Kibana asks for authentication twice !

Hi folks,

So I get all the Searchguard running with ELK stack - but now when I authenticate into kibana I need to authenticate twice - what could be the problem?

ELK: 5.2.2

Searchguard: 5.2.2-12

Kibana conf:

kibana.index: “.kibana-operations”

elasticsearch.preserveHost: false

elasticsearch.ssl.ca: “/etc/kibana/root-ca.pem”

elasticsearch.ssl.verify: false

elasticsearch.username: “kibanaserver”

elasticsearch.password: “password”

elasticsearch.url: “https://kibanaserver:9200

console.proxyConfig:

  • match:

protocol: “https”

ssl:

ca: “/etc/kibana/root-ca.pem”

kibana.log (16.6 KB)

···

Elasticsearch conf:

bootstrap: {memory_lock: true}

cluster: {name: elasticsearch}

discovery:

zen:

minimum_master_nodes: 2

ping:

unicast: {hosts: ‘kibanaserver,kibanaserver2’}

http: {host: 10.3.0.221, max_content_length: 100mb, port: 9200}

network: {host: 10.3.0.221}

node: {data: true, master: true, name: kibanaserver}

path: {conf: /etc/elasticsearch, data: /var/lib/elasticsearch, logs: /var/log/elasticsearch,

scripts: /usr/share/elasticsearch/config/scripts}

searchguard:

authcz.admin_dn: [‘CN=admin, OU=yolo, O=yolo, L=SA, C=US’]

ssl:

http: {enabled: true, keystore_filepath: 'kibanaserver-keystore.jks, keystore_password: password,

truststore_filepath: truststore.jks, truststore_password: password}

transport: {enforce_hostname_verification: false, keystore_filepath: 'kibanaserver-keystore.jks,

keystore_password: password, truststore_filepath: truststore.jks,

truststore_password: password}

transport: {tcp.compress: true, tcp.port: 9300}


logs from kibana are attached.

Now as you can see it seems like there’s two authentications:

First to http://kibanaserver:5562/app/kibana

Second: /es_admin/.kibana-operations/index-pattern/_search?stored_fields

https://github.com/floragunncom/search-guard/issues/298

···

Am 07.03.2017 um 16:55 schrieb Oucema Bellagha <bellagha.oucema@gmail.com>:

Hi folks,

So I get all the Searchguard running with ELK stack - but now when I authenticate into kibana I need to authenticate twice - what could be the problem?
ELK: 5.2.2
Searchguard: 5.2.2-12

Kibana conf:
kibana.index: ".kibana-operations"

elasticsearch.preserveHost: false
elasticsearch.ssl.ca: "/etc/kibana/root-ca.pem"
elasticsearch.ssl.verify: false
elasticsearch.username: "kibanaserver"
elasticsearch.password: "password"
elasticsearch.url: "https://kibanaserver:9200"

console.proxyConfig:
  - match:
      protocol: "https"
    ssl:
      ca: "/etc/kibana/root-ca.pem"
-------------------------------------------------------------------------------------------------------------------
Elasticsearch conf:
bootstrap: {memory_lock: true}
cluster: {name: elasticsearch}
discovery:
  zen:
    minimum_master_nodes: 2
    ping:
      unicast: {hosts: 'kibanaserver,kibanaserver2'}
http: {host: 10.3.0.221, max_content_length: 100mb, port: 9200}
network: {host: 10.3.0.221}
node: {data: true, master: true, name: kibanaserver}
path: {conf: /etc/elasticsearch, data: /var/lib/elasticsearch, logs: /var/log/elasticsearch,
  scripts: /usr/share/elasticsearch/config/scripts}
searchguard:
  authcz.admin_dn: ['CN=admin, OU=yolo, O=yolo, L=SA, C=US']
  ssl:
    http: {enabled: true, keystore_filepath: 'kibanaserver-keystore.jks, keystore_password: password,
      truststore_filepath: truststore.jks, truststore_password: password}
    transport: {enforce_hostname_verification: false, keystore_filepath: 'kibanaserver-keystore.jks,
      keystore_password: password, truststore_filepath: truststore.jks,
      truststore_password: password}
transport: {tcp.compress: true, tcp.port: 9300}

----------------------------------------------------------------------------------------------------------------
logs from kibana are attached.

Now as you can see it seems like there's two authentications:

First to http://kibanaserver:5562/app/kibana

Second: /es_admin/.kibana-operations/index-pattern/_search?stored_fields

--
You received this message because you are subscribed to the Google Groups "Search Guard" group.
To unsubscribe from this group and stop receiving emails from it, send an email to search-guard+unsubscribe@googlegroups.com.
To post to this group, send email to search-guard@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/search-guard/3e9ee64f-36f9-447c-8c4d-2b46f1c256d5%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
<kibana.log>