User authentication refused when we use the ELK (CE) APIs

Hi,

We are trying to use API available in ELK Community Edition to manage elastic indexes, import dashboard, etc …

With ELK CE we can use it without problem. When we use SearchGuard plugin (CE) API authentication is refused even if we use the demo users database and even if it is the admin user.

Is it possible to use Elastic & Kibana API with SearchGuard (CE) plugin ? and if not, is it possible to deactivate Searchguard (CE) plugin for the API in order to use like we did with ELK CE. (no user authentication) ?

Thank for your support.

When asking questions, please provide the following information:

  • Search Guard and Elasticsearch version: 6.4.3

  • Installed and used enterprise modules, if any NO

Kibana API should work fine with Search Guard CE

Can you please provide the following informations so that we help to track down this issue:
- ES/Kibana and SG version you are using
- kibana.yml and elasticsearch.yml
- The API call which fails (including exact response)
- ES + Kibana logs

···

Am 13.12.2018 um 09:08 schrieb plaz300664@gmail.com:

Hi,

We are trying to use API available in ELK Community Edition to manage elastic indexes, import dashboard, etc ...
With ELK CE we can use it without problem. When we use SearchGuard plugin (CE) API authentication is refused even if we use the demo users database and even if it is the admin user.
Is it possible to use Elastic & Kibana API with SearchGuard (CE) plugin ? and if not, is it possible to deactivate Searchguard (CE) plugin for the API in order to use like we did with ELK CE. (no user authentication) ?

Thank for your support.

When asking questions, please provide the following information:

* Search Guard and Elasticsearch version: 6.4.3
* Installed and used enterprise modules, if any NO

--
You received this message because you are subscribed to the Google Groups "Search Guard Community Forum" group.
To unsubscribe from this group and stop receiving emails from it, send an email to search-guard+unsubscribe@googlegroups.com.
To post to this group, send email to search-guard@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/search-guard/323bd5a7-293f-49f9-98bd-b4744bedb96e%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Problem seems to be

[2018-12-13T06:09:20,425][WARN ][c.f.s.a.BackendRegistry ] Authentication finally failed for elastic
[2018-12-13T06:09:21,464][WARN ][c.f.s.a.BackendRegistry ] Authentication finally failed for elastic
[2018-12-13T06:09:43,265][WARN ][c.f.s.a.BackendRegistry ] Authentication finally failed for admin
[2018-12-13T06:09:44,295][WARN ][c.f.s.a.BackendRegistry ] Authentication finally failed for admin
[2018-12-13T06:15:54,985][WARN ][c.f.s.a.BackendRegistry ] Authentication finally failed for admin
[2018-12-13T06:15:55,999][WARN ][c.f.s.a.BackendRegistry ] Authentication finally failed for admin
[2018-12-13T06:19:00,254][WARN ][c.f.s.a.BackendRegistry ] Authentication finally failed for pascal.lazaridis
[2018-12-13T06:19:01,269][WARN ][c.f.s.a.BackendRegistry ] Authentication finally failed for pascal.lazaridis
[2018-12-13T06:19:44,182][WARN ][c.f.s.a.BackendRegistry ] Authentication finally failed for kibanaserver
[2018-12-13T06:19:45,202][WARN ][c.f.s.a.BackendRegistry ] Authentication finally failed for kibanaserver
[2018-12-13T06:20:32,852][WARN ][c.f.s.a.BackendRegistry ] Authentication finally failed for kibanaro
[2018-12-13T06:20:33,866][WARN ][c.f.s.a.BackendRegistry ] Authentication finally failed for kibanaro
[2018-12-13T06:21:09,221][WARN ][c.f.s.a.BackendRegistry ] Authentication finally failed for snapshotrestore
[2018-12-13T06:21:10,236][WARN ][c.f.s.a.BackendRegistry ] Authentication finally failed for snapshotrestore
[2018-12-13T19:35:58,128][WARN ][c.f.s.a.BackendRegistry ] Authentication finally failed for snapshotrestore
[2018-12-13T19:35:59,165][WARN ][c.f.s.a.BackendRegistry ] Authentication finally failed for snapshotrestore
[2018-12-13T19:36:39,963][WARN ][c.f.s.a.BackendRegistry ] Authentication finally failed for admin
[2018-12-13T19:36:40,993][WARN ][c.f.s.a.BackendRegistry ] Authentication finally failed for admin

Can you please also attach your sg_config.yml and sg_internal_users.yml (just to make sure config is ok)

···

Am 13.12.2018 um 20:48 schrieb plaz300664@gmail.com:

Thank you for your support. Please find hereunder the requested information:

ELK_VERSION=6.4.3
SG_VERSION=23.1
SG_VERSION_KIBANA=15

Kibana API requests:
1) restore dashboards:
curl -u admin:admin -X POST "http://192.168.213.128:8082/api/kibana/dashboards/import?force=true" -H "kbn-xsrf: true" -H "Content-Type: application/json" --data-binary "@/opt/dataDisk/KIBANA_ELK.json"

2) set default kibana index
curl -u admin:admin -X POST "http://192.168.213.128:8082/api/kibana/settings/defaultIndex" -H "kbn-xsrf: true" -H "kbn-xsrf: true" -d {"value": "51353aa0-d56b-11e8-a5e1-8df6c780d644"}"

** No reply received.from the server

ES & Kibana logs files and their configuration files are attached to this message.

Thank you !

Le jeudi 13 décembre 2018 11:21:04 UTC+1, Search Guard a écrit :
Kibana API should work fine with Search Guard CE

Can you please provide the following informations so that we help to track down this issue:
- ES/Kibana and SG version you are using
- kibana.yml and elasticsearch.yml
- The API call which fails (including exact response)
- ES + Kibana logs

> Am 13.12.2018 um 09:08 schrieb plaz3...@gmail.com:
>
>
> Hi,
>
> We are trying to use API available in ELK Community Edition to manage elastic indexes, import dashboard, etc ...
> With ELK CE we can use it without problem. When we use SearchGuard plugin (CE) API authentication is refused even if we use the demo users database and even if it is the admin user.
> Is it possible to use Elastic & Kibana API with SearchGuard (CE) plugin ? and if not, is it possible to deactivate Searchguard (CE) plugin for the API in order to use like we did with ELK CE. (no user authentication) ?
>
> Thank for your support.
>
>
> When asking questions, please provide the following information:
>
> * Search Guard and Elasticsearch version: 6.4.3
> * Installed and used enterprise modules, if any NO
>
>
> --
> You received this message because you are subscribed to the Google Groups "Search Guard Community Forum" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to search-guard...@googlegroups.com.
> To post to this group, send email to search...@googlegroups.com.
> To view this discussion on the web visit https://groups.google.com/d/msgid/search-guard/323bd5a7-293f-49f9-98bd-b4744bedb96e%40googlegroups.com.
> For more options, visit https://groups.google.com/d/optout.

--
You received this message because you are subscribed to the Google Groups "Search Guard Community Forum" group.
To unsubscribe from this group and stop receiving emails from it, send an email to search-guard+unsubscribe@googlegroups.com.
To post to this group, send email to search-guard@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/search-guard/c86c6c4e-9e31-4ece-b7ee-0ecd11bad1fd%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
<elasticsearch.yml><kibana.yml><KIBANA.log><ES.log>

Hi,

In fact I found the problem and it was due to a bad curl request.

Sorry to have posted my support request may be too quickly.

Thank you again !

···

Le jeudi 13 décembre 2018 09:08:24 UTC+1, plaz3...@gmail.com a écrit :

Hi,

We are trying to use API available in ELK Community Edition to manage elastic indexes, import dashboard, etc …

With ELK CE we can use it without problem. When we use SearchGuard plugin (CE) API authentication is refused even if we use the demo users database and even if it is the admin user.

Is it possible to use Elastic & Kibana API with SearchGuard (CE) plugin ? and if not, is it possible to deactivate Searchguard (CE) plugin for the API in order to use like we did with ELK CE. (no user authentication) ?

Thank for your support.

When asking questions, please provide the following information:

  • Search Guard and Elasticsearch version: 6.4.3
  • Installed and used enterprise modules, if any NO