Kibana user session switches to Kibana server


#1

Hi,

we are using readonlyrest 1.16.33 on ES 6.5.4, with an LDAP backend, and have noticed an odd behavior where the user’s Kibana session suddenly switches to that of the Kibana server user, under certain conditions. For example:

  1. ldap user logs on to Kibana
  2. chooses the Monitoring tab on the left hand pane
  3. he then chooses a different role via the multi-tenancy drop-down at the top left; note that the chosen role has no access to the Monitoring tab - it is hidden
    4.the user’s Kibana session is then switched to the Kibana server session

We have since tried upgrading to 1.16.34 in the hope that would fix the issue. It did not.

How can we solve the issue?

Thanks!


(Simone Scarduzio) #2

Hi @Robert!

Now that you describe the issue in the details, I think I know what’s going on. What happens when after point 4, the user clicks on another app, like for example timelion?


#3

Hi @sscarduzio,

after step 4, the user can access all the apps (timelion, monitoring etc) that the Kibana server user has access to.

Thanks,
Robert.


(Simone Scarduzio) #4

This is resolved for 6.6.x master branch. Would you like to test the pre release?


#5

We see this issue on an install of 5.6.9. Is there an updated release for that please?


(Simone Scarduzio) #6

Working on this right now. The 6.6.x got the priority because it was much easier to fix there, and it’s newer. Previous versions need a bit more attention.


(Simone Scarduzio) #7

The pre-6.6.0 branch has this fixed too now! Will hand you a build soon, @atownsend.


#8

Hi @sscarduzio,

can you please confirm, if there is a fix out for 6.5.4? Sounds like that is the case, just looking for a confirmation before we request and install the updated plugin.

Thanks,
Robert.


(Simone Scarduzio) #9

Yes it is, we’re releasing tonight a new version.