was able to successfully create a user 'test1' and assign it the superuser role.
Execute rest api
POST /_security/user/test1?pretty
{
"password" : "test@1",
"roles" : [ "superuser"],
"full_name" : "Test User",
"email" : "testuser@example.com",
"metadata" : {
"intelligence" : 7
}
}

The user is successfully created
{
"created" : true
}

But when I tried to invoke elastic api using the newly created user 'test1', I got the following error

curl -u test1:test@1 https://es.endpoint
{"error":{"root_cause":[{"type":"security_exception","reason":"unable to authenticate user [test1] for REST request [/]","header":{"WWW-Authenticate":"Basic realm="security" charset="UTF-8""}}],"type":"security_exception","reason":"unable to authenticate user [test1] for REST request [/]","header":{"WWW-Authenticate":"Basic realm="security" charset="UTF-8""}},"status":401}

My elastic stack was set up using the following configuration. The default elastic user works fine. Any idea why test1 does not work?

apiVersion: elasticsearch.k8s.elastic.co/v1
kind: Elasticsearch
metadata:
name: quickstart
namespace: log-server
spec:
version: 7.5.1
http:
tls:
selfSignedCertificate:
disabled: true
nodeSets:

name: default
count: 3
config:
xpack.security.authc:
anonymous:
username: anonymous
roles: superuser
authz_exception: false

pingz · January 29, 2020, 7:08pm

Figured out myself. This is due to the license. With basic license, I must explicitly set xpack.security.enabled: true

sebgl · January 30, 2020, 8:56am

xpack.security.enabled: true is supposed to be set by ECK, by default.
Are you saying it works when you set it yourself, but does not work when you don't set it?

pingz · January 30, 2020, 10:27pm

Somehow it is not set and I have to explicitly set to true. If I don't specify xpack.security.enabled, it does not work
Not clear if this has anything to do with the other xpack features in my nodeSet configuration as I set other features explicitly, such as xpack.monitoring.enabled.

I know that if nodeSet configure only has following. xpack.security.enabled seems to be set to true as default

  node.master: true
  node.data: true
  node.ingest: true
  node.store.allow_mmap: false

Topic		Replies	Views
How to set a user with customized roles for kibana on ECK Elastic Cloud on Kubernetes (ECK)	6	776	March 21, 2024
Cannot create Elasticsearch users with ECK Elastic Cloud on Kubernetes (ECK)	3	1873	November 4, 2022
Logstash and auto-index creation with ECK Elastic Cloud on Kubernetes (ECK) elastic-stack-security	1	466	May 29, 2024
Unable to authenticate user [*****] for REST request [/] Elasticsearch elastic-stack-security	2	70001	September 27, 2019
Unable to create users and roles Elasticsearch elastic-stack-security	12	1911	June 20, 2019

Unable to log in elastic using the non-default user's username and password

Related Topics