I have a problem with Keycloak Authentication and Searchguard.
It all works perfectly: I can login via keycloak accounts in Kibana, Roles are loaded, permissions are granted, etc. It’s beautiful, thank you very very much.
But sometimes in Kibana there is some weird stuff going on, I believe it’s because the autentication of Keycloak runs out? But here is what happens:
I go to the Kibana Dev Tools and run: “GET _cluster/health”, which works.
If I then come back after a couple of minutes and try to the same command (or actually any other command) again, the request just times out and ends up with a gateway timeout after 90 secs (the loadbalancer in front of Kibana has that). The Request was:
POST https://logs-db-ui-lagoon-master.ch.amazee.io/api/console/proxy?path=_cluster%2Fhealth&method=GET
On the Kibana Logs I can see:
If I then refresh the browser (F5) the next requests takes very long (~25 secs) and then the response runs me into another oAuth of Keycloak (redirect to /auth/openid/login?nextUrl=%2Fapp%2Fkibana and so forth). Keycloak does a new authentication and the kibana UI works again.
Another thing happens when instead of running another command, if I click on “Discover” the following requests are happening:
Status Code: 302 Found: /auth/openid/login?nextUrl=%2Fapi%2Fsaved_objects%2F_find%3Ftype%3Dindex-pattern%26per_page%3D10000
Status Code: 204 No Content
<>
While the regular Authentication when Visiting Kibana fresh is:
https://logs-db-ui-lagoon-master.ch.amazee.io/app/kibana
Status Code: 302 Found: /auth/openid/login?nextUrl=%2Fapp%2Fkibana
https://logs-db-ui-lagoon-master.ch.amazee.io/auth/openid/login?nextUrl=%2Fapp%2Fkibana
Status Code: 302 Found: Sign in to lagoon
Status Code: 302 Found: Sign in to lagoon
https://logs-db-ui-lagoon-master.ch.amazee.io/app/kibana
Status Code: 200 OK
<>
Would be awesome to get some pointers where there maybe could be something wrong? Maybe even in Keycloak?
Thanks
-
Search Guard and Elasticsearch version:
Elasticsearch 6.4.2 Searchguard Plugin 6.4.2-23.1, Kibana: 6.4.2 & Searchguard Plugin 6.4.2-15 -
Installed and used enterprise modules:
- multitenancy
- JVM version and operating system version
-
OS[Linux/3.10.0-862.14.4.el7.x86_64/amd64]
-
JVM[“Oracle Corporation”/OpenJDK 64-Bit Server VM/10.0.2/10.0.2+13]
- Search Guard configuration files
ES: https://github.com/amazeeio/lagoon/blob/master/services/logs-db/sgconfig/sg_config.yml
Kibana: https://github.com/amazeeio/lagoon/blob/master/services/logs-db-ui/Dockerfile
- Keycloak Config:
According to Kibana Single Sign-On with OpenID and Keycloak | Search Guard