Hi
I’m using SAML authentication, which is working fine, but my Elasticsearch log is full of WARN messages that say:
No ‘Basic Authorization’ header, send 401 and ‘WWW-Authenticate-Basic’
After raising the logging level to DEBUG I found that these were appearing every time my browser refreshed the current dashboard. Immediately after was the line recognizing my username and roles.
Does this indicate a problem? If not, can I suppress these messages? I suppose I could reduce logging to ERROR, but this seems like a bad idea
Regards
Max
No, it is not a problem, and the log level here should rather be info or even debug.
The reason you are seeing it is because there are two authentication domains active, Basic (which comes first) and SAML (which comes second). Whenever a SAML authenticated requests hits the Basic domain, authentication fails (as expected). It is then passed to the SAML domain which successfully authenticates the request. So it is expected that the Basic auth domain fails, and that’s why the log level is probably not correct here.
···
On Thursday, August 30, 2018 at 9:30:41 AM UTC-4, Max Caines wrote:
Hi
I’m using SAML authentication, which is working fine, but my Elasticsearch log is full of WARN messages that say:
No ‘Basic Authorization’ header, send 401 and ‘WWW-Authenticate-Basic’
After raising the logging level to DEBUG I found that these were appearing every time my browser refreshed the current dashboard. Immediately after was the line recognizing my username and roles.
Does this indicate a problem? If not, can I suppress these messages? I suppose I could reduce logging to ERROR, but this seems like a bad idea
Regards
Max
As a workaround, you can set the log level of the respective class to error:
logger.searchguard.name = com.floragunn.searchguard.support.HTTPHelper
logger.searchguard.level = error
``
···
On Thursday, August 30, 2018 at 5:32:38 PM UTC-4, Jochen Kressin wrote:
No, it is not a problem, and the log level here should rather be info or even debug.
The reason you are seeing it is because there are two authentication domains active, Basic (which comes first) and SAML (which comes second). Whenever a SAML authenticated requests hits the Basic domain, authentication fails (as expected). It is then passed to the SAML domain which successfully authenticates the request. So it is expected that the Basic auth domain fails, and that’s why the log level is probably not correct here.
On Thursday, August 30, 2018 at 9:30:41 AM UTC-4, Max Caines wrote:
Hi
I’m using SAML authentication, which is working fine, but my Elasticsearch log is full of WARN messages that say:
No ‘Basic Authorization’ header, send 401 and ‘WWW-Authenticate-Basic’
After raising the logging level to DEBUG I found that these were appearing every time my browser refreshed the current dashboard. Immediately after was the line recognizing my username and roles.
Does this indicate a problem? If not, can I suppress these messages? I suppose I could reduce logging to ERROR, but this seems like a bad idea
Regards
Max