Hello,
I encountered a strange issue where i was able to obtain unrestricted access to kibana. This was tested with elk 8.6.2 ROR 1.50.0 enterprise and elk 7.17.2 ROR 1.43.0 enterprise. ROR config below:
prompt_for_basic_auth: false
access_control_rules:
- name: "Full Admin Kibana"
groups: ["full-admin"]
indices: ["*"]
kibana_access: "admin"
- name: "Full Admin Users"
groups: ["full-admin"]
indices: ["*"]
actions: ["*"]
- name: "Client Admin Group Kibana"
groups: ["client_admin"]
indices: ["kibana_client_admin", "*"]
kibana_access: "rw"
kibana_index: "kibana_client_admin"
- name: "Client Admin Group 0"
groups: ["client_admin"]
indices: ["*"]
actions: ["*"]
proxy_auth_configs:
- name: "px1"
user_id_header: "x-forwarded-user"
users:
- username: "fulladmin"
groups: ["full-admin"]
auth_key_sha256: "key"
- username: "diana123"
groups: ["client_admin"]
proxy_auth:
proxy_auth_config: "px1"
users: ["diana123"]
I am able to login in the client_admin tenant , normally. If i login as a fulladmin user, and change the configuration of the username diana123 to DIANA123, like this:
- username: "DIANA123"
groups: ["client_admin"]
proxy_auth:
proxy_auth_config: "px1"
users: ["DIANA123"]
and immediately i switch to the client_admin tenant without logging out before, i am able to obtain unrestricted access to kibana.
Below also a printscreen:
before changing the username to uppercase:
after changing the username to uppercase and switching to the client_admin tenant:
