JWT without Kibana


(Saber Soleymani) #1

Is it possible to use ReadonlyREST to secure elasticsearch indices without having Kibana? If yes, what is wrong with my configurations?
The following configuration prevents elasticsearch (version 6.3.1) service to run on an Ubuntu machine:

...
- name: Just certain indices, and read only
      type: allow
      actions: ["indices:data/read/*"]
      indices: ["test-index*"] # index aliases are taken in account!
      jwt_auth:
        name: "jwt_provider_1"
jwt:
    - name: jwt_provider_1
      secret: "thesecret!" #for symmetric encryption
      user_claim: user_id
      header_name: Authorization

elasticsearch.yml:


xpack.security.enabled: false
http.type: ssl_netty4

Thanks :slight_smile:


(Simone Scarduzio) #2

sure it is possible, try commenting out the actions rule to see if it works. Maybe your test is not a request that maps to that action.

Anyways, analyse the logs and see the “HIS” field (history) to see which rule blocks the requests.


(Saber Soleymani) #3

By commenting out the jwt_auth section, the restriction works. But, enabling this sections, prevents elasticsearch service to start at all (systemctl elasticsearch service start).
Thanks for the “HIS” field, I’ll see that and reply here.
Anyhow, since I know it works without Kibana I am more confident now! Because the samples on documentation, and most of the issues involves Kibana.


(Simone Scarduzio) #4

Cool, thanks for the suggestion about the docs. They are very welcome!

:warning: :warning: :warning:
BTW I take the opportunity to remind everyone that our documentation is a collaborative open source project.
:blush: :blush: :blush:


(Askids) #5

@sscarduzio and we will use this opportunity to remind that PRs are pending merge :wink:


(Simone Scarduzio) #6

LOLL thanks @askids, I totally didn’t see those. All merged thank you!