Proxy Authentication not working

  • Search Guard and Elasticsearch version : 5.4.2

  • Installed and used enterprise modules, if any: none

  • JVM version and operating system version : java version 8, windows 10

  • Other installed Elasticsearch or Kibana plugins: none

I am trying to authenticate elasticsearch index by sending get request to obtain authinfo via postman

here is my get request:

http://localhost:9200/_searchguard/authinfo

[{“key”:“x-forwarded-for”,“value”:“localhost”,“description”:“”},{“key”:“x-proxy-user”,“value”:“samreen”,“description”:“”},{“key”:“x-proxy-roles”,“value”:“sg_samreen_custom”,“description”:“”}]

in sg_roles i have defined:

sg_samreen_custom:

cluster:

-UNLIMITED

indices:

‘samreen’:

‘*’:

  • INDICES_ALL

in sg_roles_mapping i have defined:

sg_samreen_custom:

users:

  • ProductionSupport

  • samreen

backendroles:

  • management

  • operations

  • ‘cn=ldaprole,ou=groups,dc=example,dc=com’

and in sg_internal_users

i have defined user named samreen

sg_config.yml (9.01 KB)

Pls. send a postman screenshot on how you do this exactly and what the resposne looks like.

Even better than postman is to try this with curl, like
curl -XGET 'http://localhost:9200/_searchguard/authinfo?pretty=true' -v -H "x-proxy-user: samreen" -H "x-proxy-roles: management" -H "x-forwarded-for: 192.168.1.1"

···

Am 11.01.2018 um 15:08 schrieb Samreen Farooq <samreenfarooqazam@gmail.com>:

* Search Guard and Elasticsearch version : 5.4.2
* Installed and used enterprise modules, if any: none
* JVM version and operating system version : java version 8, windows 10
* Other installed Elasticsearch or Kibana plugins: none

I am trying to authenticate elasticsearch index by sending get request to obtain authinfo via postman
here is my get request:

http://localhost:9200/_searchguard/authinfo

[{"key":"x-forwarded-for","value":"localhost","description":""},{"key":"x-proxy-user","value":"samreen","description":""},{"key":"x-proxy-roles","value":"sg_samreen_custom","description":""}]

in sg_roles i have defined:
sg_samreen_custom:
    cluster:
        -UNLIMITED
    indices:
       'samreen':
           '*':
            - INDICES_ALL

in sg_roles_mapping i have defined:
sg_samreen_custom:
  users:
    - ProductionSupport
    - samreen
  backendroles:
    - management
    - operations
    - 'cn=ldaprole,ou=groups,dc=example,dc=com'

and in sg_internal_users
i have defined user named samreen

--
You received this message because you are subscribed to the Google Groups "Search Guard Community Forum" group.
To unsubscribe from this group and stop receiving emails from it, send an email to search-guard+unsubscribe@googlegroups.com.
To post to this group, send email to search-guard@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/search-guard/59d380da-b633-4c6c-a0a8-399b543d18b9%40googlegroups.com\.
For more options, visit https://groups.google.com/d/optout\.
<sg_config.yml>

Basically we want to implement an SSO solution for kibana.

i am adding screenshot of postman.

···

On Fri, Jan 12, 2018 at 5:25 PM, SG info@search-guard.com wrote:

Pls. send a postman screenshot on how you do this exactly and what the resposne looks like.

Even better than postman is to try this with curl, like

curl -XGET ‘http://localhost:9200/_searchguard/authinfo?pretty=true’ -v -H “x-proxy-user: samreen” -H “x-proxy-roles: management” -H “x-forwarded-for: 192.168.1.1”

Am 11.01.2018 um 15:08 schrieb Samreen Farooq samreenfarooqazam@gmail.com:

  • Search Guard and Elasticsearch version : 5.4.2
  • Installed and used enterprise modules, if any: none
  • JVM version and operating system version : java version 8, windows 10
  • Other installed Elasticsearch or Kibana plugins: none

I am trying to authenticate elasticsearch index by sending get request to obtain authinfo via postman

here is my get request:

http://localhost:9200/_searchguard/authinfo

[{“key”:“x-forwarded-for”,“value”:“localhost”,“description”:“”},{“key”:“x-proxy-user”,“value”:“samreen”,“description”:“”},{“key”:“x-proxy-roles”,“value”:“sg_samreen_custom”,“description”:“”}]

in sg_roles i have defined:

sg_samreen_custom:

cluster:
    -UNLIMITED
indices:
   'samreen':
       '*':
        - INDICES_ALL

in sg_roles_mapping i have defined:

sg_samreen_custom:

users:

- ProductionSupport
- samreen

backendroles:

- management
- operations
- 'cn=ldaprole,ou=groups,dc=example,dc=com'

and in sg_internal_users

i have defined user named samreen

You received this message because you are subscribed to the Google Groups “Search Guard Community Forum” group.

To unsubscribe from this group and stop receiving emails from it, send an email to search-guard+unsubscribe@googlegroups.com.

To post to this group, send email to search-guard@googlegroups.com.

To view this discussion on the web visit https://groups.google.com/d/msgid/search-guard/59d380da-b633-4c6c-a0a8-399b543d18b9%40googlegroups.com.

For more options, visit https://groups.google.com/d/optout.

<sg_config.yml>

You received this message because you are subscribed to a topic in the Google Groups “Search Guard Community Forum” group.

To unsubscribe from this topic, visit https://groups.google.com/d/topic/search-guard/YodYRJpo8OA/unsubscribe.

To unsubscribe from this group and all its topics, send an email to search-guard+unsubscribe@googlegroups.com.

To post to this group, send email to search-guard@googlegroups.com.

To view this discussion on the web visit https://groups.google.com/d/msgid/search-guard/540A6393-42EA-4C2D-829F-B851704D4184%40search-guard.com.
For more options, visit https://groups.google.com/d/optout.

The screenshot looks good, so what's the issue?
Can you send another screenshot with the response for "http://localhost:9200/_searchguard/authinfo&quot;

Please also provide your sg_config.yml

···

Am 15.01.2018 um 10:32 schrieb Samreen Farooq <samreenfarooqazam@gmail.com>:

Basically we want to implement an SSO solution for kibana.

i am adding screenshot of postman.

On Fri, Jan 12, 2018 at 5:25 PM, SG <info@search-guard.com> wrote:
Pls. send a postman screenshot on how you do this exactly and what the resposne looks like.

Even better than postman is to try this with curl, like
curl -XGET 'http://localhost:9200/_searchguard/authinfo?pretty=true&#39; -v -H "x-proxy-user: samreen" -H "x-proxy-roles: management" -H "x-forwarded-for: 192.168.1.1"

> Am 11.01.2018 um 15:08 schrieb Samreen Farooq <samreenfarooqazam@gmail.com>:
>
> * Search Guard and Elasticsearch version : 5.4.2
> * Installed and used enterprise modules, if any: none
> * JVM version and operating system version : java version 8, windows 10
> * Other installed Elasticsearch or Kibana plugins: none
>
> I am trying to authenticate elasticsearch index by sending get request to obtain authinfo via postman
> here is my get request:
>
> http://localhost:9200/_searchguard/authinfo
>
> [{"key":"x-forwarded-for","value":"localhost","description":""},{"key":"x-proxy-user","value":"samreen","description":""},{"key":"x-proxy-roles","value":"sg_samreen_custom","description":""}]
>
>
> in sg_roles i have defined:
> sg_samreen_custom:
> cluster:
> -UNLIMITED
> indices:
> 'samreen':
> '*':
> - INDICES_ALL
>
> in sg_roles_mapping i have defined:
> sg_samreen_custom:
> users:
> - ProductionSupport
> - samreen
> backendroles:
> - management
> - operations
> - 'cn=ldaprole,ou=groups,dc=example,dc=com'
>
> and in sg_internal_users
> i have defined user named samreen
>
>
> --
> You received this message because you are subscribed to the Google Groups "Search Guard Community Forum" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to search-guard+unsubscribe@googlegroups.com.
> To post to this group, send email to search-guard@googlegroups.com.
> To view this discussion on the web visit https://groups.google.com/d/msgid/search-guard/59d380da-b633-4c6c-a0a8-399b543d18b9%40googlegroups.com\.
> For more options, visit https://groups.google.com/d/optout\.
> <sg_config.yml>

--
You received this message because you are subscribed to a topic in the Google Groups "Search Guard Community Forum" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/search-guard/YodYRJpo8OA/unsubscribe\.
To unsubscribe from this group and all its topics, send an email to search-guard+unsubscribe@googlegroups.com.
To post to this group, send email to search-guard@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/search-guard/540A6393-42EA-4C2D-829F-B851704D4184%40search-guard.com\.
For more options, visit https://groups.google.com/d/optout\.

--
You received this message because you are subscribed to the Google Groups "Search Guard Community Forum" group.
To unsubscribe from this group and stop receiving emails from it, send an email to search-guard+unsubscribe@googlegroups.com.
To post to this group, send email to search-guard@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/search-guard/CAF616gY5A4nieaL-j0hU0TVr%2BnrKVN5wpewCC8F%3DRRUimrX%3DhQ%40mail.gmail.com\.
For more options, visit https://groups.google.com/d/optout\.
<Capture.PNG>

The screenshot looks good, so what's the issue?
Can you send another screenshot with the response for "
http://localhost:9200/_searchguard/authinfo&quot;

Please also provide your sg_config.yml

>
> Basically we want to implement an SSO solution for kibana.
>
> i am adding screenshot of postman.
>
>
>
> Pls. send a postman screenshot on how you do this exactly and what the
resposne looks like.
>
> Even better than postman is to try this with curl, like
> curl -XGET 'http://localhost:9200/_searchguard/authinfo?pretty=true&#39; -v
-H "x-proxy-user: samreen" -H "x-proxy-roles: management" -H
"x-forwarded-for: 192.168.1.1"
>
> >
> > * Search Guard and Elasticsearch version : 5.4.2
> > * Installed and used enterprise modules, if any: none
> > * JVM version and operating system version : java version 8, windows 10
> > * Other installed Elasticsearch or Kibana plugins: none
> >
> > I am trying to authenticate elasticsearch index by sending get request
to obtain authinfo via postman
> > here is my get request:
> >
> > http://localhost:9200/_searchguard/authinfo
> >
> > [{"key":"x-forwarded-for","value":"localhost","
description":""},{"key":"x-proxy-user","value":"samreen",
"description":""},{"key":"x-proxy-roles","value":"sg_
samreen_custom","description":""}]
> >
> >
> > in sg_roles i have defined:
> > sg_samreen_custom:
> > cluster:
> > -UNLIMITED
> > indices:
> > 'samreen':
> > '*':
> > - INDICES_ALL
> >
> > in sg_roles_mapping i have defined:
> > sg_samreen_custom:
> > users:
> > - ProductionSupport
> > - samreen
> > backendroles:
> > - management
> > - operations
> > - 'cn=ldaprole,ou=groups,dc=example,dc=com'
> >
> > and in sg_internal_users
> > i have defined user named samreen
> >
> >
> > --
> > You received this message because you are subscribed to the Google
Groups "Search Guard Community Forum" group.
> > To unsubscribe from this group and stop receiving emails from it, send
an email to search-guard+unsubscribe@googlegroups.com.
> > To post to this group, send email to search-guard@googlegroups.com.
> > To view this discussion on the web visit https://groups.google.com/d/
msgid/search-guard/59d380da-b633-4c6c-a0a8-399b543d18b9%40googlegroups.com
.
> > For more options, visit https://groups.google.com/d/optout\.
> > <sg_config.yml>
>
> --
> You received this message because you are subscribed to a topic in the
Google Groups "Search Guard Community Forum" group.
> To unsubscribe from this topic, visit https://groups.google.com/d/
topic/search-guard/YodYRJpo8OA/unsubscribe.
> To unsubscribe from this group and all its topics, send an email to
search-guard+unsubscribe@googlegroups.com.
> To post to this group, send email to search-guard@googlegroups.com.
> To view this discussion on the web visit https://groups.google.com/d/
msgid/search-guard/540A6393-42EA-4C2D-829F-B851704D4184%40search-guard.com
.
> For more options, visit https://groups.google.com/d/optout\.
>
>
> --
> You received this message because you are subscribed to the Google
Groups "Search Guard Community Forum" group.
> To unsubscribe from this group and stop receiving emails from it, send
an email to search-guard+unsubscribe@googlegroups.com.
> To post to this group, send email to search-guard@googlegroups.com.
> To view this discussion on the web visit https://groups.google.com/d/
msgid/search-guard/CAF616gY5A4nieaL-j0hU0TVr%2BnrKVN5wpewCC8F%3DRRUimrX%
3DhQ%40mail.gmail.com.
> For more options, visit https://groups.google.com/d/optout\.
> <Capture.PNG>

--
You received this message because you are subscribed to a topic in the
Google Groups "Search Guard Community Forum" group.
To unsubscribe from this topic, visit https://groups.google.com/d/
topic/search-guard/YodYRJpo8OA/unsubscribe.
To unsubscribe from this group and all its topics, send an email to
search-guard+unsubscribe@googlegroups.com.
To post to this group, send email to search-guard@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/
msgid/search-guard/59A69976-28C8-4CA9-B402-3A06DA638517%40search-guard.com
.
For more options, visit https://groups.google.com/d/optout\.

sg_config.yml (9.01 KB)

···

On Mon, Jan 15, 2018 at 2:40 PM, SG <info@search-guard.com> wrote:

> Am 15.01.2018 um 10:32 schrieb Samreen Farooq < > samreenfarooqazam@gmail.com>:
> On Fri, Jan 12, 2018 at 5:25 PM, SG <info@search-guard.com> wrote:
> > Am 11.01.2018 um 15:08 schrieb Samreen Farooq < > samreenfarooqazam@gmail.com>:

can you tell me how the backend roles affect in below config settings:

sg_samreen_custom:

users:

  • ProductionSupport

backendroles:

  • management

  • operations

  • ‘cn=ldaprole,ou=groups,dc=example,dc=com’

···

On Mon, Jan 15, 2018 at 3:42 PM, Samreen Farooq samreenfarooqazam@gmail.com wrote:

On Mon, Jan 15, 2018 at 2:40 PM, SG info@search-guard.com wrote:

The screenshot looks good, so what’s the issue?

Can you send another screenshot with the response for “http://localhost:9200/_searchguard/authinfo

Please also provide your sg_config.yml

Am 15.01.2018 um 10:32 schrieb Samreen Farooq samreenfarooqazam@gmail.com:

Basically we want to implement an SSO solution for kibana.

i am adding screenshot of postman.

On Fri, Jan 12, 2018 at 5:25 PM, SG info@search-guard.com wrote:

Pls. send a postman screenshot on how you do this exactly and what the resposne looks like.

Even better than postman is to try this with curl, like

curl -XGET ‘http://localhost:9200/_searchguard/authinfo?pretty=true’ -v -H “x-proxy-user: samreen” -H “x-proxy-roles: management” -H “x-forwarded-for: 192.168.1.1”

Am 11.01.2018 um 15:08 schrieb Samreen Farooq samreenfarooqazam@gmail.com:

  • Search Guard and Elasticsearch version : 5.4.2
  • Installed and used enterprise modules, if any: none
  • JVM version and operating system version : java version 8, windows 10
  • Other installed Elasticsearch or Kibana plugins: none

I am trying to authenticate elasticsearch index by sending get request to obtain authinfo via postman

here is my get request:

http://localhost:9200/_searchguard/authinfo

[{“key”:“x-forwarded-for”,“value”:“localhost”,“description”:“”},{“key”:“x-proxy-user”,“value”:“samreen”,“description”:“”},{“key”:“x-proxy-roles”,“value”:“sg_samreen_custom”,“description”:“”}]

in sg_roles i have defined:

sg_samreen_custom:

cluster:
    -UNLIMITED
indices:
   'samreen':
       '*':
        - INDICES_ALL

in sg_roles_mapping i have defined:

sg_samreen_custom:

users:

- ProductionSupport
- samreen

backendroles:

- management
- operations
- 'cn=ldaprole,ou=groups,dc=example,dc=com'

and in sg_internal_users

i have defined user named samreen

You received this message because you are subscribed to the Google Groups “Search Guard Community Forum” group.

To unsubscribe from this group and stop receiving emails from it, send an email to search-guard+unsubscribe@googlegroups.com.

To post to this group, send email to search-guard@googlegroups.com.

To view this discussion on the web visit https://groups.google.com/d/msgid/search-guard/59d380da-b633-4c6c-a0a8-399b543d18b9%40googlegroups.com.

For more options, visit https://groups.google.com/d/optout.

<sg_config.yml>

You received this message because you are subscribed to a topic in the Google Groups “Search Guard Community Forum” group.

To unsubscribe from this topic, visit https://groups.google.com/d/topic/search-guard/YodYRJpo8OA/unsubscribe.

To unsubscribe from this group and all its topics, send an email to search-guard+unsubscribe@googlegroups.com.

To post to this group, send email to search-guard@googlegroups.com.

To view this discussion on the web visit https://groups.google.com/d/msgid/search-guard/540A6393-42EA-4C2D-829F-B851704D4184%40search-guard.com.

For more options, visit https://groups.google.com/d/optout.

You received this message because you are subscribed to the Google Groups “Search Guard Community Forum” group.

To unsubscribe from this group and stop receiving emails from it, send an email to search-guard+unsubscribe@googlegroups.com.

To post to this group, send email to search-guard@googlegroups.com.

To view this discussion on the web visit https://groups.google.com/d/msgid/search-guard/CAF616gY5A4nieaL-j0hU0TVr%2BnrKVN5wpewCC8F%3DRRUimrX%3DhQ%40mail.gmail.com.

For more options, visit https://groups.google.com/d/optout.

<Capture.PNG>

You received this message because you are subscribed to a topic in the Google Groups “Search Guard Community Forum” group.

To unsubscribe from this topic, visit https://groups.google.com/d/topic/search-guard/YodYRJpo8OA/unsubscribe.

To unsubscribe from this group and all its topics, send an email to search-guard+unsubscribe@googlegroups.com.

To post to this group, send email to search-guard@googlegroups.com.

To view this discussion on the web visit https://groups.google.com/d/msgid/search-guard/59A69976-28C8-4CA9-B402-3A06DA638517%40search-guard.com.
For more options, visit https://groups.google.com/d/optout.

see Mapping users to Search Guard roles | Security for Elasticsearch | Search Guard

···

Am 16.01.2018 um 06:22 schrieb Samreen Farooq <samreenfarooqazam@gmail.com>:

can you tell me how the backend roles affect in below config settings:

sg_samreen_custom:
  users:
    - ProductionSupport
  backendroles:
    - management
    - operations
    - 'cn=ldaprole,ou=groups,dc=example,dc=com'

On Mon, Jan 15, 2018 at 3:42 PM, Samreen Farooq <samreenfarooqazam@gmail.com> wrote:

On Mon, Jan 15, 2018 at 2:40 PM, SG <info@search-guard.com> wrote:
The screenshot looks good, so what's the issue?
Can you send another screenshot with the response for "http://localhost:9200/_searchguard/authinfo&quot;

Please also provide your sg_config.yml

> Am 15.01.2018 um 10:32 schrieb Samreen Farooq <samreenfarooqazam@gmail.com>:
>
> Basically we want to implement an SSO solution for kibana.
>
> i am adding screenshot of postman.
>
>
>
> On Fri, Jan 12, 2018 at 5:25 PM, SG <info@search-guard.com> wrote:
> Pls. send a postman screenshot on how you do this exactly and what the resposne looks like.
>
> Even better than postman is to try this with curl, like
> curl -XGET 'http://localhost:9200/_searchguard/authinfo?pretty=true&#39; -v -H "x-proxy-user: samreen" -H "x-proxy-roles: management" -H "x-forwarded-for: 192.168.1.1"
>
> > Am 11.01.2018 um 15:08 schrieb Samreen Farooq <samreenfarooqazam@gmail.com>:
> >
> > * Search Guard and Elasticsearch version : 5.4.2
> > * Installed and used enterprise modules, if any: none
> > * JVM version and operating system version : java version 8, windows 10
> > * Other installed Elasticsearch or Kibana plugins: none
> >
> > I am trying to authenticate elasticsearch index by sending get request to obtain authinfo via postman
> > here is my get request:
> >
> > http://localhost:9200/_searchguard/authinfo
> >
> > [{"key":"x-forwarded-for","value":"localhost","description":""},{"key":"x-proxy-user","value":"samreen","description":""},{"key":"x-proxy-roles","value":"sg_samreen_custom","description":""}]
> >
> >
> > in sg_roles i have defined:
> > sg_samreen_custom:
> > cluster:
> > -UNLIMITED
> > indices:
> > 'samreen':
> > '*':
> > - INDICES_ALL
> >
> > in sg_roles_mapping i have defined:
> > sg_samreen_custom:
> > users:
> > - ProductionSupport
> > - samreen
> > backendroles:
> > - management
> > - operations
> > - 'cn=ldaprole,ou=groups,dc=example,dc=com'
> >
> > and in sg_internal_users
> > i have defined user named samreen
> >
> >
> > --
> > You received this message because you are subscribed to the Google Groups "Search Guard Community Forum" group.
> > To unsubscribe from this group and stop receiving emails from it, send an email to search-guard+unsubscribe@googlegroups.com.
> > To post to this group, send email to search-guard@googlegroups.com.
> > To view this discussion on the web visit https://groups.google.com/d/msgid/search-guard/59d380da-b633-4c6c-a0a8-399b543d18b9%40googlegroups.com\.
> > For more options, visit https://groups.google.com/d/optout\.
> > <sg_config.yml>
>
> --
> You received this message because you are subscribed to a topic in the Google Groups "Search Guard Community Forum" group.
> To unsubscribe from this topic, visit https://groups.google.com/d/topic/search-guard/YodYRJpo8OA/unsubscribe\.
> To unsubscribe from this group and all its topics, send an email to search-guard+unsubscribe@googlegroups.com.
> To post to this group, send email to search-guard@googlegroups.com.
> To view this discussion on the web visit https://groups.google.com/d/msgid/search-guard/540A6393-42EA-4C2D-829F-B851704D4184%40search-guard.com\.
> For more options, visit https://groups.google.com/d/optout\.
>
>
> --
> You received this message because you are subscribed to the Google Groups "Search Guard Community Forum" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to search-guard+unsubscribe@googlegroups.com.
> To post to this group, send email to search-guard@googlegroups.com.
> To view this discussion on the web visit https://groups.google.com/d/msgid/search-guard/CAF616gY5A4nieaL-j0hU0TVr%2BnrKVN5wpewCC8F%3DRRUimrX%3DhQ%40mail.gmail.com\.
> For more options, visit https://groups.google.com/d/optout\.
> <Capture.PNG>

--
You received this message because you are subscribed to a topic in the Google Groups "Search Guard Community Forum" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/search-guard/YodYRJpo8OA/unsubscribe\.
To unsubscribe from this group and all its topics, send an email to search-guard+unsubscribe@googlegroups.com.
To post to this group, send email to search-guard@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/search-guard/59A69976-28C8-4CA9-B402-3A06DA638517%40search-guard.com\.
For more options, visit https://groups.google.com/d/optout\.

--
You received this message because you are subscribed to the Google Groups "Search Guard Community Forum" group.
To unsubscribe from this group and stop receiving emails from it, send an email to search-guard+unsubscribe@googlegroups.com.
To post to this group, send email to search-guard@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/search-guard/CAF616gY1o_C_Vf73zAeJZGSsQxkjc6wYAgUj6wr%3D7LeF6rosbQ%40mail.gmail.com\.
For more options, visit https://groups.google.com/d/optout\.