Unable to access Elastic Search from Browser

When asking questions, please provide the following information:

  • Search Guard and Elasticsearch version

6.4.3

  • Installed and used enterprise modules, if any

  • JVM version and operating system version

JAVA 10.0.2, Ubuntu 18.04

  • Search Guard configuration files

basic_internal_auth_domain:
enabled: true
order: 0
http_authenticator:
type: basic
challenge: false
authentication_backend:
type: intern
saml_auth_domain_okta:
http_enabled: true
transport_enabled: true
order: 1
http_authenticator:
type: ‘saml’
challenge: true
config:
idp:
metadata_file: /home/ubuntu/ELK_6_4_Stack/elasticsearch-6.4.3/config/okta.xml
entity_id: http://www.okta.com/***************
sp:
entity_id: kibana-saml-demo
kibana_url: https://kibana.****.info:5601/
roles_key: Role
exchange_key: ‘eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9’
authentication_backend:
type: noop

``

  • Elasticsearch log messages on debug level

  • Other installed Elasticsearch or Kibana plugins, if any

Elasticsearch.yml:

searchguard.enterprise_modules_enabled: true

searchguard.ssl.transport.pemcert_filepath: CN=emailnow.info.crtfull.pem
searchguard.ssl.transport.pemkey_filepath: CN=emailnow.info.key.pem
searchguard.ssl.transport.pemkey_password: $$$$$$$$$$$$$$$$$$
searchguard.ssl.transport.pemtrustedcas_filepath: chain-ca.pem
searchguard.ssl.transport.enforce_hostname_verification: false

searchguard.ssl.http.enabled: true
searchguard.compliance.history.internal_config_enabled: true
searchguard.compliance.history.external_config_enabled: true
searchguard.compliance.history.read.metadata_only: true

searchguard.ssl.http.pemcert_filepath: CN=emailnow.info.crtfull.pem
searchguard.ssl.http.pemkey_filepath: CN=emailnow.info.key.pem
searchguard.ssl.http.pemkey_password: $$$$$$$$$$$$$$$$$$$$$$
searchguard.ssl.http.pemtrustedcas_filepath: chain-ca.pem
searchguard.allow_unsafe_democertificates: true
searchguard.authcz.admin_dn:
  - CN=sgadmin

searchguard.audit.type: internal_elasticsearch
searchguard.enable_snapshot_restore_privilege: true
searchguard.check_snapshot_restore_write_privileges: true
searchguard.restapi.roles_enabled: ["sg_all_access"]
cluster.routing.allocation.disk.threshold_enabled: false
cluster.name: searchguard_demo
network.host: 0.0.0.0
discovery.zen.minimum_master_nodes: 1
node.max_local_storage_nodes: 3
xpack.monitoring.enabled: true
xpack.graph.enabled: false
xpack.ml.enabled: false
xpack.security.enabled: false
xpack.watcher.enabled: false

I have set the https for elastic search and Im able to access the elastic search from server and through curl. But Unable to access it from browser and getting the below exception.

{“error”:{“root_cause”:[{“type”:“security_exception”,“reason”:“no permissions for [cluster:monitor/main] and User [name=sg_anonymous, roles=[sg_anonymous_backendrole], requestedTenant=null]”}],“type”:“security_exception”,“reason”:“no permissions for [cluster:monitor/main] and User [name=sg_anonymous, roles=[sg_anonymous_backendrole], requestedTenant=null]”},“status”:403}

Can you please attach the complete sg_config.yml (attached as file, not copy and paste)?

···

On Monday, 10 December 2018 13:37:56 UTC+1, Venkata Naresh Divi wrote:

When asking questions, please provide the following information:

  • Search Guard and Elasticsearch version

6.4.3

  • Installed and used enterprise modules, if any
  • JVM version and operating system version

JAVA 10.0.2, Ubuntu 18.04

  • Search Guard configuration files

basic_internal_auth_domain:
enabled: true
order: 0
http_authenticator:
type: basic
challenge: false
authentication_backend:
type: intern
saml_auth_domain_okta:
http_enabled: true
transport_enabled: true
order: 1
http_authenticator:
type: ‘saml’
challenge: true
config:
idp:
metadata_file: /home/ubuntu/ELK_6_4_Stack/elasticsearch-6.4.3/config/okta.xml
entity_id: http://www.okta.com/***************
sp:
entity_id: kibana-saml-demo
kibana_url: https://kibana.****.info:5601/
roles_key: Role
exchange_key: ‘eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9’
authentication_backend:
type: noop

``

  • Elasticsearch log messages on debug level
  • Other installed Elasticsearch or Kibana plugins, if any

Elasticsearch.yml:

searchguard.enterprise_modules_enabled: true

searchguard.ssl.transport.pemcert_filepath: CN=emailnow.info.crtfull.pem
searchguard.ssl.transport.pemkey_filepath: CN=emailnow.info.key.pem
searchguard.ssl.transport.pemkey_password: $$$$$$$$$$$$$$$$$$
searchguard.ssl.transport.pemtrustedcas_filepath: chain-ca.pem
searchguard.ssl.transport.enforce_hostname_verification: false


searchguard.ssl.http.enabled: true
searchguard.compliance.history.internal_config_enabled: true
searchguard.compliance.history.external_config_enabled: true
searchguard.compliance.history.read.metadata_only: true


searchguard.ssl.http.pemcert_filepath: CN=emailnow.info.crtfull.pem
searchguard.ssl.http.pemkey_filepath: CN=emailnow.info.key.pem
searchguard.ssl.http.pemkey_password: $$$$$$$$$$$$$$$$$$$$$$
searchguard.ssl.http.pemtrustedcas_filepath: chain-ca.pem
searchguard.allow_unsafe_democertificates: true
searchguard.authcz.admin_dn:
  - CN=sgadmin


searchguard.audit.type: internal_elasticsearch
searchguard.enable_snapshot_restore_privilege: true
searchguard.check_snapshot_restore_write_privileges: true
searchguard.restapi.roles_enabled: ["sg_all_access"]
cluster.routing.allocation.disk.threshold_enabled: false
cluster.name: searchguard_demo
network.host: 0.0.0.0
discovery.zen.minimum_master_nodes: 1
node.max_local_storage_nodes: 3
xpack.monitoring.enabled: true
xpack.graph.enabled: false
xpack.ml.enabled: false
xpack.security.enabled: false
xpack.watcher.enabled: false

I have set the https for elastic search and Im able to access the elastic search from server and through curl. But Unable to access it from browser and getting the below exception.

{"error":{"root_cause":[{"type":"security_exception","reason":"no permissions for [cluster:monitor/main] and User [name=sg_anonymous, roles=[sg_anonymous_backendrole], requestedTenant=null]"}],"type":"security_exception","reason":"no permissions for [cluster:monitor/main] and User [name=sg_anonymous, roles=[sg_anonymous_backendrole], requestedTenant=null]"},"status":403}

Can you please attach the complete sg_config.yml (attached as file, not copy and paste)?

When asking questions, please provide the following information:

  • Search Guard and Elasticsearch version

6.4.3

  • Installed and used enterprise modules, if any
  • JVM version and operating system version

JAVA 10.0.2, Ubuntu 18.04

  • Search Guard configuration files

basic_internal_auth_domain:
enabled: true
order: 0
http_authenticator:
type: basic
challenge: false
authentication_backend:
type: intern
saml_auth_domain_okta:
http_enabled: true
transport_enabled: true
order: 1
http_authenticator:
type: ‘saml’
challenge: true
config:
idp:
metadata_file: /home/ubuntu/ELK_6_4_Stack/elasticsearch-6.4.3/config/okta.xml
entity_id: http://www.okta.com/***************
sp:
entity_id: kibana-saml-demo
kibana_url: https://kibana.****.info:5601/
roles_key: Role
exchange_key: ‘eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9’
authentication_backend:
type: noop

``

  • Elasticsearch log messages on debug level
  • Other installed Elasticsearch or Kibana plugins, if any

Elasticsearch.yml:

searchguard.enterprise_modules_enabled: true

searchguard.ssl.transport.pemcert_filepath: CN=emailnow.info.crtfull.pem
searchguard.ssl.transport.pemkey_filepath: CN=emailnow.info.key.pem
searchguard.ssl.transport.pemkey_password: $$$$$$$$$$$$$$$$$$
searchguard.ssl.transport.pemtrustedcas_filepath: chain-ca.pem
searchguard.ssl.transport.enforce_hostname_verification: false


searchguard.ssl.http.enabled: true
searchguard.compliance.history.internal_config_enabled: true
searchguard.compliance.history.external_config_enabled: true
searchguard.compliance.history.read.metadata_only: true


searchguard.ssl.http.pemcert_filepath: CN=emailnow.info.crtfull.pem
searchguard.ssl.http.pemkey_filepath: CN=emailnow.info.key.pem
searchguard.ssl.http.pemkey_password: $$$$$$$$$$$$$$$$$$$$$$
searchguard.ssl.http.pemtrustedcas_filepath: chain-ca.pem
searchguard.allow_unsafe_democertificates: true
searchguard.authcz.admin_dn:
  - CN=sgadmin


searchguard.audit.type: internal_elasticsearch
searchguard.enable_snapshot_restore_privilege: true
searchguard.check_snapshot_restore_write_privileges: true
searchguard.restapi.roles_enabled: ["sg_all_access"]
cluster.routing.allocation.disk.threshold_enabled: false
cluster.name: searchguard_demo
network.host: 0.0.0.0
discovery.zen.minimum_master_nodes: 1
node.max_local_storage_nodes: 3
xpack.monitoring.enabled: true
xpack.graph.enabled: false
xpack.ml.enabled: false
xpack.security.enabled: false
xpack.watcher.enabled: false

I have set the https for elastic search and Im able to access the elastic search from server and through curl. But Unable to access it from browser and getting the below exception.

{"error":{"root_cause":[{"type":"security_exception","reason":"no permissions for [cluster:monitor/main] and User [name=sg_anonymous, roles=[sg_anonymous_backendrole], requestedTenant=null]"}],"type":"security_exception","reason":"no permissions for [cluster:monitor/main] and User [name=sg_anonymous, roles=[sg_anonymous_backendrole], requestedTenant=null]"},"status":403}

sg_config.yml (9.99 KB)

···

On Monday, 10 December 2018 18:34:16 UTC+5:30, Search Guard wrote:

On Monday, 10 December 2018 13:37:56 UTC+1, Venkata Naresh Divi wrote:

are you sure this is the config file which is loaded?

From the above mentioned error it looks like that there is anonymous authentication enabled.

After you make changes to sg_config.yml you need to push them via sgadminto become effective.

Can you provide elasticsearch logs (on debug level if possible)?

···

On Monday, 10 December 2018 14:11:22 UTC+1, Venkata Naresh Divi wrote:

On Monday, 10 December 2018 18:34:16 UTC+5:30, Search Guard wrote:

Can you please attach the complete sg_config.yml (attached as file, not copy and paste)?

On Monday, 10 December 2018 13:37:56 UTC+1, Venkata Naresh Divi wrote:

When asking questions, please provide the following information:

  • Search Guard and Elasticsearch version

6.4.3

  • Installed and used enterprise modules, if any
  • JVM version and operating system version

JAVA 10.0.2, Ubuntu 18.04

  • Search Guard configuration files

basic_internal_auth_domain:
enabled: true
order: 0
http_authenticator:
type: basic
challenge: false
authentication_backend:
type: intern
saml_auth_domain_okta:
http_enabled: true
transport_enabled: true
order: 1
http_authenticator:
type: ‘saml’
challenge: true
config:
idp:
metadata_file: /home/ubuntu/ELK_6_4_Stack/elasticsearch-6.4.3/config/okta.xml
entity_id: http://www.okta.com/***************
sp:
entity_id: kibana-saml-demo
kibana_url: https://kibana.****.info:5601/
roles_key: Role
exchange_key: ‘eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9’
authentication_backend:
type: noop

``

  • Elasticsearch log messages on debug level
  • Other installed Elasticsearch or Kibana plugins, if any

Elasticsearch.yml:

searchguard.enterprise_modules_enabled: true

searchguard.ssl.transport.pemcert_filepath: CN=emailnow.info.crtfull.pem
searchguard.ssl.transport.pemkey_filepath: CN=emailnow.info.key.pem
searchguard.ssl.transport.pemkey_password: $$$$$$$$$$$$$$$$$$
searchguard.ssl.transport.pemtrustedcas_filepath: chain-ca.pem
searchguard.ssl.transport.enforce_hostname_verification: false


searchguard.ssl.http.enabled: true
searchguard.compliance.history.internal_config_enabled: true
searchguard.compliance.history.external_config_enabled: true
searchguard.compliance.history.read.metadata_only: true


searchguard.ssl.http.pemcert_filepath: CN=emailnow.info.crtfull.pem
searchguard.ssl.http.pemkey_filepath: CN=emailnow.info.key.pem
searchguard.ssl.http.pemkey_password: $$$$$$$$$$$$$$$$$$$$$$
searchguard.ssl.http.pemtrustedcas_filepath: chain-ca.pem
searchguard.allow_unsafe_democertificates: true
searchguard.authcz.admin_dn:
  - CN=sgadmin


searchguard.audit.type: internal_elasticsearch
searchguard.enable_snapshot_restore_privilege: true
searchguard.check_snapshot_restore_write_privileges: true
searchguard.restapi.roles_enabled: ["sg_all_access"]
cluster.routing.allocation.disk.threshold_enabled: false
cluster.name: searchguard_demo
network.host: 0.0.0.0
discovery.zen.minimum_master_nodes: 1
node.max_local_storage_nodes: 3
xpack.monitoring.enabled: true
xpack.graph.enabled: false
xpack.ml.enabled: false
xpack.security.enabled: false
xpack.watcher.enabled: false

I have set the https for elastic search and Im able to access the elastic search from server and through curl. But Unable to access it from browser and getting the below exception.

{"error":{"root_cause":[{"type":"security_exception","reason":"no permissions for [cluster:monitor/main] and User [name=sg_anonymous, roles=[sg_anonymous_backendrole], requestedTenant=null]"}],"type":"security_exception","reason":"no permissions for [cluster:monitor/main] and User [name=sg_anonymous, roles=[sg_anonymous_backendrole], requestedTenant=null]"},"status":403}

pls provide also the kibana.yml and make sure you followed

https://docs.search-guard.com/latest/saml-authentication and

https://search-guard.com/kibana-elasticsearch-saml

···

On Monday, 10 December 2018 14:49:10 UTC+1, Search Guard wrote:

are you sure this is the config file which is loaded?

From the above mentioned error it looks like that there is anonymous authentication enabled.

After you make changes to sg_config.yml you need to push them via sgadminto become effective.

Can you provide elasticsearch logs (on debug level if possible)?

On Monday, 10 December 2018 14:11:22 UTC+1, Venkata Naresh Divi wrote:

On Monday, 10 December 2018 18:34:16 UTC+5:30, Search Guard wrote:

Can you please attach the complete sg_config.yml (attached as file, not copy and paste)?

On Monday, 10 December 2018 13:37:56 UTC+1, Venkata Naresh Divi wrote:

When asking questions, please provide the following information:

  • Search Guard and Elasticsearch version

6.4.3

  • Installed and used enterprise modules, if any
  • JVM version and operating system version

JAVA 10.0.2, Ubuntu 18.04

  • Search Guard configuration files

basic_internal_auth_domain:
enabled: true
order: 0
http_authenticator:
type: basic
challenge: false
authentication_backend:
type: intern
saml_auth_domain_okta:
http_enabled: true
transport_enabled: true
order: 1
http_authenticator:
type: ‘saml’
challenge: true
config:
idp:
metadata_file: /home/ubuntu/ELK_6_4_Stack/elasticsearch-6.4.3/config/okta.xml
entity_id: http://www.okta.com/***************
sp:
entity_id: kibana-saml-demo
kibana_url: https://kibana.****.info:5601/
roles_key: Role
exchange_key: ‘eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9’
authentication_backend:
type: noop

``

  • Elasticsearch log messages on debug level
  • Other installed Elasticsearch or Kibana plugins, if any

Elasticsearch.yml:

searchguard.enterprise_modules_enabled: true

searchguard.ssl.transport.pemcert_filepath: CN=emailnow.info.crtfull.pem
searchguard.ssl.transport.pemkey_filepath: CN=emailnow.info.key.pem
searchguard.ssl.transport.pemkey_password: $$$$$$$$$$$$$$$$$$
searchguard.ssl.transport.pemtrustedcas_filepath: chain-ca.pem
searchguard.ssl.transport.enforce_hostname_verification: false


searchguard.ssl.http.enabled: true
searchguard.compliance.history.internal_config_enabled: true
searchguard.compliance.history.external_config_enabled: true
searchguard.compliance.history.read.metadata_only: true


searchguard.ssl.http.pemcert_filepath: CN=emailnow.info.crtfull.pem
searchguard.ssl.http.pemkey_filepath: CN=emailnow.info.key.pem
searchguard.ssl.http.pemkey_password: $$$$$$$$$$$$$$$$$$$$$$
searchguard.ssl.http.pemtrustedcas_filepath: chain-ca.pem
searchguard.allow_unsafe_democertificates: true
searchguard.authcz.admin_dn:
  - CN=sgadmin


searchguard.audit.type: internal_elasticsearch
searchguard.enable_snapshot_restore_privilege: true
searchguard.check_snapshot_restore_write_privileges: true
searchguard.restapi.roles_enabled: ["sg_all_access"]
cluster.routing.allocation.disk.threshold_enabled: false
cluster.name: searchguard_demo
network.host: 0.0.0.0
discovery.zen.minimum_master_nodes: 1
node.max_local_storage_nodes: 3
xpack.monitoring.enabled: true
xpack.graph.enabled: false
xpack.ml.enabled: false
xpack.security.enabled: false
xpack.watcher.enabled: false

I have set the https for elastic search and Im able to access the elastic search from server and through curl. But Unable to access it from browser and getting the below exception.

{"error":{"root_cause":[{"type":"security_exception","reason":"no permissions for [cluster:monitor/main] and User [name=sg_anonymous, roles=[sg_anonymous_backendrole], requestedTenant=null]"}],"type":"security_exception","reason":"no permissions for [cluster:monitor/main] and User [name=sg_anonymous, roles=[sg_anonymous_backendrole], requestedTenant=null]"},"status":403}