Thanks for the reply. Sorry, was probably a bit unclear when I wrote this post.
Here is what I mean:
- I go to https://mydomain.com/kibana in my web-browser and the expected behavior is that I will be logged in automatically since my reverse proxy is supposed to add a header with jwt. However I am beeing sent to the ror-login page instead.
- Since the login failed I expect that the elasticsearch log-file will conatain some lines with FORBIDDEN where I can see if the header is missing. However, there are no log-lines from the failed login.
So my question is. When using jwt header for SSO and the user is not automatically logged in, why can I not see this in elasticsearch.log?
I do not have access to the reverse proxy server my self so that is why I wanted to verify that the jwt-header is actually included in the requests. I used tcpdump on the kibana/ror-server and found out that the header was missing. However, it would be easier to see this if I saw some log lines for the requests.
Ideeally I would like to disable the login page completely, and if a user’s sso-attempt fails it should be logged as FORBIDDEN and the user should be redirected to an error page instead of the login page (which is useless for the user anyways)
So this is not really a ROR-issue, but just something that went wrong after some changes to our infrastructure in the test-environment. In this case, I think it would be easier to debug if ROR had the behavior described above.