Issues with JWT in 1.16.32


(JBiel) #1

Hi. I’m attempting an upgrade of ES + ReadonlyREST and experiencing an problem with what seems to be JWT.

old: ES 6.4.3, RoR 1.16.29
new: ES 6.5.4, RoR 1.16.32

The issue that’s experienced is that startup hangs after the following log lines:

[2019-01-02T21:50:39,220][DEBUG][t.b.r.e.IndexLevelActionFilter] [host]Read data from /etc/elasticsearch/readonlyrest.yml
[2019-01-02T21:50:39,240][INFO ][t.b.r.e.IndexLevelActionFilter] [host]Settings observer refreshing..

readonlyrest.yml:

readonlyrest:
...
  access_control_rules:
  - name: admin
    kibana_access: rw
    jwt_auth:
      name: "jwt_provider_1"
      roles: ["writer"]

  jwt:
  - name: jwt_provider_1
    signature_key: "..."
    signature_algo: RSA
    user_claim: preferred_username

We have other config options/ACL rules in place (LDAP, basic auth, etc.) If the “admin” jwt auth section is commented out Elasticsearch/RoR starts up properly. Does anyone have any ideas how to further troubleshoot what’s going wrong here? We’ve tried a variety of changes to this config section to no avail. Prior to the upgrade the jwt_auth value was just a string with the name of the ACL (admin.) After reviewing the docs we changed it over to a hash/map. TYIA!


#2

Hi, I’m also experiencing this issue. I’ve raised a github issue here.

I think the issue is unrelated to the ES version as i’m using 6.2.4 and on another computer i have an old version of RoR that works with the same config. I downloaded it around 23rd December.


(Simone Scarduzio) #3

Linking here some evolution on this case on GitHub