We’re using search-guard-flx 1.0.0-es-7.10.2
on one of our test clusters, and for some reason the internal users all get 401’s for any request e.g. /
or /_searchguard/authinfo
:
HTTP/1.1 401 Unauthorized
WWW-Authenticate: Bearer realm="Search Guard"
content-type: text/plain; charset=UTF-8
content-length: 12
Clientcert works fine for instance.
On the server, we see the following trace logs:
{"type":"server","timestamp":"2023-02-14T10:01:23,656+01:00","level":"TRACE","component":"c.f.s.a.l.LegacyRestAuthenticationProcessor","cluster.name":"plop","node.name":"node0792.example.com","message":"Rest authentication request from 10.10.234.170 [original: /10.10.234.170:56120]","cluster.uuid":"RVbZ4JXkQPWTHp5XAtygSQ","node.id":"Q99PLn7PSiSDDSmv5c0W1g"}
{"type":"server","timestamp":"2023-02-14T10:01:23,656+01:00","level":"DEBUG","component":"c.f.s.a.b.RequestAuthenticationProcessor","cluster.name":"plop","node.name":"node0792.example.com","message":"Authenticating request using: [sg_auth_token, session]","cluster.uuid":"RVbZ4JXkQPWTHp5XAtygSQ","node.id":"Q99PLn7PSiSDDSmv5c0W1g"}
{"type":"server","timestamp":"2023-02-14T10:01:23,656+01:00","level":"TRACE","component":"c.f.s.a.b.RequestAuthenticationProcessor","cluster.name":"plop","node.name":"node0792.example.com","message":"Checking authdomain session (total: 2)","cluster.uuid":"RVbZ4JXkQPWTHp5XAtygSQ","node.id":"Q99PLn7PSiSDDSmv5c0W1g"}
{"type":"server","timestamp":"2023-02-14T10:01:23,656+01:00","level":"TRACE","component":"c.f.s.a.l.LegacyRestRequestAuthenticationProcessor","cluster.name":"plop","node.name":"node0792.example.com","message":"Try to extract auth creds from session http authenticator","cluster.uuid":"RVbZ4JXkQPWTHp5XAtygSQ1g"}
{"type":"server","timestamp":"2023-02-14T10:01:23,656+01:00","level":"TRACE","component":"c.f.s.a.l.LegacyRestRequestAuthenticationProcessor","cluster.name":"plop","node.name":"node0792.example.com","message":"no session credentials found in request","cluster.uuid":"RVbZ4JXkQPWTHp5XAtygSQ","node.id":"Q99PLn7PSiSDDSmv5c0W1g"}
{"type":"server","timestamp":"2023-02-14T10:01:23,656+01:00","level":"WARN","component":"c.f.s.a.b.RequestAuthenticationProcessor","cluster.name":"plop","node.name":"node0792.example.com","message":"Authentication failed for null from [request=/_cat/, directIpAddress=10.10.234.170, originatingIpAddress=10.10.234.170, clientCertSubject=null]","cluster.uuid":"RVbZ4JXkQPWTHp5XAtygSQ","node.id":"Q99PLn7PSiSDDSmv5c0W1g"}