Use Curl command to access ElasticCloud-Kibana API secured by Azure AD

mfa · July 1, 2020, 2:40pm

I am trying to get a token from Azure AD and use that on cURL command for using RestAPI on ElasticCloud, forexample for getting or creating an index,... Here is what I have tried:

    #!/bin/bash

    host="myApplicationIDURI"
    project="test"

    token=$(curl -X POST -d "grant_type=client_credentials&client_id=myclientID&client_secret=myclientsecret&resource=myApplicationIDURI" https://login.microsoftonline.com/mytenantID/oauth2/token | awk -F',' '/access_token/ {print $7}' | cut -d ":" -f2 | cut -d'"' -f 2)
    echo $token

    curl -X GET "$myApplicationIDURI/$project" -H 'kbn-xsrf: true' -H 'Content-Type: application/json' -H "Authorization: Bearer $token"

I get 401 error unauthorized when it runs curl -X GET:

     {"statusCode":401,"error":"Unauthorized","message":"[security_exception] missing authentication credentials for REST request [/_security/_authenticate], with { header={ WWW-Authenticate={ 0=\"Bearer realm=\\\"security\\\"\" & 1=\"ApiKey\" & 2=\"Basic realm=\\\"security\\\" charset=\\\"UTF-8\\\"\" } } }"}

Does anyone know what it is missing?
Is there anything needed to be added in elasticsearch.yml or kibana.yaml?

For single-sign-on I followed this method which works fine through browser:

Here is my kibana.yml

    xpack.security.authc.providers: ["saml", "basic"]
    server.xsrf.whitelist: ["/api/security/v1/saml"]
    xpack.security.authc.saml.realm: azuread-saml

and elasticsearch.yml:

    xpack:
      security:
        authc:
          realms:
            saml:
              azuread-saml:
                order: 2
                attributes.principal: "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name"
                attributes.groups: "http://schemas.microsoft.com/ws/2008/06/identity/claims/rolename"
                idp.metadata.path: "https://login.microsoftonline.com/mytenantID/federationmetadata/2007-06/federationmetadata.xml?appid=myapiID"
                idp.entity_id: "https://sts.windows.net/mytenantID/"
                sp.entity_id: "myAppURI"
                sp.acs: "myappURI/api/security/v1/saml"
                sp.logout: "myAppURI/logout"

The error that I see in the logs is: "built in token service unable to decode token"

I have created a case here as well that has more details:
https://stackoverflow.com/questions/62654557/use-curl-command-to-access-elasticcloud-kibana-api-secured-by-azure-ad

system · July 29, 2020, 2:40pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.