Searchguard logout/login issue with nginx

Hi,

I am using the Kibana UI through nginx. From my application we use the URL “http/s:/app/kibana”. This is the only URL that can be used to access Kibana UI, From the Kibana UI after user logs out and logs in again the URL with /app/kibana is lost and we are not able to access Kibana UI.

Everything works fine if we do not use nginx and the URL used is http://:5601 since the URL remains the same during first log in screen and log in screen after log out.

The only URL we allow in the application is http:///app/kibana. So the URL for first log in screen contains the next URL in query param(http:///app/kibana) but the log in screen after log out does not contain the same and the page gets redirected to http:// which is not accepted.

With the nginx changes:

First login URL:

https:///app/kibana/login?nextUrl=%2F#?_g=()

Post logout, login URL:

https://10.129.179.42/app/kibana/login#?_g=()

Please suggest if there is any way to fix this issue. Is there any configuration available which I am missing out on?

Kibana Search guard version: searchguard-kibana-5.5.1-4

Kibana: 5.5.1

elasticsearch: 5.5.1

Any help on the issue here is much appreciated. Also, please let me know if it is a known limitation.

···

On Friday, October 27, 2017 at 2:09:30 PM UTC+5:30, Shwetha M wrote:

Hi,

I am using the Kibana UI through nginx. From my application we use the URL “http/s:/app/kibana”. This is the only URL that can be used to access Kibana UI, From the Kibana UI after user logs out and logs in again the URL with /app/kibana is lost and we are not able to access Kibana UI.

Everything works fine if we do not use nginx and the URL used is http://:5601 since the URL remains the same during first log in screen and log in screen after log out.

The only URL we allow in the application is http:///app/kibana. So the URL for first log in screen contains the next URL in query param(http:///app/kibana) but the log in screen after log out does not contain the same and the page gets redirected to http:// which is not accepted.

With the nginx changes:

First login URL:

https:///app/kibana/login?nextUrl=%2F#?_g=()

Post logout, login URL:

https://10.129.179.42/app/kibana/login#?_g=()

Please suggest if there is any way to fix this issue. Is there any configuration available which I am missing out on?

Kibana Search guard version: searchguard-kibana-5.5.1-4

Kibana: 5.5.1

elasticsearch: 5.5.1

sorry, but this is not possible

···

Am 02.11.2017 um 08:52 schrieb Shwetha M <shuthu12@gmail.com>:

Any help on the issue here is much appreciated. Also, please let me know if it is a known limitation.

On Friday, October 27, 2017 at 2:09:30 PM UTC+5:30, Shwetha M wrote:
Hi,

I am using the Kibana UI through nginx. From my application we use the URL "http/s:<IP>/app/kibana". This is the only URL that can be used to access Kibana UI, From the Kibana UI after user logs out and logs in again the URL with /app/kibana is lost and we are not able to access Kibana UI.

Everything works fine if we do not use nginx and the URL used is http://<IP>:5601 since the URL remains the same during first log in screen and log in screen after log out.
The only URL we allow in the application is http://<SecurityIP>/app/kibana. So the URL for first log in screen contains the next URL in query param(http://<SecurityIP>/app/kibana) but the log in screen after log out does not contain the same and the page gets redirected to http://<SecurityIP> which is not accepted.

With the nginx changes:
First login URL:
https://<IP>/app/kibana/login?nextUrl=%2F#?_g=()

Post logout, login URL:
https://10.129.179.42/app/kibana/login#?_g=()

Please suggest if there is any way to fix this issue. Is there any configuration available which I am missing out on?

Kibana Search guard version: searchguard-kibana-5.5.1-4
Kibana: 5.5.1
elasticsearch: 5.5.1

--
You received this message because you are subscribed to the Google Groups "Search Guard Community Forum" group.
To unsubscribe from this group and stop receiving emails from it, send an email to search-guard+unsubscribe@googlegroups.com.
To post to this group, send email to search-guard@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/search-guard/83d1415c-ed15-406c-b549-2625fafbf8e2%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.