Constant warnings in Elasticsearch log when using SAML

Hi

I’m using SAML authentication, which is working fine, but my Elasticsearch log is full of WARN messages that say:

No ‘Basic Authorization’ header, send 401 and ‘WWW-Authenticate-Basic’

After raising the logging level to DEBUG I found that these were appearing every time my browser refreshed the current dashboard. Immediately after was the line recognizing my username and roles.

Does this indicate a problem? If not, can I suppress these messages? I suppose I could reduce logging to ERROR, but this seems like a bad idea

Regards

Max

No, it is not a problem, and the log level here should rather be info or even debug.

The reason you are seeing it is because there are two authentication domains active, Basic (which comes first) and SAML (which comes second). Whenever a SAML authenticated requests hits the Basic domain, authentication fails (as expected). It is then passed to the SAML domain which successfully authenticates the request. So it is expected that the Basic auth domain fails, and that’s why the log level is probably not correct here.

···

On Thursday, August 30, 2018 at 9:30:41 AM UTC-4, Max Caines wrote:

Hi

I’m using SAML authentication, which is working fine, but my Elasticsearch log is full of WARN messages that say:

No ‘Basic Authorization’ header, send 401 and ‘WWW-Authenticate-Basic’

After raising the logging level to DEBUG I found that these were appearing every time my browser refreshed the current dashboard. Immediately after was the line recognizing my username and roles.

Does this indicate a problem? If not, can I suppress these messages? I suppose I could reduce logging to ERROR, but this seems like a bad idea

Regards

Max

As a workaround, you can set the log level of the respective class to error:

logger.searchguard.name = com.floragunn.searchguard.support.HTTPHelper

logger.searchguard.level = error

``

···

On Thursday, August 30, 2018 at 5:32:38 PM UTC-4, Jochen Kressin wrote:

No, it is not a problem, and the log level here should rather be info or even debug.

The reason you are seeing it is because there are two authentication domains active, Basic (which comes first) and SAML (which comes second). Whenever a SAML authenticated requests hits the Basic domain, authentication fails (as expected). It is then passed to the SAML domain which successfully authenticates the request. So it is expected that the Basic auth domain fails, and that’s why the log level is probably not correct here.

On Thursday, August 30, 2018 at 9:30:41 AM UTC-4, Max Caines wrote:

Hi

I’m using SAML authentication, which is working fine, but my Elasticsearch log is full of WARN messages that say:

No ‘Basic Authorization’ header, send 401 and ‘WWW-Authenticate-Basic’

After raising the logging level to DEBUG I found that these were appearing every time my browser refreshed the current dashboard. Immediately after was the line recognizing my username and roles.

Does this indicate a problem? If not, can I suppress these messages? I suppose I could reduce logging to ERROR, but this seems like a bad idea

Regards

Max

Thanks. That does fix it

Max

···

On Thu, 30 Aug 2018 at 22:35, Jochen Kressin jkressin@floragunn.com wrote:

As a workaround, you can set the log level of the respective class to error:

logger.searchguard.name = com.floragunn.searchguard.support.HTTPHelper

logger.searchguard.level = error

``

On Thursday, August 30, 2018 at 5:32:38 PM UTC-4, Jochen Kressin wrote:

No, it is not a problem, and the log level here should rather be info or even debug.

The reason you are seeing it is because there are two authentication domains active, Basic (which comes first) and SAML (which comes second). Whenever a SAML authenticated requests hits the Basic domain, authentication fails (as expected). It is then passed to the SAML domain which successfully authenticates the request. So it is expected that the Basic auth domain fails, and that’s why the log level is probably not correct here.

On Thursday, August 30, 2018 at 9:30:41 AM UTC-4, Max Caines wrote:

Hi

I’m using SAML authentication, which is working fine, but my Elasticsearch log is full of WARN messages that say:

No ‘Basic Authorization’ header, send 401 and ‘WWW-Authenticate-Basic’

After raising the logging level to DEBUG I found that these were appearing every time my browser refreshed the current dashboard. Immediately after was the line recognizing my username and roles.

Does this indicate a problem? If not, can I suppress these messages? I suppose I could reduce logging to ERROR, but this seems like a bad idea

Regards

Max

You received this message because you are subscribed to the Google Groups “Search Guard Community Forum” group.

To unsubscribe from this group and stop receiving emails from it, send an email to search-guard+unsubscribe@googlegroups.com.

To post to this group, send email to search-guard@googlegroups.com.

To view this discussion on the web visit https://groups.google.com/d/msgid/search-guard/5b806baf-566f-434b-b4d7-f3cba0609da1%40googlegroups.com.

For more options, visit https://groups.google.com/d/optout.