Hi Team,
I am facing some forbidden access while using jwt token, I knew the user not allowed to access, help me to address this issue.
My JWT Token is :–
eyJhbGciOiJIUzUxMiJ9.eyJpYXQiOjE1NDIwMDgzOTEsImlzcyI6ImNvbS5zZWN1cmVpcSIsInVzZXJfY2xhaW0iOiJtb2hhbiIsImV4cCI6MTU0MjA2ODM5MX0.qAp7roV43hTgwQQSIVs5oX_mdL1x_9wQCVOvo1ltDjl9kTbREGqp-glVCoZNmfgRvHbSKQBzeRVB5hVjlRVpbw
decoded value -
{“alg”:“HS512”}{“iat”:1542008391,“iss”:“com.abc”,“user_claim”:“mohan”,“exp”:1542068391}*^780AVh^gKp@%Ne8DDA U
Mv)�syAcio
and my readonlyrest.yml as follows
readonlyrest:
# IMPORTANT FOR LOGIN/LOGOUT TO WORK WITH ROR PLUGIN FOR KIBANA
prompt_for_basic_auth: false
access_control_rules:
#####################################################################################
# These credentials have no limitations, and shall be used only by the Kibana deamon.
#####################################################################################
- name: "::KIBANA-SRV::"
auth_key: kibana:kibana
verbosity: error
- name: Valid JWT token with a viewer role
kibana_access: ro
jwt_auth:
name: "jwt_provider_1"
roles: ["viewer"]
- name: Valid JWT token with a writer role
kibana_access: rw
jwt_auth:
name: "jwt_provider_1"
roles: ["writer"]
jwt:
- name: jwt_provider_1
signature_algo: HS512
signature_key: "eyJzdWIiOiIxMjM0NTY3ODkiLCJpYXQiOjE1Mzg0Nzk5NDIsImlzcyI6ImNvbS5zZWN1cmVpcSIsImV4cCI6MTUzODQ4MDAwMn0"
user_claim: user
roles_claim: resource_access.client-app.roles # JSON-path style
header_name: Authorization
I am getting the following exception the continuously elasticsearch.log
[2018-11-12T07:44:12,024][INFO ][t.b.r.a.ACL ] FORBIDDEN by default req={ ID:1310574987-1181151371#41913, TYP:RRAdminRequest, CGR:N/A, USR:[no basic auth header], BRS:false, KDX:null, ACT:cluster:admin/rradmin/refreshsettings, OA:10.2.1.18, DA:0.0.0.0, IDX:<N/A>, MET:GET, PTH:/_readonlyrest/metadata/current_user, CNT:<N/A>, HDR:{authorization=, Connection=close, content-length=0, Host=10.2.1.25:9200}, HIS:[::KIBANA-SRV::->[auth_key->false]], [Valid JWT token with a viewer role->[jwt_auth->false]], [Valid JWT token with a writer role->[jwt_auth->false]] }
[2018-11-12T07:44:12,155][INFO ][t.b.r.a.ACL ] FORBIDDEN by default req={ ID:1466361979-730537051#41916, TYP:RRAdminRequest, CGR:N/A, USR:[no basic auth header], BRS:false, KDX:null, ACT:cluster:admin/rradmin/refreshsettings, OA:10.2.1.18, DA:0.0.0.0, IDX:<N/A>, MET:GET, PTH:/_readonlyrest/metadata/current_user, CNT:<N/A>, HDR:{authorization=, Connection=close, content-length=0, Host=10.2.1.25:9200}, HIS:[::KIBANA-SRV::->[auth_key->false]], [Valid JWT token with a viewer role->[jwt_auth->false]], [Valid JWT token with a writer role->[jwt_auth->false]] }
[2018-11-12T07:44:12,285][INFO ][t.b.r.a.ACL ] FORBIDDEN by default req={ ID:692634975-941180594#41917, TYP:RRAdminRequest, CGR:N/A, USR:[no basic auth header], BRS:false, KDX:null, ACT:cluster:admin/rradmin/refreshsettings, OA:10.2.1.18, DA:0.0.0.0, IDX:<N/A>, MET:GET, PTH:/_readonlyrest/metadata/current_user, CNT:<N/A>, HDR:{authorization=, Connection=close, content-length=0, Host=10.2.1.25:9200}, HIS:[::KIBANA-SRV::->[auth_key->false]], [Valid JWT token with a viewer role->[jwt_auth->false]], [Valid JWT token with a writer role->[jwt_auth->false]] }