Hi.
Would it be possible to add in the error message The login request is checked by the ACL and gets accepted by an ACL block with no authentication rule in it. the actual ACL block that triggered the error?
Thanks in advance
Hi Gustavo,
We used to avoid passing information about the ACL structure (even if this is only the name of a matched block) to the ROR Kibana plugin. We think it is unnecessary information for the Kibana plugin and it may introduce some kind of information leak, so we avoid doing that.
But tell us more about the reason you ask for it. Maybe we can solve it in some other way.
BTW. If the reason is tracking, we have a concept of correlation ID per request (and session ID per session) and each log on the ES side has it. Maybe this log you show missed it on the Kibana logs side. If you could correlate this log with some other log (eg. the ALLOWED one) on the ES side, would it be sufficient for you?
Hi @coutoPL
There was 1 user that has a different set of groups (actually none) and did not match the ACL blocks for user. There was 1 invalid ACL without condition that was “dead code” as it never applied, except for this user. finding the ACL took a while.
The reason is not tracking, but resolving access issues quicker.
How about sending the ACL number? No need to know the name, just “the ACL applied is number 5”.
Best regards.
ok, I understand. We will think about how to do that.
Currently, we are working on some task, that is similar to this one, so we will try to address also this problem.
1 Like