[User Impersonation with X-Pack] action [cluster:admin/xpack/security/user/authenticate] is unauthorized for user


I'm trying configure ELK with SSO (keycloak)..

I'm using this architecture but i got this error {"statusCode":403,"error":"Forbidden","message":"[security_exception] action [cluster:admin/xpack/security/user/authenticate] is unauthorized for user [nginx] run as [user1@mail.pt]"}

nginx have privilege run as user1 configured in a role! Can you help me?


@Brandon_Kobel or @Larry_Gregory Do you or someone on the security team have some insight here?

@Joao_Palma can you share the role definitions for the nginx user?

The error is the SSO, he send the email in forwarded username... I fix this, using a script in LUA

Thanks to everyone

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.