Authenticated login for Kibana

atulchadha24 · December 18, 2021, 3:01pm

I am trying to setup a POC setup with Kibana / ELS on same node along with authentication supported by ROR

We have successfully setup 3 ELS / 1 kibana setup earlier and had no issues. I need some advice on the above mentioned single node setup as it doesn’t seem to like the authentication attempts currently

I believe the ROR was successfully loaded

[2021-12-18T09:51:34,619][INFO ][t.b.r.b.RorInstance      ] [HOSTNAME] ReadonlyREST core was loaded ...

[2021-12-18T09:52:14,553][DEBUG][t.b.r.a.b.Block          ] [HOSTNAME] [::KIBANA-SRV::] the request matches no rules in this block: { ID:613347383-1611495040#341, TYP:GetRequest, CGR:N/A, USR:[no info about user], BRS:true, KDX:null, ACT:indices:data/read/get, OA:127.0.0.1/32, XFF:null, DA:127.0.0.1/32, IDX:.kibana, MET:GET, PTH:/.kibana/_doc/space:default, CNT:<N/A>, HDR:Connection=keep-alive, Host=localhost:9200, content-length=0, user-agent=elasticsearch-js/7.10.0-rc.1 (linux 3.10.0-693.el7.x86_64-x64; Node.js v10.23.1), x-elastic-product-origin=kibana, x-opaque-id=6b8aa020-d1fa-4690-a48b-47b268a48219, HIS:[::KIBANA-SRV::-> RULES:[auth_key->false] RESOLVED:[indices=.kibana]], } 
[2021-12-18T09:52:14,554][DEBUG][t.b.r.a.b.Block          ] [HOSTNAME] [::ELS::] the request matches no rules in this block: { ID:613347383-1611495040#341, TYP:GetRequest, CGR:N/A, USR:[no info about user], BRS:true, KDX:null, ACT:indices:data/read/get, OA:127.0.0.1/32, XFF:null, DA:127.0.0.1/32, IDX:.kibana, MET:GET, PTH:/.kibana/_doc/space:default, CNT:<N/A>, HDR:Connection=keep-alive, Host=localhost:9200, content-length=0, user-agent=elasticsearch-js/7.10.0-rc.1 (linux 3.10.0-693.el7.x86_64-x64; Node.js v10.23.1), x-elastic-product-origin=kibana, x-opaque-id=6b8aa020-d1fa-4690-a48b-47b268a48219, HIS:[::ELS::-> RULES:[auth_key->false] RESOLVED:[indices=.kibana]], }

Readonly rest file

access_control_rules:

- name: "::KIBANA-SRV::"
  auth_key: kibana:somepass
  verbosity: info

- name: "::ELS::"
  hosts: ["127.0.0.1"]
  auth_key: elastic:somepass
  verbosity: info

It will result in the below error when i try to access kibana UI

I see the below entry which i am concerned about

USR:[no info about user]

Why will no user be passed on the request and is this the reason its not hitting any blocks and ending in 401 ?

sscarduzio · December 18, 2021, 3:22pm

Hello @atulchadha24!

Remember to set up the credentials in kibana.yml

Yes that USR: should be populated with the username when credentials are found in the headers. Except in your case no credentials were found in the request headers.

What does the acronym ELS stand for?

atulchadha24 · December 18, 2021, 4:02pm

ELS is for elasticsearch host, in this case both kibana and elasticsearch are running on same node.

I do have elasticsearch.username and elasticsearch.password in my kibana.yml and they match the readonly.yml

atulchadha24 · December 18, 2021, 4:33pm

I forgot to tell i have a nginx sitting there too with below config

worker_processes  2;
events {
    worker_connections  1024;
}
http {
    include       mime.types;
    default_type  application/octet-stream;
    sendfile        on;
    keepalive_timeout  65;
    server {
        listen       443;
        server_name  localhost;
        ssl on;
        ssl_certificate /etc/nginx/ssl/ddd.crt;
        ssl_certificate_key /etc/nginx/ssl/ddd.key;
        ssl_session_timeout  5m;
        ssl_protocols TLSv1.1 TLSv1.2;
        ssl_ciphers  HIGH:!aNULL:!MD5;
        ssl_prefer_server_ciphers   on;
        location / {
           proxy_pass http://localhost:5601;
           proxy_connect_timeout 150;
           proxy_send_timeout 100;
           proxy_read_timeout 100;
           auth_basic "on";
        }
        location = /nginx_stub_status {
            stub_status on;
            allow all;
        }
        error_page   500 502 503 504  /50x.html;
        location = /50x.html {
            root   html;
        }
    }
}

sscarduzio · December 19, 2021, 11:37am

As you can see here, there’s no “Authorization” header arriving to Elasticsearch

HDR:Connection=keep-alive, Host=localhost:9200, content-length=0, user-agent=elasticsearch-js/7.10.0-rc.1 (linux 3.10.0-693.el7.x86_64-x64; Node.js v10.23.1), x-elastic-product-origin=kibana, x-opaque-id=6b8aa020-d1fa-4690-a48b-47b268a48219

So if it’s true that kibana.yml contains “kibana:somepass” credentials, there’s more fundamental issues.
For example, have you patched Kibana to work with ROR?

atulchadha24 · December 20, 2021, 4:28am

letme check that and will let you know how it goes, thank you

atulchadha24 · December 20, 2021, 4:35am

Patching did it ! Thank you!