Kibana throwing { "statusCode": 401, "error": "Unauthorized", "message": "forbidden: forbidden_response" }

Hi,
I have been bangging my head against ROR for a while now with no result. I hope someone can help me out.

Here is my readonlyrest.yml

readonlyrest:
     access_control_rules:
     - name: "::KIBANA-SRV::"
       auth_key: kibana:kibana
       type: allow
       indices: ["*"]
     - name: "Require HTTP Basic Auth"
       type: allow
       auth_key: user:password

and below is my elasticsearch.yml=>

node.name: elk
path.repo: /var/backups
network.host: 0.0.0.0
cluster.initial_master_nodes: [“elk”]
xpack.security.enabled: false

and lastly my kibana.yml

server.host: “0.0.0.0”
elasticsearch.username: “kibana”
elasticsearch.password: “kibana”
xpack.graph.enabled: false
xpack.ml.enabled: false
xpack.monitoring.enabled: true
xpack.security.enabled: false # this is fundamental!
xpack.watcher.enabled: false

I am using elastic 7.12.1 with ROR free plugin for elastic and kibana

Now, using the above configuration I am able to access elastic search on port 9200 using basic auth but that’s not the case with kibana and it throws 401

On close inspection of logs i can see the following outputs inside elastic logs

ALLOWED by { name: ‘::KIBANA-SRV::’, policy: ALLOW, rules: [auth_key,indices] req={ ID:1429412150-2126807733#9030, TYP:GetRequest, CGR:N/A, USR:user, BRS:true, KDX:null, ACT:indices:data/read/get, OA:127.0.0.1/32, XFF:null, DA:127.0.0.1/32, IDX:.kibana_7.12.1, MET:GET, PTH:/.kibana_7.12.1/_doc/telemetry:telemetry, CNT:<N/A>, HDR:Authorization=, Connection=keep-alive, Host=localhost:9200, content-length=0, user-agent=elasticsearch-js/7.12.0-canary.7 (linux 5.8.0-1041-aws-x64; Node.js v14.16.1), x-elastic-client-meta=es=7.12.0p,js=14.16.1,t=7.12.0p,hc=14.16.1, x-elastic-product-origin=kibana, HIS:[::KIBANA-SRV::-> RULES:[auth_key->true, indices->true] RESOLVED:[user=user;indices=.kibana_7.12.1]], }

FORBIDDEN by default req={ ID:1748204861-960911583#9029, TYP:SearchRequest, CGR:N/A, USR:[no info about user], BRS:true, KDX:null, ACT:indices:data/read/search, OA:127.0.0.1/32, XFF:null, DA:127.0.0.1/32, IDX:.kibana_7.12.1, MET:POST, PTH:/.kibana_7.12.1/_search, CNT:<OMITTED, LENGTH=480.0 B> , HDR:Connection=keep-alive, Host=localhost:9200, content-length=480, content-type=application/json, user-agent=elasticsearch-js/7.12.0-canary.7 (linux 5.8.0-1041-aws-x64; Node.js v14.16.1), x-elastic-client-meta=es=7.12.0p,js=14.16.1,t=7.12.0p,hc=14.16.1, x-elastic-product-origin=kibana, HIS:[::KIBANA-SRV::-> RULES:[auth_key->false] RESOLVED:[indices=.kibana_7.12.1]], [Require HTTP Basic Auth-> RULES:[auth_key->false] RESOLVED:[indices=.kibana_7.12.1]], }

can someone please help me why auth_key->false and how can i fix this

Did you remember to patch Kibana after installing the plugin?