Proxy authentication

Hello there,

I set up Search-Guard with our proxy servers according to the Search-Guard documents.

I can start elasticsearch, kibana, and logstash withtout issue, https://:9200 works fine.

But when I tried to log on to Kibana URL (https://:5601, I was not asked to put in my userID and password, and logged on to Kibana.

If I tried to log onto https://:5601/login, I got: {“statusCode”:404,“error”:“Not Found”,“message”:“Not Found”}.

Here is the portion of the kibana log for the above two situation:

{“type”:“response”,“@timestamp”:“2018-09-19T03:32:32Z”,“tags”:,“pid”:25130,“method”:“get”,“statusCode”:200,“req”:{“url”:“/ui/favicons/favicon-16x16.png”,“method”:“get”,“headers”:{“host”:“:5601”,“connection”:“keep-alive”,“user-agent”:“Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/68.0.3440.106 Safari/537.36”,“accept”:“image/webp,image/apng,image/,/;q=0.8",“referer”:“https://:5601/app/kibana”,“accept-encoding”:“gzip, deflate, br”,“accept-language”:“en-US,en;q=0.9”},“remoteAddress”:“”,“userAgent”:“”,“referer”:“https://:5601/app/kibana”},“res”:{“statusCode”:200,“responseTime”:3,“contentLength”:9},“message”:“GET /ui/favicons/favicon-16x16.png 200 3ms - 9.0B”}
{“type”:“response”,“@timestamp”:“2018-09-19T03:32:38Z”,“tags”:[],“pid”:25130,“method”:“get”,“statusCode”:404,“req”:{“url”:“/login?nextUrl=%2F”,“method”:“get”,“headers”:{“host”:“:5601”,“connection”:“keep-alive”,“upgrade-insecure-requests”:“1”,“user-agent”:“Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/68.0.3440.106 Safari/537.36”,“accept”:"text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,
/;q=0.8",“accept-encoding”:“gzip, deflate, br”,“accept-language”:“en-US,en;q=0.9”},“remoteAddress”:“”,“userAgent”:“”},“res”:{“statusCode”:404,“responseTime”:4,“contentLength”:9},“message”:“GET /login?nextUrl=%2F 404 4ms - 9.0B”}
{“type”:“response”,“@timestamp”:“2018-09-19T03:34:50Z”,“tags”:[],“pid”:25130,“method”:“get”,“statusCode”:404,“req”:{“url”:“/login”,“method”:“get”,“headers”:{“host”:“:5601”,“connection”:“keep-alive”,“upgrade-insecure-requests”:“1”,“user-agent”:“Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/68.0.3440.106 Safari/537.36”,“accept”:"text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,
/*;q=0.8”,“accept-encoding”:“gzip, deflate, br”,“accept-language”:“en-US,en;q=0.9”},“remoteAddress”:“”,“userAgent”:“”},“res”:{“statusCode”:404,“responseTime”:5,“contentLength”:9},“message”:“GET /login 404 5ms - 9.0B”}

I also attached the kibana.yml, elasticsearch.yml,. sg_config.yml for your review. If additional data is needed, please let us know.

Please help and we need to get this resolved so we can move forward.

Thanks alot in advance

Li

kibana.yml (658 Bytes)

elasticsearch.yml (1.13 KB)

sg_config.yml (1.03 KB)

What did you expect when pointing your browser to kibana?

Why are you trying to access /login?

Are you trying to use kibana multitenancy?

Wernli,

I expect that kibana would ask me to put in my credential to log in but it didn’t happen.

The 2 situation are:

  1. If I use: https://:5601 without asking my credential, I logged in, but can not see any data it seems no permissions at all.

  2. if I use: https://:5601/login I got the ‘404’ error and can not log in.

This was after I set up the SG using proxy… before using proxy, SG worked fine, eg, if I use https://:5601/login, I was asked to put in my credential to log in and work.

Also, before using proxy, I was able to create users with hash.sh and log in using https://:5601/login.

So, there might be something with my setup using proxy… I have attached all the configuration files last time, let me attached them again in case they were missed. Please let me know what else you would need so I can provide. Could you please review and take a look and see what I did wrong?

Thank you very much

Li

elasticsearch.yml (1.16 KB)

sg_config.yml (1.06 KB)

kibana.yml (676 Bytes)

···

On Wed, Sep 19, 2018 at 8:06 AM Fabien Wernli swissunix@gmail.com wrote:

What did you expect when pointing your browser to kibana?

Why are you trying to access /login?

Are you trying to use kibana multitenancy?

You received this message because you are subscribed to the Google Groups “Search Guard Community Forum” group.

To unsubscribe from this group and stop receiving emails from it, send an email to search-guard+unsubscribe@googlegroups.com.

To post to this group, send email to search-guard@googlegroups.com.

To view this discussion on the web visit https://groups.google.com/d/msgid/search-guard/bfb01b06-42ff-4c5c-b363-c638684cf81d%40googlegroups.com.

For more options, visit https://groups.google.com/d/optout.

This is something to do with “server.basePath” and “server.rewriteBasePath” in kibana.yml? server.basePath now is blank and server.rewriteBasePath has been commented out.

Should we set up them? Because I’m using our own Proxy servers (you can see it in the sg_config.yml). How we should set them up?

Please advise

Thanks in advance

Li

···

On Wed, Sep 19, 2018 at 10:06 AM Li Cui lcuicsc@gmail.com wrote:

Wernli,

I expect that kibana would ask me to put in my credential to log in but it didn’t happen.

The 2 situation are:

  1. If I use: https://:5601 without asking my credential, I logged in, but can not see any data it seems no permissions at all.
  1. if I use: https://:5601/login I got the ‘404’ error and can not log in.

This was after I set up the SG using proxy… before using proxy, SG worked fine, eg, if I use https://:5601/login, I was asked to put in my credential to log in and work.

Also, before using proxy, I was able to create users with hash.sh and log in using https://:5601/login.

So, there might be something with my setup using proxy… I have attached all the configuration files last time, let me attached them again in case they were missed. Please let me know what else you would need so I can provide. Could you please review and take a look and see what I did wrong?

Thank you very much

Li

On Wed, Sep 19, 2018 at 8:06 AM Fabien Wernli swissunix@gmail.com wrote:

What did you expect when pointing your browser to kibana?

Why are you trying to access /login?

Are you trying to use kibana multitenancy?

You received this message because you are subscribed to the Google Groups “Search Guard Community Forum” group.

To unsubscribe from this group and stop receiving emails from it, send an email to search-guard+unsubscribe@googlegroups.com.

To post to this group, send email to search-guard@googlegroups.com.

To view this discussion on the web visit https://groups.google.com/d/msgid/search-guard/bfb01b06-42ff-4c5c-b363-c638684cf81d%40googlegroups.com.

For more options, visit https://groups.google.com/d/optout.

Hi,

You are explicitly disabling password (basic) authentication and enabling proxy auth in your kibana.yaml.

This explains why there is no login page: why should there, as you are authenticating using a proxy?

Which brings me to the questiom: what proxy are you using in front of kibana?