Can Kibana read the authoriztion header through Nginx?

Hi,

I’m testing Nginx, Kibana and Elasticsearch. Elasticsearch and Kibana install Search-Guard plugin.

I already configure the new user to login the Kibana through Kibana GUI. The user can log-in.

I’m using Nginx to check the authentication of my company authentication application.

If the user login successfully, I will add the authorization header to the HTTP header and re-direct to Kibana.

Kibana will not prompt to the login page again with the authorization header set. That is what I think.

I tried to curl Kibana URL, it returns the HTML page with Search Guard login.

curl -u : http://10.0.0.1:5601/kibana

``

What am I missing here? It seems Kibana with Search Guard does not look at the Authorization header.

I found this document, https://docs.search-guard.com/latest/kibana-authentication-http-basic#session-management.

Is there a way to set the active session by API or script to pass through the login page?

When asking questions, please provide the following information:

  • Search Guard and Elasticsearch version

6.6.1 and 6.6.1

  • Installed and used enterprise modules, if any

No

  • JVM version and operating system version

1.8

  • Search Guard configuration files

Demo certificate

  • Elasticsearch log messages on debug level

n/a

  • Other installed Elasticsearch or Kibana plugins, if any

n/a

Please attach your sg_config.yml, kibana.yml and elasticsearch.yml (as files)

···

Am 01.03.2019 um 01:58 schrieb Worapoj Chokeanankun <worapojc@gmail.com>:

Hi,

I'm testing Nginx, Kibana and Elasticsearch. Elasticsearch and Kibana install Search-Guard plugin.
I already configure the new user to login the Kibana through Kibana GUI. The user can log-in.

I'm using Nginx to check the authentication of my company authentication application.
If the user login successfully, I will add the authorization header to the HTTP header and re-direct to Kibana.

I tried to curl Kibana URL, it returns the HTML page with Search Guard login.
curl -u <username>:<password> http://10.0.0.1:5601/kibana

What am I missing here? It seems Kibana with Search Guard does not look at the Authorization header.

When asking questions, please provide the following information:

* Search Guard and Elasticsearch version
6.6.1 and 6.6.1
* Installed and used enterprise modules, if any
No
* JVM version and operating system version
1.8
* Search Guard configuration files
Demo certificate
* Elasticsearch log messages on debug level
n/a
* Other installed Elasticsearch or Kibana plugins, if any
n/a

--
You received this message because you are subscribed to the Google Groups "Search Guard Community Forum" group.
To unsubscribe from this group and stop receiving emails from it, send an email to search-guard+unsubscribe@googlegroups.com.
To post to this group, send email to search-guard@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/search-guard/44abedcc-6254-4857-a359-0faa36c3a8b5%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

I have attached the configuration files. My test user id is 8015996.

kibana.yml (5.09 KB)

sg_roles.yml (6.88 KB)

elasticsearch.yml (3.97 KB)

sg_action_groups.yml (2.27 KB)

sg_config.yml (9.4 KB)

sg_internal_users.yml (1.05 KB)

sg_roles_mapping.yml (548 Bytes)

···

On Tuesday, 5 March 2019 06:46:52 UTC+7, Search Guard wrote:

Please attach your sg_config.yml, kibana.yml and elasticsearch.yml (as files)

Am 01.03.2019 um 01:58 schrieb Worapoj Chokeanankun wora...@gmail.com:

Hi,

I’m testing Nginx, Kibana and Elasticsearch. Elasticsearch and Kibana install Search-Guard plugin.

I already configure the new user to login the Kibana through Kibana GUI. The user can log-in.

I’m using Nginx to check the authentication of my company authentication application.

If the user login successfully, I will add the authorization header to the HTTP header and re-direct to Kibana.

I tried to curl Kibana URL, it returns the HTML page with Search Guard login.

curl -u : http://10.0.0.1:5601/kibana

What am I missing here? It seems Kibana with Search Guard does not look at the Authorization header.

When asking questions, please provide the following information:

  • Search Guard and Elasticsearch version

6.6.1 and 6.6.1

  • Installed and used enterprise modules, if any

No

  • JVM version and operating system version

1.8

  • Search Guard configuration files

Demo certificate

  • Elasticsearch log messages on debug level

n/a

  • Other installed Elasticsearch or Kibana plugins, if any

n/a


You received this message because you are subscribed to the Google Groups “Search Guard Community Forum” group.

To unsubscribe from this group and stop receiving emails from it, send an email to search-guard...@googlegroups.com.

To post to this group, send email to search...@googlegroups.com.

To view this discussion on the web visit https://groups.google.com/d/msgid/search-guard/44abedcc-6254-4857-a359-0faa36c3a8b5%40googlegroups.com.

For more options, visit https://groups.google.com/d/optout.

You need to configure proxy based authentication like described here

···

Am 04.03.2019 um 20:30 schrieb Worapoj Chokeanankun <worapojc@gmail.com>:

I have attached the configuration files. My test user id is 8015996.

On Tuesday, 5 March 2019 06:46:52 UTC+7, Search Guard wrote:
Please attach your sg_config.yml, kibana.yml and elasticsearch.yml (as files)

> Am 01.03.2019 um 01:58 schrieb Worapoj Chokeanankun <wora...@gmail.com>:
>
> Hi,
>
> I'm testing Nginx, Kibana and Elasticsearch. Elasticsearch and Kibana install Search-Guard plugin.
> I already configure the new user to login the Kibana through Kibana GUI. The user can log-in.
>
> I'm using Nginx to check the authentication of my company authentication application.
> If the user login successfully, I will add the authorization header to the HTTP header and re-direct to Kibana.
>
> I tried to curl Kibana URL, it returns the HTML page with Search Guard login.
> curl -u <username>:<password> http://10.0.0.1:5601/kibana
>
> What am I missing here? It seems Kibana with Search Guard does not look at the Authorization header.
>
> When asking questions, please provide the following information:
>
> * Search Guard and Elasticsearch version
> 6.6.1 and 6.6.1
> * Installed and used enterprise modules, if any
> No
> * JVM version and operating system version
> 1.8
> * Search Guard configuration files
> Demo certificate
> * Elasticsearch log messages on debug level
> n/a
> * Other installed Elasticsearch or Kibana plugins, if any
> n/a
>
>
>
> --
> You received this message because you are subscribed to the Google Groups "Search Guard Community Forum" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to search-guard...@googlegroups.com.
> To post to this group, send email to search...@googlegroups.com.
> To view this discussion on the web visit https://groups.google.com/d/msgid/search-guard/44abedcc-6254-4857-a359-0faa36c3a8b5%40googlegroups.com.
> For more options, visit https://groups.google.com/d/optout.

--
You received this message because you are subscribed to the Google Groups "Search Guard Community Forum" group.
To unsubscribe from this group and stop receiving emails from it, send an email to search-guard+unsubscribe@googlegroups.com.
To post to this group, send email to search-guard@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/search-guard/b115e7a5-e218-4e4b-9deb-206764e0e99f%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
<kibana.yml><sg_roles.yml><elasticsearch.yml><sg_action_groups.yml><sg_config.yml><sg_internal_users.yml><sg_roles_mapping.yml>

It works! Thanks

···

On Wednesday, 6 March 2019 03:41:40 UTC+7, Search Guard wrote:

You need to configure proxy based authentication like described here

https://docs.search-guard.com/latest/proxy-authentication

Am 04.03.2019 um 20:30 schrieb Worapoj Chokeanankun wora...@gmail.com:

I have attached the configuration files. My test user id is 8015996.

On Tuesday, 5 March 2019 06:46:52 UTC+7, Search Guard wrote:

Please attach your sg_config.yml, kibana.yml and elasticsearch.yml (as files)

Am 01.03.2019 um 01:58 schrieb Worapoj Chokeanankun wora...@gmail.com:

Hi,

I’m testing Nginx, Kibana and Elasticsearch. Elasticsearch and Kibana install Search-Guard plugin.
I already configure the new user to login the Kibana through Kibana GUI. The user can log-in.

I’m using Nginx to check the authentication of my company authentication application.
If the user login successfully, I will add the authorization header to the HTTP header and re-direct to Kibana.

I tried to curl Kibana URL, it returns the HTML page with Search Guard login.
curl -u : http://10.0.0.1:5601/kibana

What am I missing here? It seems Kibana with Search Guard does not look at the Authorization header.

When asking questions, please provide the following information:

  • Search Guard and Elasticsearch version
    6.6.1 and 6.6.1
  • Installed and used enterprise modules, if any
    No
  • JVM version and operating system version
    1.8
  • Search Guard configuration files
    Demo certificate
  • Elasticsearch log messages on debug level
    n/a
  • Other installed Elasticsearch or Kibana plugins, if any
    n/a


You received this message because you are subscribed to the Google Groups “Search Guard Community Forum” group.
To unsubscribe from this group and stop receiving emails from it, send an email to search-guard...@googlegroups.com.
To post to this group, send email to search...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/search-guard/44abedcc-6254-4857-a359-0faa36c3a8b5%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.


You received this message because you are subscribed to the Google Groups “Search Guard Community Forum” group.

To unsubscribe from this group and stop receiving emails from it, send an email to search-guard...@googlegroups.com.

To post to this group, send email to search...@googlegroups.com.

To view this discussion on the web visit https://groups.google.com/d/msgid/search-guard/b115e7a5-e218-4e4b-9deb-206764e0e99f%40googlegroups.com.

For more options, visit https://groups.google.com/d/optout.

<kibana.yml><sg_roles.yml><elasticsearch.yml><sg_action_groups.yml><sg_config.yml><sg_internal_users.yml><sg_roles_mapping.yml>