When asking questions, please provide the following information:
- Search Guard and Elasticsearch version
6.4.3
JAVA 10.0.2, Ubuntu 18.04
- Search Guard configuration files
basic_internal_auth_domain:
enabled: true
order: 0
http_authenticator:
type: basic
challenge: false
authentication_backend:
type: intern
saml_auth_domain_okta:
http_enabled: true
transport_enabled: true
order: 1
http_authenticator:
type: ‘saml’
challenge: true
config:
idp:
metadata_file: /home/ubuntu/ELK_6_4_Stack/elasticsearch-6.4.3/config/okta.xml
entity_id: http://www.okta.com/***************
sp:
entity_id: kibana-saml-demo
kibana_url: https://kibana.****.info:5601/
roles_key: Role
exchange_key: ‘eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9’
authentication_backend:
type: noop
``
Elasticsearch.yml:
searchguard.enterprise_modules_enabled: true
searchguard.ssl.transport.pemcert_filepath: CN=emailnow.info.crtfull.pem
searchguard.ssl.transport.pemkey_filepath: CN=emailnow.info.key.pem
searchguard.ssl.transport.pemkey_password: $$$$$$$$$$$$$$$$$$
searchguard.ssl.transport.pemtrustedcas_filepath: chain-ca.pem
searchguard.ssl.transport.enforce_hostname_verification: false
searchguard.ssl.http.enabled: true
searchguard.compliance.history.internal_config_enabled: true
searchguard.compliance.history.external_config_enabled: true
searchguard.compliance.history.read.metadata_only: true
searchguard.ssl.http.pemcert_filepath: CN=emailnow.info.crtfull.pem
searchguard.ssl.http.pemkey_filepath: CN=emailnow.info.key.pem
searchguard.ssl.http.pemkey_password: $$$$$$$$$$$$$$$$$$$$$$
searchguard.ssl.http.pemtrustedcas_filepath: chain-ca.pem
searchguard.allow_unsafe_democertificates: true
searchguard.authcz.admin_dn:
- CN=sgadmin
searchguard.audit.type: internal_elasticsearch
searchguard.enable_snapshot_restore_privilege: true
searchguard.check_snapshot_restore_write_privileges: true
searchguard.restapi.roles_enabled: ["sg_all_access"]
cluster.routing.allocation.disk.threshold_enabled: false
cluster.name: searchguard_demo
network.host: 0.0.0.0
discovery.zen.minimum_master_nodes: 1
node.max_local_storage_nodes: 3
xpack.monitoring.enabled: true
xpack.graph.enabled: false
xpack.ml.enabled: false
xpack.security.enabled: false
xpack.watcher.enabled: false
I have set the https for elastic search and Im able to access the elastic search from server and through curl. But Unable to access it from browser and getting the below exception.
{“error”:{“root_cause”:[{“type”:“security_exception”,“reason”:“no permissions for [cluster:monitor/main] and User [name=sg_anonymous, roles=[sg_anonymous_backendrole], requestedTenant=null]”}],“type”:“security_exception”,“reason”:“no permissions for [cluster:monitor/main] and User [name=sg_anonymous, roles=[sg_anonymous_backendrole], requestedTenant=null]”},“status”:403}
Can you please attach the complete sg_config.yml (attached as file, not copy and paste)?
···
On Monday, 10 December 2018 13:37:56 UTC+1, Venkata Naresh Divi wrote:
When asking questions, please provide the following information:
- Search Guard and Elasticsearch version
6.4.3
- Installed and used enterprise modules, if any
- JVM version and operating system version
JAVA 10.0.2, Ubuntu 18.04
- Search Guard configuration files
basic_internal_auth_domain:
enabled: true
order: 0
http_authenticator:
type: basic
challenge: false
authentication_backend:
type: intern
saml_auth_domain_okta:
http_enabled: true
transport_enabled: true
order: 1
http_authenticator:
type: ‘saml’
challenge: true
config:
idp:
metadata_file: /home/ubuntu/ELK_6_4_Stack/elasticsearch-6.4.3/config/okta.xml
entity_id: http://www.okta.com/***************
sp:
entity_id: kibana-saml-demo
kibana_url: https://kibana.****.info:5601/
roles_key: Role
exchange_key: ‘eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9’
authentication_backend:
type: noop
``
- Elasticsearch log messages on debug level
- Other installed Elasticsearch or Kibana plugins, if any
Elasticsearch.yml:
searchguard.enterprise_modules_enabled: true
searchguard.ssl.transport.pemcert_filepath: CN=emailnow.info.crtfull.pem
searchguard.ssl.transport.pemkey_filepath: CN=emailnow.info.key.pem
searchguard.ssl.transport.pemkey_password: $$$$$$$$$$$$$$$$$$
searchguard.ssl.transport.pemtrustedcas_filepath: chain-ca.pem
searchguard.ssl.transport.enforce_hostname_verification: false
searchguard.ssl.http.enabled: true
searchguard.compliance.history.internal_config_enabled: true
searchguard.compliance.history.external_config_enabled: true
searchguard.compliance.history.read.metadata_only: true
searchguard.ssl.http.pemcert_filepath: CN=emailnow.info.crtfull.pem
searchguard.ssl.http.pemkey_filepath: CN=emailnow.info.key.pem
searchguard.ssl.http.pemkey_password: $$$$$$$$$$$$$$$$$$$$$$
searchguard.ssl.http.pemtrustedcas_filepath: chain-ca.pem
searchguard.allow_unsafe_democertificates: true
searchguard.authcz.admin_dn:
- CN=sgadmin
searchguard.audit.type: internal_elasticsearch
searchguard.enable_snapshot_restore_privilege: true
searchguard.check_snapshot_restore_write_privileges: true
searchguard.restapi.roles_enabled: ["sg_all_access"]
cluster.routing.allocation.disk.threshold_enabled: false
cluster.name: searchguard_demo
network.host: 0.0.0.0
discovery.zen.minimum_master_nodes: 1
node.max_local_storage_nodes: 3
xpack.monitoring.enabled: true
xpack.graph.enabled: false
xpack.ml.enabled: false
xpack.security.enabled: false
xpack.watcher.enabled: false
I have set the https for elastic search and Im able to access the elastic search from server and through curl. But Unable to access it from browser and getting the below exception.
{"error":{"root_cause":[{"type":"security_exception","reason":"no permissions for [cluster:monitor/main] and User [name=sg_anonymous, roles=[sg_anonymous_backendrole], requestedTenant=null]"}],"type":"security_exception","reason":"no permissions for [cluster:monitor/main] and User [name=sg_anonymous, roles=[sg_anonymous_backendrole], requestedTenant=null]"},"status":403}
are you sure this is the config file which is loaded?
From the above mentioned error it looks like that there is anonymous authentication enabled.
After you make changes to sg_config.yml you need to push them via sgadminto become effective.
Can you provide elasticsearch logs (on debug level if possible)?
···
On Monday, 10 December 2018 14:11:22 UTC+1, Venkata Naresh Divi wrote:
On Monday, 10 December 2018 18:34:16 UTC+5:30, Search Guard wrote:
Can you please attach the complete sg_config.yml (attached as file, not copy and paste)?
On Monday, 10 December 2018 13:37:56 UTC+1, Venkata Naresh Divi wrote:
When asking questions, please provide the following information:
- Search Guard and Elasticsearch version
6.4.3
- Installed and used enterprise modules, if any
- JVM version and operating system version
JAVA 10.0.2, Ubuntu 18.04
- Search Guard configuration files
basic_internal_auth_domain:
enabled: true
order: 0
http_authenticator:
type: basic
challenge: false
authentication_backend:
type: intern
saml_auth_domain_okta:
http_enabled: true
transport_enabled: true
order: 1
http_authenticator:
type: ‘saml’
challenge: true
config:
idp:
metadata_file: /home/ubuntu/ELK_6_4_Stack/elasticsearch-6.4.3/config/okta.xml
entity_id: http://www.okta.com/***************
sp:
entity_id: kibana-saml-demo
kibana_url: https://kibana.****.info:5601/
roles_key: Role
exchange_key: ‘eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9’
authentication_backend:
type: noop
``
- Elasticsearch log messages on debug level
- Other installed Elasticsearch or Kibana plugins, if any
Elasticsearch.yml:
searchguard.enterprise_modules_enabled: true
searchguard.ssl.transport.pemcert_filepath: CN=emailnow.info.crtfull.pem
searchguard.ssl.transport.pemkey_filepath: CN=emailnow.info.key.pem
searchguard.ssl.transport.pemkey_password: $$$$$$$$$$$$$$$$$$
searchguard.ssl.transport.pemtrustedcas_filepath: chain-ca.pem
searchguard.ssl.transport.enforce_hostname_verification: false
searchguard.ssl.http.enabled: true
searchguard.compliance.history.internal_config_enabled: true
searchguard.compliance.history.external_config_enabled: true
searchguard.compliance.history.read.metadata_only: true
searchguard.ssl.http.pemcert_filepath: CN=emailnow.info.crtfull.pem
searchguard.ssl.http.pemkey_filepath: CN=emailnow.info.key.pem
searchguard.ssl.http.pemkey_password: $$$$$$$$$$$$$$$$$$$$$$
searchguard.ssl.http.pemtrustedcas_filepath: chain-ca.pem
searchguard.allow_unsafe_democertificates: true
searchguard.authcz.admin_dn:
- CN=sgadmin
searchguard.audit.type: internal_elasticsearch
searchguard.enable_snapshot_restore_privilege: true
searchguard.check_snapshot_restore_write_privileges: true
searchguard.restapi.roles_enabled: ["sg_all_access"]
cluster.routing.allocation.disk.threshold_enabled: false
cluster.name: searchguard_demo
network.host: 0.0.0.0
discovery.zen.minimum_master_nodes: 1
node.max_local_storage_nodes: 3
xpack.monitoring.enabled: true
xpack.graph.enabled: false
xpack.ml.enabled: false
xpack.security.enabled: false
xpack.watcher.enabled: false
I have set the https for elastic search and Im able to access the elastic search from server and through curl. But Unable to access it from browser and getting the below exception.
{"error":{"root_cause":[{"type":"security_exception","reason":"no permissions for [cluster:monitor/main] and User [name=sg_anonymous, roles=[sg_anonymous_backendrole], requestedTenant=null]"}],"type":"security_exception","reason":"no permissions for [cluster:monitor/main] and User [name=sg_anonymous, roles=[sg_anonymous_backendrole], requestedTenant=null]"},"status":403}
pls provide also the kibana.yml and make sure you followed
SAML Authentication | Security for Elasticsearch | Search Guard and
···
On Monday, 10 December 2018 14:49:10 UTC+1, Search Guard wrote:
are you sure this is the config file which is loaded?
From the above mentioned error it looks like that there is anonymous authentication enabled.
After you make changes to sg_config.yml you need to push them via sgadminto become effective.
Can you provide elasticsearch logs (on debug level if possible)?
On Monday, 10 December 2018 14:11:22 UTC+1, Venkata Naresh Divi wrote:
On Monday, 10 December 2018 18:34:16 UTC+5:30, Search Guard wrote:
Can you please attach the complete sg_config.yml (attached as file, not copy and paste)?
On Monday, 10 December 2018 13:37:56 UTC+1, Venkata Naresh Divi wrote:
When asking questions, please provide the following information:
- Search Guard and Elasticsearch version
6.4.3
- Installed and used enterprise modules, if any
- JVM version and operating system version
JAVA 10.0.2, Ubuntu 18.04
- Search Guard configuration files
basic_internal_auth_domain:
enabled: true
order: 0
http_authenticator:
type: basic
challenge: false
authentication_backend:
type: intern
saml_auth_domain_okta:
http_enabled: true
transport_enabled: true
order: 1
http_authenticator:
type: ‘saml’
challenge: true
config:
idp:
metadata_file: /home/ubuntu/ELK_6_4_Stack/elasticsearch-6.4.3/config/okta.xml
entity_id: http://www.okta.com/***************
sp:
entity_id: kibana-saml-demo
kibana_url: https://kibana.****.info:5601/
roles_key: Role
exchange_key: ‘eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9’
authentication_backend:
type: noop
``
- Elasticsearch log messages on debug level
- Other installed Elasticsearch or Kibana plugins, if any
Elasticsearch.yml:
searchguard.enterprise_modules_enabled: true
searchguard.ssl.transport.pemcert_filepath: CN=emailnow.info.crtfull.pem
searchguard.ssl.transport.pemkey_filepath: CN=emailnow.info.key.pem
searchguard.ssl.transport.pemkey_password: $$$$$$$$$$$$$$$$$$
searchguard.ssl.transport.pemtrustedcas_filepath: chain-ca.pem
searchguard.ssl.transport.enforce_hostname_verification: false
searchguard.ssl.http.enabled: true
searchguard.compliance.history.internal_config_enabled: true
searchguard.compliance.history.external_config_enabled: true
searchguard.compliance.history.read.metadata_only: true
searchguard.ssl.http.pemcert_filepath: CN=emailnow.info.crtfull.pem
searchguard.ssl.http.pemkey_filepath: CN=emailnow.info.key.pem
searchguard.ssl.http.pemkey_password: $$$$$$$$$$$$$$$$$$$$$$
searchguard.ssl.http.pemtrustedcas_filepath: chain-ca.pem
searchguard.allow_unsafe_democertificates: true
searchguard.authcz.admin_dn:
- CN=sgadmin
searchguard.audit.type: internal_elasticsearch
searchguard.enable_snapshot_restore_privilege: true
searchguard.check_snapshot_restore_write_privileges: true
searchguard.restapi.roles_enabled: ["sg_all_access"]
cluster.routing.allocation.disk.threshold_enabled: false
cluster.name: searchguard_demo
network.host: 0.0.0.0
discovery.zen.minimum_master_nodes: 1
node.max_local_storage_nodes: 3
xpack.monitoring.enabled: true
xpack.graph.enabled: false
xpack.ml.enabled: false
xpack.security.enabled: false
xpack.watcher.enabled: false
I have set the https for elastic search and Im able to access the elastic search from server and through curl. But Unable to access it from browser and getting the below exception.
{"error":{"root_cause":[{"type":"security_exception","reason":"no permissions for [cluster:monitor/main] and User [name=sg_anonymous, roles=[sg_anonymous_backendrole], requestedTenant=null]"}],"type":"security_exception","reason":"no permissions for [cluster:monitor/main] and User [name=sg_anonymous, roles=[sg_anonymous_backendrole], requestedTenant=null]"},"status":403}