Use Curl command to access ElasticCloud-Kibana API secured by Azure AD

I am trying to get a token from Azure AD and use that on cURL command for using RestAPI on ElasticCloud, forexample for getting or creating an index,... Here is what I have tried:



    token=$(curl -X POST -d "grant_type=client_credentials&client_id=myclientID&client_secret=myclientsecret&resource=myApplicationIDURI" | awk -F',' '/access_token/ {print $7}' | cut -d ":" -f2 | cut -d'"' -f 2)
    echo $token

    curl -X GET "$myApplicationIDURI/$project" -H 'kbn-xsrf: true' -H 'Content-Type: application/json' -H "Authorization: Bearer $token"

I get 401 error unauthorized when it runs curl -X GET:

     {"statusCode":401,"error":"Unauthorized","message":"[security_exception] missing authentication credentials for REST request [/_security/_authenticate], with { header={ WWW-Authenticate={ 0=\"Bearer realm=\\\"security\\\"\" & 1=\"ApiKey\" & 2=\"Basic realm=\\\"security\\\" charset=\\\"UTF-8\\\"\" } } }"}

Does anyone know what it is missing?
Is there anything needed to be added in elasticsearch.yml or kibana.yaml?

For single-sign-on I followed this method which works fine through browser:

Here is my kibana.yml ["saml", "basic"]
    server.xsrf.whitelist: ["/api/security/v1/saml"] azuread-saml

and elasticsearch.yml:

                order: 2
                attributes.principal: ""
                attributes.groups: ""
                idp.metadata.path: ""
                idp.entity_id: ""
                sp.entity_id: "myAppURI"
                sp.acs: "myappURI/api/security/v1/saml"
                sp.logout: "myAppURI/logout"

The error that I see in the logs is: "built in token service unable to decode token"

I have created a case here as well that has more details:

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.