Kibana boom error after install Search Guard

Hello !
After install search guard plugin for elasticsearch and Kibana i have trouble with create index pattern in management tab on kibana

In browser:

Error: An internal server error occurred

at https://------/bundles/kibana.bundle.js?v=15543:227:21357
at processQueue (https://------/bundles/commons.bundle.js?v=15543:38:23621)
at https://----------/bundles/commons.bundle.js?v=15543:38:23888
at Scope.$eval (https://------------/bundles/commons.bundle.js?v=15543:39:4619)
at Scope.$digest (https://--------------/bundles/commons.bundle.js?v=15543:39:2359)
at Scope.$apply (https://------------------/bundles/commons.bundle.js?v=15543:39:5037)
at done (https://----------------------/bundles/commons.bundle.js?v=15543:37:25027)
at completeRequest (https://---------------/bundles/commons.bundle.js?v=15543:37:28702)
at XMLHttpRequest.xhr.onload (https://------------/bundles/commons.bundle.js?v=15543:37:29634)

In kibana log:

{“type”:“error”,"@timestamp":“2017-10-23T11:29:32Z”,“tags”:,“pid”:7526,“level”:“error”,“message”:“Cannot provide statusCode or message with boom error”,“error”:{“message”:“Cannot provide statusCode or message with boom error”,“name”:“Error”,“stack”:“Error: Cannot provide statusCode or message with boom error\n at Object.exports.assert (/usr/share/kibana/node_modules/hoek/lib/index.js:736:11)\n at Object.exports.wrap (/usr/share/kibana/node_modules/boom/lib/index.js:96:10)\n at convertEsError (/usr/share/kibana/src/server/index_patterns/service/lib/errors.js:67:25)\n at /usr/share/kibana/src/server/index_patterns/service/lib/es_api.js:63:40\n at throw (native)\n at step (/usr/share/kibana/src/server/index_patterns/service/lib/es_api.js:74:191)\n at /usr/share/kibana/src/server/index_patterns/service/lib/es_api.js:74:402”},“url”:{“protocol”:null,“slashes”:null,“auth”:null,“host”:null,“port”:null,“hostname”:null,“hash”:null,“search”:"?pattern=logstash-&meta_fields=%5B%22_source%22%2C%22_id%22%2C%22_type%22%2C%22_index%22%2C%22_score%22%5D",“query”:{“pattern”:"logstash-",“meta_fields”:"["_source","_id","_type","_index","_score"]"},“pathname”:"/api/index_patterns/_fields_for_wildcard",“path”:"/api/index_patterns/_fields_for_wildcard?pattern=logstash-&meta_fields=%5B%22_source%22%2C%22_id%22%2C%22_type%22%2C%22_index%22%2C%22_score%22%5D",“href”:"/api/index_patterns/_fields_for_wildcard?pattern=logstash-&meta_fields=%5B%22_source%22%2C%22_id%22%2C%22_type%22%2C%22_index%22%2C%22_score%22%5D"}}

Please post:

  • which version of ES/KI/SG and the plugin you are using

  • which roles does the user you log in with have, and which permissions do these roles have? Just post the Search Guard config files you are using

  • do you have any other plugins installed?

  • please post the contents of the ES log file when the KI error happens

Your error description is too vague, we need the above infos otherwise we can’t help.

···

On Monday, October 23, 2017 at 1:30:23 PM UTC+2, Sergey Emcev wrote:

Hello !
After install search guard plugin for elasticsearch and Kibana i have trouble with create index pattern in management tab on kibana

In browser:

Error: An internal server error occurred

at https://------/bundles/kibana. bundle.js?v=15543:227:21357
at processQueue (https://------/bundles/commons.bundle.js?v=15543:38: 23621)
at https://----------/bundles/commons.bundle.js?v=15543:38: 23888
at Scope.$eval (https://------------/bundles/commons.bundle.js?v=15543:39: 4619)
at Scope.$digest (https://--------------/bundles/commons.bundle.js?v= 15543:39:2359)
at Scope.$apply (https://------------------/bundles/commons.bundle.js?v= 15543:39:5037)
at done (https://----------------------/bundles/commons.bundle.js?v= 15543:37:25027)
at completeRequest (https://---------------/bundles/commons.bundle.js?v= 15543:37:28702)
at XMLHttpRequest.xhr.onload (https://------------/bundles/commons.bundle.js?v=15543:37:29634)

In kibana log:

{“type”:“error”,"@timestamp":“2017-10-23T11:29:32Z”,“tags”:,“pid”:7526,“level”:“error”,“message”:“Cannot provide statusCode or message with boom error”,“error”:{“message”:“Cannot provide statusCode or message with boom error”,“name”:“Error”,“stack”:“Error: Cannot provide statusCode or message with boom error\n at Object.exports.assert (/usr/share/kibana/node_modules/hoek/lib/index.js:736:11)\n at Object.exports.wrap (/usr/share/kibana/node_modules/boom/lib/index.js:96:10)\n at convertEsError (/usr/share/kibana/src/server/index_patterns/service/lib/errors.js:67:25)\n at /usr/share/kibana/src/server/index_patterns/service/lib/es_api.js:63:40\n at throw (native)\n at step (/usr/share/kibana/src/server/index_patterns/service/lib/es_api.js:74:191)\n at /usr/share/kibana/src/server/index_patterns/service/lib/es_api.js:74:402”},“url”:{“protocol”:null,“slashes”:null,“auth”:null,“host”:null,“port”:null,“hostname”:null,“hash”:null,“search”:"?pattern=logstash-&meta_fields=%5B%22_source%22%2C%22_id%22%2C%22_type%22%2C%22_index%22%2C%22_score%22%5D",“query”:{“pattern”:"logstash-",“meta_fields”:"["_source","_id","_type","_index","_score"]"},“pathname”:"/api/index_patterns/_fields_for_wildcard",“path”:"/api/index_patterns/_fields_for_wildcard?pattern=logstash-&meta_fields=%5B%22_source%22%2C%22_id%22%2C%22_type%22%2C%22_index%22%2C%22_score%22%5D",“href”:"/api/index_patterns/_fields_for_wildcard?pattern=logstash-&meta_fields=%5B%22_source%22%2C%22_id%22%2C%22_type%22%2C%22_index%22%2C%22_score%22%5D"}}

First, it seems you do not have the Search Guard Kibana plugin installed, this is required for Kibana session management:

Then it looks like you have configured TLS on REST layer (aka HTTPS), but Kibana is till talking HTTP, see this error message:

2017-10-23T15:01:35,565][WARN ][c.f.s.h.SearchGuardHttpServerTransport] [------] Someone (/127.0.0.1:60938) speaks http plaintext instead of ssl, will close the channel

Please configure HTTPS for your KI - ES connection, described here in the docs:

···

On Monday, October 23, 2017 at 1:33:48 PM UTC+2, Jochen Kressin wrote:

Please post:

  • which version of ES/KI/SG and the plugin you are using
  • which roles does the user you log in with have, and which permissions do these roles have? Just post the Search Guard config files you are using
  • do you have any other plugins installed?
  • please post the contents of the ES log file when the KI error happens

Your error description is too vague, we need the above infos otherwise we can’t help.

On Monday, October 23, 2017 at 1:30:23 PM UTC+2, Sergey Emcev wrote:

Hello !
After install search guard plugin for elasticsearch and Kibana i have trouble with create index pattern in management tab on kibana

In browser:

Error: An internal server error occurred

at https://------/bundles/kibana. bundle.js?v=15543:227:21357
at processQueue (https://------/bundles/commons.bundle.js?v=15543:38: 23621)
at https://----------/bundles/commons.bundle.js?v=15543:38: 23888
at Scope.$eval (https://------------/bundles/commons.bundle.js?v=15543:39: 4619)
at Scope.$digest (https://--------------/bundles/commons.bundle.js?v= 15543:39:2359)
at Scope.$apply (https://------------------/bundles/commons.bundle.js?v= 15543:39:5037)
at done (https://----------------------/bundles/commons.bundle.js?v= 15543:37:25027)
at completeRequest (https://---------------/bundles/commons.bundle.js?v= 15543:37:28702)
at XMLHttpRequest.xhr.onload (https://------------/bundles/commons.bundle.js?v=15543:37:29634)

In kibana log:

{“type”:“error”,"@timestamp":“2017-10-23T11:29:32Z”,“tags”:,“pid”:7526,“level”:“error”,“message”:“Cannot provide statusCode or message with boom error”,“error”:{“message”:“Cannot provide statusCode or message with boom error”,“name”:“Error”,“stack”:“Error: Cannot provide statusCode or message with boom error\n at Object.exports.assert (/usr/share/kibana/node_modules/hoek/lib/index.js:736:11)\n at Object.exports.wrap (/usr/share/kibana/node_modules/boom/lib/index.js:96:10)\n at convertEsError (/usr/share/kibana/src/server/index_patterns/service/lib/errors.js:67:25)\n at /usr/share/kibana/src/server/index_patterns/service/lib/es_api.js:63:40\n at throw (native)\n at step (/usr/share/kibana/src/server/index_patterns/service/lib/es_api.js:74:191)\n at /usr/share/kibana/src/server/index_patterns/service/lib/es_api.js:74:402”},“url”:{“protocol”:null,“slashes”:null,“auth”:null,“host”:null,“port”:null,“hostname”:null,“hash”:null,“search”:"?pattern=logstash-&meta_fields=%5B%22_source%22%2C%22_id%22%2C%22_type%22%2C%22_index%22%2C%22_score%22%5D",“query”:{“pattern”:"logstash-",“meta_fields”:"["_source","_id","_type","_index","_score"]"},“pathname”:"/api/index_patterns/_fields_for_wildcard",“path”:"/api/index_patterns/_fields_for_wildcard?pattern=logstash-&meta_fields=%5B%22_source%22%2C%22_id%22%2C%22_type%22%2C%22_index%22%2C%22_score%22%5D",“href”:"/api/index_patterns/_fields_for_wildcard?pattern=logstash-&meta_fields=%5B%22_source%22%2C%22_id%22%2C%22_type%22%2C%22_index%22%2C%22_score%22%5D"}}

No, No - i installed plugin Search guard for Kibana

And https also configured

See attached

Ok, let’s analyze step by step. This error message from your ES logfile:

2017-10-23T15:01:35,565][WARN ][c.f.s.h.SearchGuardHttpServerTransport] [------] Someone (/127.0.0.1:60938) speaks http plaintext instead of ssl, will close the channel

Means that someone (a plugin, a tool etc.) is trying to connect to your ES cluster with HTTP, and not HTTPS. If you have other tools or plugins enabled, please disable them first, so we can have a clearer picture.

Please also post your kibana.yml, maybe it’s about the HTTP header.

Also, set your ES cluster to debug level, restart, and reproduce the error. We need to see the ES log in the moment when the error occurs.

How to enable debug level for SG plugin:

http://floragunncom.github.io/search-guard-docs/tls_troubleshooting.html

Section “Setting the log level to debug”

···

On Monday, October 23, 2017 at 2:17:32 PM UTC+2, Sergey Emcev wrote:

No, No - i installed plugin Search guard for Kibana

And https also configured

See attached

Ok. Found who send http - logstash. Disable

Here is parameters in my kibana.yml

server.port: 5601

server.host: “0.0.0.0”

elasticsearch.url: “https://---------------:9200”

elasticsearch.username: “kibanaserver”

elasticsearch.password: “kibanaserver”

searchguard.basicauth.enabled: false

searchguard.multitenancy.enabled: false

elasticsearch.ssl.verificationMode: none

ES log in error moment attached

es.log (137 KB)

You have set basic authentication to false in kibana.yml:

searchguard.basicauth.enabled: false

Which means the login dialogue is not displayed and no user credentials are passed from Kibana to Elasticsearch. If you want to use HTTP Basic Authentication, then you need this parameter set to true. From the logfiles, I can see that you have an HTTP Basic Authenticator enabled in sg_config, so I’m assuming that’s what you want to use. If you intend to use some SSO auth, like JWT or Proxy, let me know.

···

On Monday, October 23, 2017 at 3:38:30 PM UTC+2, Sergey Emcev wrote:

Ok. Found who send http - logstash. Disable

Here is parameters in my kibana.yml

server.port: 5601

server.host: “0.0.0.0”

elasticsearch.url: “https://---------------:9200”

elasticsearch.username: “kibanaserver”

elasticsearch.password: “kibanaserver”

searchguard.basicauth.enabled: false

searchguard.multitenancy.enabled: false

elasticsearch.ssl.verificationMode: none

ES log in error moment attached

We use kerberos and no need basic authentication.

···

понедельник, 23 октября 2017 г., 16:59:23 UTC+3 пользователь Jochen Kressin написал:

You have set basic authentication to false in kibana.yml:

searchguard.basicauth.enabled: false

Which means the login dialogue is not displayed and no user credentials are passed from Kibana to Elasticsearch. If you want to use HTTP Basic Authentication, then you need this parameter set to true. From the logfiles, I can see that you have an HTTP Basic Authenticator enabled in sg_config, so I’m assuming that’s what you want to use. If you intend to use some SSO auth, like JWT or Proxy, let me know.

So please check first if you can access ES directly with Kerberos, not via Kibana. I want to first make sure basic Kerberos auth is working. Please also post the Search Guard configuraton files.

···

On Monday, October 23, 2017 at 4:11:01 PM UTC+2, Sergey Emcev wrote:

We use kerberos and no need basic authentication.

понедельник, 23 октября 2017 г., 16:59:23 UTC+3 пользователь Jochen Kressin написал:

You have set basic authentication to false in kibana.yml:

searchguard.basicauth.enabled: false

Which means the login dialogue is not displayed and no user credentials are passed from Kibana to Elasticsearch. If you want to use HTTP Basic Authentication, then you need this parameter set to true. From the logfiles, I can see that you have an HTTP Basic Authenticator enabled in sg_config, so I’m assuming that’s what you want to use. If you intend to use some SSO auth, like JWT or Proxy, let me know.

Attached screenshot directly connect to es via kerberos and sg_config
In sg_roles_mapping i add my account to group sg_all_access

sg_config.txt (5.62 KB)

···

понедельник, 23 октября 2017 г., 17:15:01 UTC+3 пользователь Jochen Kressin написал:

So please check first if you can access ES directly with Kerberos, not via Kibana. I want to first make sure basic Kerberos auth is working. Please also post the Search Guard configuraton files.

On Monday, October 23, 2017 at 4:11:01 PM UTC+2, Sergey Emcev wrote:

We use kerberos and no need basic authentication.

понедельник, 23 октября 2017 г., 16:59:23 UTC+3 пользователь Jochen Kressin написал:

You have set basic authentication to false in kibana.yml:

searchguard.basicauth.enabled: false

Which means the login dialogue is not displayed and no user credentials are passed from Kibana to Elasticsearch. If you want to use HTTP Basic Authentication, then you need this parameter set to true. From the logfiles, I can see that you have an HTTP Basic Authenticator enabled in sg_config, so I’m assuming that’s what you want to use. If you intend to use some SSO auth, like JWT or Proxy, let me know.

Ok, the configs seem valid, we’ll need to investigate this. Just a last check - please verify that this error also occurs when Sentinl is not installed (means, please remove it from plugins folder, don’t just disable it in kibana.yml)

···

On Monday, October 23, 2017 at 4:29:37 PM UTC+2, Sergey Emcev wrote:

Attached screenshot directly connect to es via kerberos and sg_config
In sg_roles_mapping i add my account to group sg_all_access

понедельник, 23 октября 2017 г., 17:15:01 UTC+3 пользователь Jochen Kressin написал:

So please check first if you can access ES directly with Kerberos, not via Kibana. I want to first make sure basic Kerberos auth is working. Please also post the Search Guard configuraton files.

On Monday, October 23, 2017 at 4:11:01 PM UTC+2, Sergey Emcev wrote:

We use kerberos and no need basic authentication.

понедельник, 23 октября 2017 г., 16:59:23 UTC+3 пользователь Jochen Kressin написал:

You have set basic authentication to false in kibana.yml:

searchguard.basicauth.enabled: false

Which means the login dialogue is not displayed and no user credentials are passed from Kibana to Elasticsearch. If you want to use HTTP Basic Authentication, then you need this parameter set to true. From the logfiles, I can see that you have an HTTP Basic Authenticator enabled in sg_config, so I’m assuming that’s what you want to use. If you intend to use some SSO auth, like JWT or Proxy, let me know.

Ok, remove sentinl.

The problem not solve.

···

понедельник, 23 октября 2017 г., 20:21:58 UTC+3 пользователь Jochen Kressin написал:

Ok, the configs seem valid, we’ll need to investigate this. Just a last check - please verify that this error also occurs when Sentinl is not installed (means, please remove it from plugins folder, don’t just disable it in kibana.yml)

On Monday, October 23, 2017 at 4:29:37 PM UTC+2, Sergey Emcev wrote:

Attached screenshot directly connect to es via kerberos and sg_config
In sg_roles_mapping i add my account to group sg_all_access

понедельник, 23 октября 2017 г., 17:15:01 UTC+3 пользователь Jochen Kressin написал:

So please check first if you can access ES directly with Kerberos, not via Kibana. I want to first make sure basic Kerberos auth is working. Please also post the Search Guard configuraton files.

On Monday, October 23, 2017 at 4:11:01 PM UTC+2, Sergey Emcev wrote:

We use kerberos and no need basic authentication.

понедельник, 23 октября 2017 г., 16:59:23 UTC+3 пользователь Jochen Kressin написал:

You have set basic authentication to false in kibana.yml:

searchguard.basicauth.enabled: false

Which means the login dialogue is not displayed and no user credentials are passed from Kibana to Elasticsearch. If you want to use HTTP Basic Authentication, then you need this parameter set to true. From the logfiles, I can see that you have an HTTP Basic Authenticator enabled in sg_config, so I’m assuming that’s what you want to use. If you intend to use some SSO auth, like JWT or Proxy, let me know.

Well, after update elasticsearch, kibana, logstah and search-guard plugin for elasticsearch and kibana … it works !
I did not do anything else

Magic …

···

вторник, 24 октября 2017 г., 12:32:43 UTC+3 пользователь Sergey Emcev написал:

Ok, remove sentinl.

The problem not solve.

понедельник, 23 октября 2017 г., 20:21:58 UTC+3 пользователь Jochen Kressin написал:

Ok, the configs seem valid, we’ll need to investigate this. Just a last check - please verify that this error also occurs when Sentinl is not installed (means, please remove it from plugins folder, don’t just disable it in kibana.yml)

On Monday, October 23, 2017 at 4:29:37 PM UTC+2, Sergey Emcev wrote:

Attached screenshot directly connect to es via kerberos and sg_config
In sg_roles_mapping i add my account to group sg_all_access

понедельник, 23 октября 2017 г., 17:15:01 UTC+3 пользователь Jochen Kressin написал:

So please check first if you can access ES directly with Kerberos, not via Kibana. I want to first make sure basic Kerberos auth is working. Please also post the Search Guard configuraton files.

On Monday, October 23, 2017 at 4:11:01 PM UTC+2, Sergey Emcev wrote:

We use kerberos and no need basic authentication.

понедельник, 23 октября 2017 г., 16:59:23 UTC+3 пользователь Jochen Kressin написал:

You have set basic authentication to false in kibana.yml:

searchguard.basicauth.enabled: false

Which means the login dialogue is not displayed and no user credentials are passed from Kibana to Elasticsearch. If you want to use HTTP Basic Authentication, then you need this parameter set to true. From the logfiles, I can see that you have an HTTP Basic Authenticator enabled in sg_config, so I’m assuming that’s what you want to use. If you intend to use some SSO auth, like JWT or Proxy, let me know.

I’d really like to understand the magic here :wink: because clearly, something was going on with your setup. We’ve tried to replicate the issue yesterday with the versions and configs you provided, but were not able to.

So, can you please share what exactly you did / upgraded / to which version? Because so far all our Kerberos integration tests are working fine ootb and we want to make sure there’s no real issue in SG itself.

Thanks!

···

On Wednesday, October 25, 2017 at 4:08:29 PM UTC+2, Sergey Emcev wrote:

Well, after update elasticsearch, kibana, logstah and search-guard plugin for elasticsearch and kibana … it works !
I did not do anything else

Magic …

вторник, 24 октября 2017 г., 12:32:43 UTC+3 пользователь Sergey Emcev написал:

Ok, remove sentinl.

The problem not solve.

понедельник, 23 октября 2017 г., 20:21:58 UTC+3 пользователь Jochen Kressin написал:

Ok, the configs seem valid, we’ll need to investigate this. Just a last check - please verify that this error also occurs when Sentinl is not installed (means, please remove it from plugins folder, don’t just disable it in kibana.yml)

On Monday, October 23, 2017 at 4:29:37 PM UTC+2, Sergey Emcev wrote:

Attached screenshot directly connect to es via kerberos and sg_config
In sg_roles_mapping i add my account to group sg_all_access

понедельник, 23 октября 2017 г., 17:15:01 UTC+3 пользователь Jochen Kressin написал:

So please check first if you can access ES directly with Kerberos, not via Kibana. I want to first make sure basic Kerberos auth is working. Please also post the Search Guard configuraton files.

On Monday, October 23, 2017 at 4:11:01 PM UTC+2, Sergey Emcev wrote:

We use kerberos and no need basic authentication.

понедельник, 23 октября 2017 г., 16:59:23 UTC+3 пользователь Jochen Kressin написал:

You have set basic authentication to false in kibana.yml:

searchguard.basicauth.enabled: false

Which means the login dialogue is not displayed and no user credentials are passed from Kibana to Elasticsearch. If you want to use HTTP Basic Authentication, then you need this parameter set to true. From the logfiles, I can see that you have an HTTP Basic Authenticator enabled in sg_config, so I’m assuming that’s what you want to use. If you intend to use some SSO auth, like JWT or Proxy, let me know.

All components upgraded from 5.6.2 to 5.6.3

···

четверг, 26 октября 2017 г., 12:06:35 UTC+3 пользователь Jochen Kressin написал:

I’d really like to understand the magic here :wink: because clearly, something was going on with your setup. We’ve tried to replicate the issue yesterday with the versions and configs you provided, but were not able to.

So, can you please share what exactly you did / upgraded / to which version? Because so far all our Kerberos integration tests are working fine ootb and we want to make sure there’s no real issue in SG itself.

Thanks!

On Wednesday, October 25, 2017 at 4:08:29 PM UTC+2, Sergey Emcev wrote:

Well, after update elasticsearch, kibana, logstah and search-guard plugin for elasticsearch and kibana … it works !
I did not do anything else

Magic …

вторник, 24 октября 2017 г., 12:32:43 UTC+3 пользователь Sergey Emcev написал:

Ok, remove sentinl.

The problem not solve.

понедельник, 23 октября 2017 г., 20:21:58 UTC+3 пользователь Jochen Kressin написал:

Ok, the configs seem valid, we’ll need to investigate this. Just a last check - please verify that this error also occurs when Sentinl is not installed (means, please remove it from plugins folder, don’t just disable it in kibana.yml)

On Monday, October 23, 2017 at 4:29:37 PM UTC+2, Sergey Emcev wrote:

Attached screenshot directly connect to es via kerberos and sg_config
In sg_roles_mapping i add my account to group sg_all_access

понедельник, 23 октября 2017 г., 17:15:01 UTC+3 пользователь Jochen Kressin написал:

So please check first if you can access ES directly with Kerberos, not via Kibana. I want to first make sure basic Kerberos auth is working. Please also post the Search Guard configuraton files.

On Monday, October 23, 2017 at 4:11:01 PM UTC+2, Sergey Emcev wrote:

We use kerberos and no need basic authentication.

понедельник, 23 октября 2017 г., 16:59:23 UTC+3 пользователь Jochen Kressin написал:

You have set basic authentication to false in kibana.yml:

searchguard.basicauth.enabled: false

Which means the login dialogue is not displayed and no user credentials are passed from Kibana to Elasticsearch. If you want to use HTTP Basic Authentication, then you need this parameter set to true. From the logfiles, I can see that you have an HTTP Basic Authenticator enabled in sg_config, so I’m assuming that’s what you want to use. If you intend to use some SSO auth, like JWT or Proxy, let me know.

This seems to be an Elastic/Kibana issue, not a Search Guard issue:

···

On Thursday, October 26, 2017 at 2:23:33 PM UTC+2, Sergey Emcev wrote:

All components upgraded from 5.6.2 to 5.6.3

четверг, 26 октября 2017 г., 12:06:35 UTC+3 пользователь Jochen Kressin написал:

I’d really like to understand the magic here :wink: because clearly, something was going on with your setup. We’ve tried to replicate the issue yesterday with the versions and configs you provided, but were not able to.

So, can you please share what exactly you did / upgraded / to which version? Because so far all our Kerberos integration tests are working fine ootb and we want to make sure there’s no real issue in SG itself.

Thanks!

On Wednesday, October 25, 2017 at 4:08:29 PM UTC+2, Sergey Emcev wrote:

Well, after update elasticsearch, kibana, logstah and search-guard plugin for elasticsearch and kibana … it works !
I did not do anything else

Magic …

вторник, 24 октября 2017 г., 12:32:43 UTC+3 пользователь Sergey Emcev написал:

Ok, remove sentinl.

The problem not solve.

понедельник, 23 октября 2017 г., 20:21:58 UTC+3 пользователь Jochen Kressin написал:

Ok, the configs seem valid, we’ll need to investigate this. Just a last check - please verify that this error also occurs when Sentinl is not installed (means, please remove it from plugins folder, don’t just disable it in kibana.yml)

On Monday, October 23, 2017 at 4:29:37 PM UTC+2, Sergey Emcev wrote:

Attached screenshot directly connect to es via kerberos and sg_config
In sg_roles_mapping i add my account to group sg_all_access

понедельник, 23 октября 2017 г., 17:15:01 UTC+3 пользователь Jochen Kressin написал:

So please check first if you can access ES directly with Kerberos, not via Kibana. I want to first make sure basic Kerberos auth is working. Please also post the Search Guard configuraton files.

On Monday, October 23, 2017 at 4:11:01 PM UTC+2, Sergey Emcev wrote:

We use kerberos and no need basic authentication.

понедельник, 23 октября 2017 г., 16:59:23 UTC+3 пользователь Jochen Kressin написал:

You have set basic authentication to false in kibana.yml:

searchguard.basicauth.enabled: false

Which means the login dialogue is not displayed and no user credentials are passed from Kibana to Elasticsearch. If you want to use HTTP Basic Authentication, then you need this parameter set to true. From the logfiles, I can see that you have an HTTP Basic Authenticator enabled in sg_config, so I’m assuming that’s what you want to use. If you intend to use some SSO auth, like JWT or Proxy, let me know.