Hello,
We are trying to update our kibana and elasticsearch ROR from v.1.18.9 Enterprise to the latest version and we are having an issue with proxy auth. The configuration is the following:
readonlyrest:
prompt_for_basic_auth: false
audit_collector: true
access_control_rules:
- name: "Kibana Server"
groups: ["kibana-srv"]
- name: "Full Admin Users"
groups: ["full-admin"]
- name: "Forbidden for .readonlyrest index"
groups: ["client_admin"]
type: "forbid"
indices: [".readonlyrest"]
methods: ["PUT", "POST"]
- name: "Client Admin Group Kibana"
groups: ["client_admin"]
indices: ["*"]
kibana_access: "admin"
kibana_hide_apps: ["readonlyrest_kbn"]
- name: "Client Group"
groups: ["client_admin"]
- name: "Data Group Kibana"
groups: ["data_injection"]
indices: ["*"]
kibana_access: "admin"
kibana_hide_apps: ["readonlyrest_kbn"]
- name: "Data Group"
groups: ["data_injection"]
indices: ["metricbeat*", "<metricbeat*"]
actions:
[
"indices:data/write/*",
"cluster:admin/ilm/*",
"indices:admin/create",
"indices:admin/template/put",
]
proxy_auth_configs:
- name: "px1"
user_id_header: "x-forwarded-user"
users:
- username: "fulladmin"
groups: ["full-admin"]
auth_key: "fulladmin:password"
- username: "sspo"
groups: ["full-admin"]
auth_key_sha256: "c71f47001de759c2c773d89ea49f409393b61e2e895decd47615709dde3a8d14"
- username: "clientadmin"
groups: ["full-admin"]
auth_key_sha256: "b17f9e5dfb1f21db76d5e40e314d4ee73da28a834947bfeee51d0703576ddb2a"
- username: "data"
groups: ["full-admin"]
auth_key_sha256: "53d33013d97df7cd7c5671fff10e47ebc239e7ba6ae52f19216530fa05a57aaf"
- username: "kibana"
groups: ["full-admin"]
auth_key_sha256: "daa9e71c597808bc332614169783695874b2d850d28868ea6b265d08ef60a944"
- username: "monitoring"
groups: ["data_injection"]
auth_key: "monitoring:password"
- username: "proxy_user_test"
groups: ["client_admin"]
proxy_auth:
proxy_auth_config: "px1"
users: ["proxy_user_test"]
If using ROR v.1.18.9 for both KB and ES this works just fine and the proxy auth user is able to login. If using ROR v 1.19.4 for ES and ROR v 1.18.9 for KB, this also work just fine. But, when using v 1.19.4 also for KB , the proxy auth user is not able to login anymore, and we’re receiving a 403 forbidden error. Can you support in investigating why the new KB plugin has this behaviour?
Thanks!