RoR Enterprise: New context creation failing in 6.8.0 1.19.3?

Hi,

We downloaded and are testing 1.19.3 on Kibana/Elasticsearch 6.8.0.
If we create a new kibana context and have a user login to this context the user ends up in a redirect loop.

In the logs we see the following:

{"type":"log","@timestamp":"2020-03-23T13:35:02Z","tags":["info","readonlyrest_kbn:extractIdentity"],"pid":21294,"message":"asked for group undefined"}

{"type":"log","@timestamp":"2020-03-23T13:35:02Z","tags":["info","readonlyrest_kbn:enrichFromEs"],"pid":21294,"message":"received identity payload: {\"x-ror-available-groups\":[\"ENN\"],\"x-ror-kibana_index\":\".kibana_enn\",\"x-ror-kibana-hidden-apps\":[\"apm\",\"canvas\",\"infra:home\",\"infra:logs\",\"kibana:dev_tools\",\"kibana:management\",\"maps\",\"monitoring\",\"readonlyrest_kbn\",\"timelion\",\"uptime\"],\"x-ror-kibana_access\":\"rw\",\"x-ror-username\":\"test_context\",\"x-ror-current-group\":\"ENN\"}"}

{"type":"log","@timestamp":"2020-03-23T13:35:02Z","tags":["info","readonlyrest_kbn:enrichFromEs"],"pid":21294,"message":"ON_IDENTITY setting kibana index to .kibana_enn"}

{"type":"log","@timestamp":"2020-03-23T13:35:02Z","tags":["info","readonlyrest_kbn:ensureIndexExists"],"pid":21294,"message":"kbnIndex was created  .kibana_enn"}

{"type":"log","@timestamp":"2020-03-23T13:35:02Z","tags":["warning","readonlyrest_kbn:ensureIndexExists"],"pid":21294,"message":"error writing default space to .kibana_enn {}"}

{"type":"response","@timestamp":"2020-03-23T13:35:02Z","tags":[],"pid":21294,"method":"post","statusCode":302,"req":{"url":"/login","method":"post","headers":{"host":"YYY.XXX:8001","connection":"keep-alive","content-length":"63","cache-control":"max-age=0","origin":"http://YYY.XXX:8001","upgrade-insecure-requests":"1","content-type":"application/x-www-form-urlencoded","user-agent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.149 Safari/537.36","accept":"text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9","referer":"http://YYY.XXX:8001/login?nextUrl=/","accept-encoding":"gzip, deflate","accept-language":"en-US,en;q=0.9,de;q=0.8,nl;q=0.7","kbn-xsrf":"6.8.0","kbn-version":"6.8.0"},"remoteAddress":"Z.Z.Z.Z","userAgent":"Z.Z.Z.Z","referer":"http://YYY.XXX:8001/login?nextUrl=/"},"res":{"statusCode":302,"responseTime":95,"contentLength":9},"message":"POST /login 302 95ms - 9.0B"}

{"type":"response","@timestamp":"2020-03-23T13:35:02Z","tags":[],"pid":21294,"method":"get","statusCode":302,"req":{"url":"/","method":"get","headers":{"host":"YYY.XXX:8001","connection":"keep-alive","cache-control":"max-age=0","upgrade-insecure-requests":"1","user-agent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.149 Safari/537.36","accept":"text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9","referer":"http://YYY.XXX:8001/login?nextUrl=/","accept-encoding":"gzip, deflate","accept-language":"en-US,en;q=0.9,de;q=0.8,nl;q=0.7","x-ror-kibana-request-path":"/","x-ror-kibana-request-method":"get","x-ror-current-group":"ENN"},"remoteAddress":"Z.Z.Z.Z","userAgent":"Z.Z.Z.Z","referer":"http://YYY.XXX:8001/login?nextUrl=/"},"res":{"statusCode":302,"responseTime":29,"contentLength":9},"message":"GET / 302 29ms - 9.0B"}

{"type":"log","@timestamp":"2020-03-23T13:35:02Z","tags":["spaces","error"],"pid":21294,"message":"Unable to navigate to space \"default\", redirecting to Space Selector. Error: Saved object [space/default] not found"}

{"type":"response","@timestamp":"2020-03-23T13:35:02Z","tags":[],"pid":21294,"method":"get","statusCode":302,"req":{"url":"/app/kibana","method":"get","headers":{"host":"YYY.XXX:8001","connection":"keep-alive","cache-control":"max-age=0","upgrade-insecure-requests":"1","user-agent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.149 Safari/537.36","accept":"text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9","referer":"http://YYY.XXX:8001/login?nextUrl=/","accept-encoding":"gzip, deflate","accept-language":"en-US,en;q=0.9,de;q=0.8,nl;q=0.7"},"remoteAddress":"Z.Z.Z.Z","userAgent":"Z.Z.Z.Z","referer":"http://YYY.XXX:8001/login?nextUrl=/"},"res":{"statusCode":302,"responseTime":13,"contentLength":9},"message":"GET /app/kibana 302 13ms - 9.0B"}

{"type":"response","@timestamp":"2020-03-23T13:35:02Z","tags":[],"pid":21294,"method":"get","statusCode":302,"req":{"url":"/","method":"get","headers":{"host":"YYY.XXX:8001","connection":"keep-alive","cache-control":"max-age=0","upgrade-insecure-requests":"1","user-agent":"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.149 Safari/537.36","accept":"text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9","referer":"http://YYY.XXX:8001/login?nextUrl=/","accept-encoding":"gzip, deflate","accept-language":"en-US,en;q=0.9,de;q=0.8,nl;q=0.7","x-ror-kibana-request-path":"/","x-ror-kibana-request-method":"get","x-ror-current-group":"ENN"},"remoteAddress":"Z.Z.Z.Z","userAgent":"Z.Z.Z.Z","referer":"http://YYY.XXX:8001/login?nextUrl=/"},"res":{"statusCode":302,"responseTime":15,"contentLength":9},"message":"GET / 302 15ms - 9.0B"}

{"type":"log","@timestamp":"2020-03-23T13:35:02Z","tags":["spaces","error"],"pid":21294,"message":"Unable to navigate to space \"default\", redirecting to Space Selector. Error: Saved object [space/default] not found"}

Relevant config:

auth block:
  - name: "Allow ENN read access to relevant indices"
    indices: [".kibana_enn", "xxx-*", "catchall-*"]
    kibana_index: ".kibana_enn"
    kibana_access: rw
    kibana_hide_apps: ["monitoring", "maps", "uptime", "timelion", "readonlyrest_kbn", "canvas", "apm", "infra:home", "infra:logs", "kibana:dev_tools", "kibana:management"]
    groups: ["ENN"]

And user:

users:
- username: test_context
  auth_key: XXX
  groups: ["ENN"]

I thought maybe the .kibana_enn got corrupted, completely deleted it and tried again.
No success.

If you need any more information then the above please let me known and I will collect it for you.
I anonimized some of the information for security reason but this shouldn’t be a problem I hope.

Hi @ronald.vanboven, thanks for reporting. Can you please paste the content of package.json?

cat $KIBANA_HOME/plugins/readonlyrest_kbn/package.json

No problem, here you go:

{
  "name": "readonlyrest_kbn",
  "version": "1.19.3",
  "ror_version": "enterprise-1.19.3_es6.8.0",
  "ror_build_time": "Thu, 19 Mar 2020 16:10:44 GMT",
  "ror_valid_for_days": "99999",
  "license": "Beshu Limited, All rights reserved",
  "private": true,
  "description": "ReadonlyREST security plugin for Elasticsearch and Kibana",
  "main": "index.js",
  "kibana": {
    "version": "6.8.0"
  },
  "dependencies": {
    "atob": "^2.0.3",
    "boom": "^7.1.1",
    "brace": "^0.10.0",
    "crypto-js": "^4.0.0",
    "grant-hapi": "^4.6.1",
    "hapi": "^17.5.3",
    "hapi-auth-cookie": "9.1.0",
    "hapi-passport-saml": "2.0.0",
    "joi": "^10.2.2",
    "jsonwebtoken": "^8.3.0",
    "lodash": "4.17.15",
    "quick-lru": "^4.0.1",
    "replace-prefix": "^0.0.1",
    "uuid": "^3.0.1",
    "yamljs": "^0.2.9",
    "yar": "^9.1.0"
  }

Thank you Ronald, I will send you a private message with the corrected build.

update: this is solved and verified in 1.19.4-pre4.