"Error loading data" error observed in kibana when keycloak token expires

Hi ,
We are using keycloak openid authentication in kibana.
When Kibana session remains idle for sometime (10mins) and keycloak token expires (token life span is 5 mins) in between that, after that if the user try to do filter on discover page based on a particular time period then the error pop up “Error loading data”.But manually refreshing the page can recover the access, and load the logs"

TypeError: Failed to fetch
at Fetch._callee3$ (https://ip/baseurl/port/bundles/commons.bundle.js:9:1989293)
at l (https://ip/baseurl/port/bundles/kbn-ui-shared-deps/kbn-ui-shared-deps.js:288:969217)
at Generator._invoke (https://ip/baseurl/port/bundles/kbn-ui-shared-deps/kbn-ui-shared-deps.js:288:968970)
at Generator.forEach.e. [as throw] (https://ip/baseurl/port/bundles/kbn-ui-shared-deps/kbn-ui-shared-deps.js:288:969574)
at asyncGeneratorStep (https://ip/baseurl/port/bundles/commons.bundle.js:9:1983787)
at _throw (https://ip/baseurl/port/bundles/commons.bundle.js:9:1984184)

When checked Elasticsearch client logs it says : “log”:“No ‘Basic Authorization’ header, send 401 and ‘WWW-Authenticate Basic’”}

The expectation is it should be redirected to the login page when the keycloak token gets expires.

Hi. What version of SG do you use? Do you see any error in the Kibana or Elasticsearch log?

Hi , Searchguard version used is : 7.8.0-43.0.0.

below error seen in elasticsearch client.

{“type”:“log”,“host”:“elasticsearch-client-68cd995bbd-crf8h”,“level”:“WARN”,“systemid”:“2106a117733f42d697284fbc54927928”,“system”:“XXXX”,“time”: “2020-09-24T12:00:55.992Z”,“logger”:“c.f.s.h.HTTPBasicAuthenticator”,“timezone”:“UTC”,“marker”:"[elasticsearch-client-68cd995bbd-crf8h] ",“log”:“No ‘Basic Authorization’ header, send 401 and ‘WWW-Authenticate Basic’”}

Attaching the kibana error here.kibana_error (12.2 KB)

Hi @shubha02
Thank you for reporting this. I add this to the queue to reproduce. I’ll reach you out when I have results.

Thank you for the response .

This topic was automatically closed 21 days after the last reply. New replies are no longer allowed.