Kibana API with ReadOnlyRest Not working giving 302 error

ReadOnlyRest is not allowing to use Kibana API. Tried below approaches

  1. Using Whitelisting it is not working.

Added readonlyrest_kbn.whitelistedPaths: [".*/_security/oauth2/token$"]

Server auth using Basic with user ‘kibana’

POST /_security/oauth2/token HTTP/1.1
Authorization: Basic a2liYW5hOmtpYmFuYQ==
User-Agent: curl/7.29.0
Host: :5601
Accept: /
Content-Type: application/json
Content-Length: 39

  • upload completely sent off: 39 out of 39 bytes
    < HTTP/1.1 404 Not Found
    < kbn-name: kibana
    < kbn-xpack-sig: 8ed895a9d0ca8f50cca5856d60f22703
    < content-type: application/json; charset=utf-8
    < cache-control: no-cache
    < content-length: 60
    < Date: Fri, 26 Jun 2020 15:00:15 GMT
    < Connection: keep-alive
    <
  • Connection #0 to host left intact
    {“statusCode”:404,“error”:“Not Found”,“message”:“Not Found”}
  1. Using Cookie it is not working

[[email protected] ~]$ curl -vvv -k -X GET https://:5601/login -H “Content-Type: application/json” -b cookie.txt

  • About to connect() to port 5601 (#0)
  • Trying
  • Connected to port 5601 (#0)
  • Initializing NSS with certpath: sql:/etc/pki/nssdb
  • skipping SSL peer certificate verification
  • SSL connection using TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
  • Server certificate:

GET /login HTTP/1.1
User-Agent: curl/7.29.0
Host: :5601
Accept: /
Cookie: rorCookie=Fe26.24b1f6715af0615f7374ff3fc91668743878873251dec8ce8a01c50318358496bUJyNUbYlu1ScFMWIjzYmlwjhEXGZFURcAtzZc3JWvB2UorJi-TpK4nsWd45WGcrHUS5rZhfjNEKienKOyLMdf7AT4IOc1lBy-89Hu_MSggA2PeGHOld4FWXfugjl6ggYvdbNGRBO2P83NNIBF6GHuI-M6gW5fO1pJl9xUvDZj4yrr6CTRw9lNZQSFZCiBlyAhHlVwWsM2mgWr9pByt-CqMIKhraewXFd1xPsGZGO_VRVe3ohEpKcu1iyCwD7jg6Xk6dd8f9db04a38b20b26d19003dacbf5a94ec14cc49ea42af0bb0dcf89ec72f10*ZzlK5VvYIF1rUUOB8lKxI5a0DhI-OrZqtFz6T7dVmYM
Content-Type: application/json

< HTTP/1.1 302 Found
< location: /logout
< content-type: text/html; charset=utf-8
< cache-control: no-cache
< content-length: 0
< Date: Fri, 26 Jun 2020 14:03:17 GMT
< Connection: keep-alive
<

  • Connection #0 to host left intact

what version of ROR and Kibana are you using?

Kibana Version - 7.5.2
ROR Version - 1.19, ReadonlyREST Security version enterprise-1.19.0_es7.5.2,

Kindly try with 1.20.0, we refactored the order of authentication methods, as far as I recall the basic auth is now taken in consideration too.

What are other ways of doing Authentication for accessing Kibana APIs?

  1. Whitelisting Paths
  2. Tokens
  3. Cookie

which is working right now in version 1.19 or 1.20

whitelist path and basic auth should more adapt for API calls. JWT tokens too. 1.19.5 should already accept basic auth on whitelisted paths.