On ROR login screen, if I type wrong creds, I get this message
Could not login: { “kibanaIndex”: “.kibana”, “authHeaders”: “”,…
instead of what is defined in
readonlyrest:
enable: true
response_if_req_forbidden: Access Denied! Please contact …
I am using Enterprise version 1.24
This was tricky.
Actually you should not see that message, unless your incorrect credentials have been matched by an ACL block that does not carry user identity information.
One of the classic pitfalls is to have a “catch all” ACL block with “hosts” rule in the bottom of the ACL.
Simple try: try and log in again, but this time observe the Elasticsearch logs, and it won’t show “FORBIDDEN” when you put wrong credentials. It will say ALLOWED by