ROR log level: info
{"type":"log","@timestamp":"2019-08-14T11:17:42Z","tags":["fatal","root"],"pid":1,"message":"Error: custom client factory is already set, unable to replace the current one\n at ScopedSavedObjectsClientProvider.setClientFactory (/kibana/src/server/saved_objects/service/lib/scoped_client_provider.js:29:13)\n at Object.setScopedSavedObjectsClientFactory (/kibana/src/server/saved_objects/service/create_saved_objects_service.js:87:75)\n at /kibana/plugins/readonlyrest_kbn/index.js:1:4807\n at Plugin.init [as externalInit] (/kibana/plugins/readonlyrest_kbn/index.js:1:4663)\n at process._tickCallback (internal/process/next_tick.js:68:7)"}
FATAL Error: custom client factory is already set, unable to replace the current one
Have you disabled xpack security?
Sure. Previous version works fine.
Hello @Maligos, sorry for the delay.
- I manually tested this build
- An unrelated SAML SLO (single logout) issue is resolved
Hello @sscarduzio!
Still have error after redeploy and login via SAML.
{"statusCode":400,"error":"Bad Request","message":"Invalid cookie value"}
{ Error: Not Found
at handler (/kibana/src/server/http/index.js:120:30)
at module.exports.internals.Manager.execute (/kibana/node_modules/hapi/lib/toolkit.js:35:106)
at Object.internals.handler (/kibana/node_modules/hapi/lib/handler.js:50:48)
at exports.execute (/kibana/node_modules/hapi/lib/handler.js:35:36)
at Request._lifecycle (/kibana/node_modules/hapi/lib/request.js:263:62)
at process._tickCallback (internal/process/next_tick.js:68:7)
data: null,
isBoom: true,
isServer: false,
output:
{ statusCode: 404,
payload:
{ statusCode: 404, error: 'Not Found', message: 'Not Found' },
headers: { 'kbn-name': 'kibana' } },
reformat: [Function],
message: 'Not Found',
typeof: [Function: notFound] }
Try deleting your cookie from the browser? Or using another browser? Or incognito?
Deleting cookie is the only solution. But I have many customers and I can’t give them advice to delete cookie after each redeploy. It is very annoying.
What do you mean after each redeploy? Only after deploying this fixed version, right? Next time you upgrade ROR or Kibana versions this need to delete cookies won’t really apply.
Ohh of course, because we could not keep the groups list in the cookie, we moved it to a in-memory server side session-db. When you restart the server, the session-db resets, and even if the cookie is valid, it will reject the cookie because it can’t retrieve the session from the db.
But the behaviour should be: after restart, the users will be redirected to login for new authentication. No manual cookie deletion required.
Yes, they were redirected to the login page, clicked SAML auth button and then got cookie error after that.
So did I understand correctly that the following happens every time you restart, even with the newest version of ROR Enterprise?
- redirect to login
- click login with SAML
- cookie error that requires manual delete of cookies
- try to login again, successfully
Can you try if it’s still true setting this in kibana.yml?
readonlyrest_kbn.cookiePass: "<some long string>"
{"statusCode":500,"error":"Internal Server Error","message":"An internal server error occurred"}
Error handling saml TypeError: Cannot read property 'usernameParameter' of undefined
at Object.setTransitionalToken (/kibana/plugins/readonlyrest_kbn/server/routes/lib/connectors/saml/samlConfig.js:1:544)
at exports.saml (/kibana/plugins/readonlyrest_kbn/server/routes/lib/connectors/saml/controllers/saml/v1/index.js:1:339)
at module.exports.internals.Manager.execute (/kibana/plugins/readonlyrest_kbn/node_modules/hapi/lib/toolkit.js:35:106)
at Object.internals.handler (/kibana/plugins/readonlyrest_kbn/node_modules/hapi/lib/handler.js:50:48)
at exports.execute (/kibana/plugins/readonlyrest_kbn/node_modules/hapi/lib/handler.js:35:36)
at Request._lifecycle (/kibana/plugins/readonlyrest_kbn/node_modules/hapi/lib/request.js:263:62)
Debug: internal, implementation, error
Error: method did not return a value, a promise, or throw an error
at module.exports.internals.Manager.execute (/kibana/plugins/readonlyrest_kbn/node_modules/hapi/lib/toolkit.js:52:29)
Part of the config:
readonlyrest_kbn:
logLevel: info
cookiePass: 'hsEkuA2M2p2rDZ2g7N4Rx3yEtTP7t3Bf'
auth:
I just added “cookiePass” param to current config.
Very strange, can you post the whole (sanitized) YAML? Even in PM if you don’t want to share with others.
FYI this is the configuration I’m using in my development machine
xpack.security.enabled: false
xpack.spaces.enabled: false
elasticsearch.hosts: ["https://localhost:9200"]
elasticsearch.username: "kibana"
elasticsearch.password: "kibana"
elasticsearch.ssl.verificationMode: none
server.basePath: '/k'
server.ssl.enabled: true
server.ssl.certificate: '/me/kibana_plugin/kibana-extra/readonlyrest_kbn/ssl/localhost.pem'
server.ssl.key: '/me/kibana_plugin/kibana-extra/readonlyrest_kbn/ssl/localhost-key.pem'
readonlyrest_kbn:
whitelistedPaths: [".*/api/.*$"]
proxy_auth_passthrough: true
#kibana_custom_css_inject_file: "/tmp/custom_kibana.css"
logLevel: debug
clearSessionOnEvents: ["login"]
session_timeout_minutes: 99999
cookiePass: "12345678901234567890123456789012"
#kibanaIndexTemplate: ".kibana_infosec"
auth:
signature_key: "9yzBfnLaTYLfGPzyKW9es76RKYhUVgmuv6ZtehaScj5msGpBpa5FWpwk295uJYaaffTFnQC5tsknh2AguVDaTrqCLfM5zCTqdE4UGNL73h28Bg4dPrvTAFQyygQqv4xfgnevBED6VZYdfjXAQLc8J8ywaHQQSmprZqYCWGE6sM3vzNUEWWB3kmGrEKa4sGbXhmXZCvL6NDnEJhXPDJAzu9BMQxn8CzVLqrx6BxDgPYF8gZCxtyxMckXwCaYXrxAGbjkYH69F4wYhuAdHSWgRAQCuWwYmWCA6g39j4VPge5pv962XYvxwJpvn23Y5KvNZ5S5c6crdG4f4gTCXnU36x92fKMQzsQV9K4phcuNvMWkpqVB6xMA5aPzUeHcGytD93dG8D52P5BxsgaJJE6QqDrk3Y2vyLw9ZEbJhPRJxbuBKVCBtVx26Ldd46dq5eyyzmNEyQGLrjQ4qd978VtG8TNT5rkn4ETJQEju5HfCBbjm3urGLFVqxhGVawecT4YM9Rry4EqXWkRJGTFQWQRnweUFbKNbVTC9NxcXEp6K5rSPEy9trb5UYLYhhMJ9fWSBMuenGRjNSJxeurMRCaxPpNppBLFnp8qW5ezfHgCBpEjkSNNzP4uXMZFAXmdUfJ8XQdPTWuYfdHYc5TZWnzrdq9wcfFQRDpDB2zX5Myu96krDt9vA7wNKfYwkSczA6qUQV66jA8nV4Cs38cDAKVBXnxz22ddAVrPv8ajpu7hgBtULMURjvLt94Nc5FDKw79CTTQxffWEj9BJCDCpQnTufmT8xenywwVJvtj49yv2MP2mGECrVDRmcGUAYBKR8G6ZnFAYDVC9UhY46FGWDcyVX3HKwgtHeb45Ww7dsW8JdMnZYctaEU585GZmqTJp2LcAWRcQPH25JewnPX8pjzVpJNcy7avfA2bcU86bfASvQBDUCrhjgRmK2ECR6vzPwTsYKRgFrDqb62FeMdrKgJ9vKs435T5ACN7MNtdRXHQ4fj5pNpUMDW26Wd7tt9bkBTqEGf"
saml_kc:
buttonName: 'KeyCloak SAML SSO'
enabled: true
type: saml
protocol: 'https'
issuer: 'ror'
entryPoint: 'http://127.0.0.1:8080/auth/realms/master/protocol/saml'
kibanaExternalHost: 'localhost:5601'
usernameParameter: 'nameID'
groupsParameter: 'member'
logoutUrl: 'http://127.0.0.1:8080/auth/realms/master/protocol/saml'
Hello @sscarduzio!
Sorry for delay, I was unavailable.
Here is my full Kibana config below:
readonlyrest_kbn:
logLevel: info
auth:
signature_key: 'vELn41Rra4sG3zTWp+cE706FmEtRZdsgMWIJNp2OjkrQ03epc+MHGhWVP+7u14q630qzoK7omFotWkrHmiND6u5y7D4SuRWVP+7u14q630qzoK7omFotWkrHmiND6u5y7D4SuRWVP+7u14q630qzoK7omFotWkrHmiND6u5y7D4SuRd99s02o29d0sdf09sdf09u2093u0f9wduf09sd8uf09783042jkljdflsjlkjlskdjflskdjdkjflsdkj'
saml_kc:
buttonName: "SSO LOGIN"
enabled: true
type: "saml"
issuer: "c07eb4b5-67ec-40c4-99a7-e5aec833eb87"
entryPoint: "https://oidc.dev.local/auth/realms/master/protocol/saml"
kibanaExternalHost: "kibana.dev.local"
protocol: https
usernameParameter: "nameID"
groupsParameter: "samlGroups"
logoutUrl: "https://oidc.dev.local/auth/realms/master/broker/saml/endpoint"
elasticsearch.username: "kibana"
elasticsearch.password: "kibana"
elasticsearch.ssl.verificationMode: none
logging.quiet: false
server.port: 5601
# xpack.security.enabled: false
# xpack.graph.enabled: false
# xpack.ml.enabled: false
# xpack.monitoring.enabled: false
# xpack.reporting.enabled: false
# xpack.watcher.enabled: false