Hi,
I’m setting up a fresh new cluster with latest ES/SG.
I’d like kibana to auth using clientcert.
I thus set up kibana.yml
like this:
#NO elasticsearch.username: kibana
elasticsearch.ssl.certificate: /etc/kibana/ssl/Kibana User.crt
elasticsearch.ssl.key: /etc/kibana/ssl/Kibana User.key
The subject of that client cert is CN=Kibana User
And I’ve added the following permissions in sg_roles_mapping.yml
:
SGS_KIBANA_SERVER:
users:
- CN=Kibana User
However, this doesn’t need to suffice for kibana to start:
kibana[2073]: {"type":"log","@timestamp":"2020-04-02T13:36:59Z","tags":["warning","migrations"],"pid":2073,"message":"Unable to connect to Elasticsearch. Error: [security_exception] no permissions for [indices:admin/get] and User [name=CN=Kibana User, backend_roles=[], requestedTenant=null]"}
When I add the SGS_KIBANA_USER
role to the user, kibana is happy.
Did I miss something?