Elastic 8.19.4 and /api/streams/_status

If you think it is a bug report or you have a technical issue, please answer the following questions.

Elasticsearch version: 8.19.4

Kibana version (if relevant): 8.19.4

Browser version (if relevant): N/A

Describe the issue:

After upgrading to 8.19.4, Kibana is unusable, even for admin user. The URL http://localhost:5601/api/streams/_status returns

{
  "statusCode": 401,
  "error": "Unauthorized",
  "message": "Unauthorized: authentication_exception",
  "attributes": {
    "data": null
  }
}

The same URL on 8.18.4 returns:

{
  "enabled": false
}
~

Kibana fails on that and generate a logout. I didn’t change neither SG configuration or version, it was already at version 3.1.2. I tried to reapply the SG configuration.

In Kibana logs, I can see:

[2025-10-06T11:40:02.754+02:00] [WARN ] [http.server.kbn-internal-api-restricted] [{"service":{"node":{"roles":["background_tasks","ui"]}}}] Access to uri [/api/streams/_status] with method [get] is deprecated
[2025-10-06T11:40:02.866+02:00] [ERROR] [plugins.security.authentication] [{"service":{"node":{"roles":["background_tasks","ui"]}}}] License is not available or does not support security features, re-authentication is not possible (available: true, enabled: false, unavailable reason: undefined).

@fbacchella What do you mean by that? Does this refer to api/streams/_status only, or do you have a general Kibana access issue?

What was your SG version in 8.18.4?

Could you share your kibana.yml file?

@fbacchella I’ve just tested with 8.19.4-3.1.2 and I’ve got the below response.

curl --insecure -u admin:admin -XGET https://localhost:5601/api/streams/_status

{"enabled":false}

The deprecation message was also visible in 8.18.4.

I think kibana generate a logout error because of this error, it fails just after it.

I only update ES + Kibana, SG was already in version 3.1.2

here it is.

elasticsearch:
    username: "kibana_system"
    hosts:
        - "https://XXXX:9200"
    ssl:
      certificateAuthorities: /data/kibana/1/conf/allca.crt
    requestTimeout: 180000
    requestHeadersWhitelist: 
        - "authorization"
        - "x-forwarded-for"
        - "x-forwarded-host"
        - "x-forwarded-server"
        - "x-forwarded-by"
        - "x-proxy-user"
        - "x-proxy-roles"
        - "x-remote-user"
        - "CAS_memberOf"
        - "CAS_sAMAccountName"
        - "sgtenant"
server:
    host: "127.0.0.1"
    port: 5601 
    publicBaseUrl: "https://XXXX:5601"
    ssl:
        enabled: false
csp:
    strict: true
searchguard:
    cookie:
        secure: true
    auth:
        type: "proxy"
        debug: false
    accountinfo:
        enabled: true
logging:
    appenders:
        file:
            type: rolling-file
            fileName: /data/kibana/1/logs/kibana.log
            layout:
                type: pattern
                pattern: "[%date] [%level] [%logger] [%meta] %message"
            policy:
                type: time-interval
                interval: 24h
                modulate: true
        systemd:
            type: console
            layout:
                type: json
    root:
        appenders: [file,systemd]
map:
    includeElasticMapsService: true
newsfeed.enabled: false
monitoring.ui.ccs.enabled: false
path:
    data: /data/kibana/1/var
pid:
    file: /run/kibana1/kibana.pid
xpack:
    screenshotting:
        browser.chromium.disableSandbox: false
telemetry:
    optIn: false
    enabled: false

I upgraded my development cluster, in production, I don’t get the message about the license missing.

When I decode the license base64, I’m getting the following result

{"uid":"XXX","type":"FULL","issued_date":"2024-11-26","expiry_date":"2025-12-12","issued_to":"XXX","issuer":"floragunn GmbH","start_date":"2024-12-12","major_version":7,"cluster_name":"*","allowed_node_count_per_cluster":32768,"features":[],"license_version":1}

AS I’m using Apache in front of Kibana, I was able to hide the suspected /api/streams/_status behind a 404, it didn’t change any thing, but I’m still getting

[2025-10-07T12:09:11.112+02:00] [ERROR] [plugins.security.authentication] [{"service":{"node":{"roles":["background_tasks","ui"]}}}] License is not available or does not support security features, re-authentication is not possible (available: true, enabled: false, unavailable reason: undefined).

I don’t understand what is generating it

This issue is currently being investigated.

Hello, we are facing the same issue. Any new information on this?

This topic was automatically closed 21 days after the last reply. New replies are no longer allowed.

@thorteschenk The reported 401 error is generated when `xpack.encryptedSavedObjects.encryptionKey` is configured in either kibana.yml or kibana.keystore.

This will also cause an infinite reload of the Kibana UI after successful proxy authentication.

Removing `xpack.encryptedSavedObjects.encryptionKey` will solve the proxy authentication loop.

However, this will also result in generating the following error in Kibana logs.
```
[2025-11-11T14:26:31.514+00:00][ERROR][plugins.streams] Error: Unable to create alerts client because the Encrypted Saved Objects plugin is missing encryption key. Please set xpack.encryptedSavedObjects.encryptionKey in the kibana.yml or use the bin/kibana-encryption-keys command.
at Object.getRulesClientWithRequest (/usr/share/kibana/node_modules/@kbn/alerting-plugin/server/plugin.js:444:15)
at AssetService.getClientWithRequest (/usr/share/kibana/node_modules/@kbn/streams-plugin/server/lib/streams/assets/asset_service.js:30:48)
at processTicksAndRejections (node:internal/process/task_queues:105:5)
at async Promise.all (index 1)
at getScopedClients (/usr/share/kibana/node_modules/@kbn/streams-plugin/server/plugin.js:129:75)
at handler (/usr/share/kibana/node_modules/@kbn/streams-plugin/server/routes/streams/management/route.js:105:9)
at wrappedHandler (/usr/share/kibana/node_modules/@kbn/server-route-repository/src/register_routes.js:61:13)
[2025-11-11T14:26:31.595+00:00][ERROR][http] 500 Server Error
```
The above error won’t kill the Kibana service. This issue is currently being investigated.