Could not login:"server error 404 for get"

hi,

i’m using es 6.1.1 + kibana 6.1.1 + readonlyrest_kbn@1.16.27 (ent)
the ror-es pluging version is 1.16.18

(i cannot copy+paste from real env so i typed it all. i hope there aren’t too many mistakes)

the readonlyrest.yml looks like :

enable: true
response_if_req_forbidden: ...
audit_collector: true
prompt_for_basic_auth: false

access_control_rules:

- name: "::KIBANA::"
  auth_key: kibana:kibana
  verbosity: error
  
- name: "::RO::"
  auth_key: ro:dev
  kibana_access: ro
  indices: [".kibana*"]
  verbosity: error
  
- name: "::RW::"
  auth_key: rw:dev
  kibana_access: rw
  indices: [".kibana*", "*"]
  verbosity: error
  
- name: "::ADMIN::"
  auth_key: admin:dev
  kibana_access: admin
  
- name: "::WEBSITE SEARCH BOX::"
  indices: ["public"]
  actions: ["indices:data/read/*"]
  
{
	couple of blocks of applications users
	that authenticate using ldap. they looks like :
	
- name: "application 1"
  verbosity: error
  type: allow
  ldap_auth:
    name: "ldap1"
	groups: ["group1"]
  indices: ["ind1*",".kibana*"]
  actions: [....]
  kibana_hide_apps: ["readonlyrest_kbn"]
}

on chrome , when i’m trying to login using kibana (user is ldap authenticate) i get :

could not login: "server error: 404 - for 
	get
http://<SERVERNAME>:9200/_readonlyrest/metadata/current_user
	headers: {\"authorization\":\"basic
		....\"}"

on firefox i get :
{“statuscode”:400,“error”:“bad request”,“message”:“request must contain a kbn-xsrf header”}

when i’m using a command line with the same user+pw like :

curl -u <user>:<pw> http://<server>:9200/...

everything is ok

please advise

Hello @sdba2, will test this locally and get back to you asap.

my update :

i’ve succeed to work around the problem when i used version 21 for both of them (the es-plugin and the kibana-plugin)

@sdba2 thanks for the update! Before this, did you use mixed versions? I.e. Kibana plugin 1.16.x and ES plugin 1.16.y ? Because that would explain!

EDIT: yes apparently you were mixing two very distant versions!
Note for us: totally need to print a huge warning if there is a kibana/elasticsearch plugin version mismatch.