I’m experiencing a strange behaviour when using Search guard on elasticsearch and kibana. I’m using
Elasticsearch 5.5.0 with SearchGuard plugin 5.5.0-16
Kibana 5.5.0 with SearchGuard plugin 5.5.0-4
To start exploring the searchguard capabilities, I followed the instructions and installed the provided demo (auto signed certificat and default users/password/roles) :
When I connect to elasticsearch, I am asked to enter user/password, and everything works as expected : receiving right errors when authenticated user hasn’t got rights for certain actions, etc…
When I connect to kibana, I am redirected to the SearchGuard login page. I enter the user/password (kibanaro/kibanaro or admin/admin), and for now all is ok.
But then comes my problem, I’m again asked to enter user/password with the browser built-in authentication popup. And there, I cannot authenticate with any password (admin/admin nor kibanaro/kibanaro nor kibanaserver/kibanaserver)
I used tcpdump and wireshark to see what’s going on, and I could see that :
from login page : a POST to http://localhost:5601/api/v1/auth/login returns OK
Then a GET to http://localhost:5601/ returns OK and kibana redirects to the default route
Finally the GET to http://localhost:5601/app/kibana returns an HTTP 401 with header Basic realm=“Authorization Required”
Is there anything I missed ?
Here are the related informations :
-> sgconfig directory content which is exactlly what is procided by the plugin installation : attached file sgconfig.zip
-> result of a find_all query on the search_guard index : attached file searchguard.json
-> the elasticsearch conf :
######## Start Search Guard Demo Configuration ########
- CN=kirk,OU=client,O=client,L=test, C=de
######## End Search Guard Demo Configuration ########
-> the kibana conf :
Any help would be appreciate.
sgconfig.zip (9.13 KB)
searchguard.json (11.8 KB)