Username input in

If you think it is a bug report or you have a technical issue, please answer the following questions. For general questions, you can delete these questions.

**Elasticsearch version:8.12.2

**Server OS version:centos 7
Search guard version

Error Message
Successfully connected to cluster elasticsearch (localhost) as user CN=Server,
java.lang.IllegalArgumentException: Illegal character in fragment at index 36: /searchguard/internal_users/…username…encripted
at java.base/
at org.apache.http.client.methods.HttpGet.(
at com.floragunn.searchguard.sgctl.client.SearchGuardRestClient.get(
at com.floragunn.searchguard.sgctl.client.SearchGuardRestClient.getUser(
at com.floragunn.searchguard.sgctl.commands.user.UpdateUser.lambda$call$1(
at com.floragunn.searchguard.sgctl.commands.BaseCommand.retryOnConcurrencyConflict(
at picocli.CommandLine.executeUserObject(
at picocli.CommandLine.access$1500(
at picocli.CommandLine$RunLast.executeUserObjectOfLastSubcommandWithSameParent(
at picocli.CommandLine$RunLast.handle(
at picocli.CommandLine$RunLast.handle(
at picocli.CommandLine$AbstractParseResultHandler.execute(
at picocli.CommandLine$RunLast.execute(
at picocli.CommandLine.execute(
at com.floragunn.searchguard.sgctl.SgctlTool.exec(
at com.floragunn.searchguard.sgctl.SgctlTool.main(
Caused by: Illegal character in fragment at index 36: /searchguard/internal_users/…
at java.base/$
at java.base/$Parser.checkChars(
at java.base/$Parser.parse(
at java.base/
at java.base/
… 17 more
Failed to update user. The installation was aborted.
Below username is works in elasticseach 6 but throws error in elasticsearch 8.12.2

Cause for this error and how to resolve it.
And what is official documentation says about username and password

Below is yml /var/lib/elasticsearch
path.logs: /var/log/elasticsearch false true
enabled: false
keystore.path: certs/http.p12
enabled: true
verification_mode: certificate
keystore.path: certs/transport.p12
truststore.path: certs/transport.p12

  • elasticsearch localhost.localdomain localhost,ip
    http.port: 9200
    searchguard.enterprise_modules_enabled: false
    thread_pool.write.queue_size: 1000
    discovery.seed_hosts: ip
    http.max_content_length: 500mb
    indices.query.bool.max_clause_count: 200000 50
    searchguard.ssl.transport.pemkey_filepath: key.pem
    searchguard.ssl.transport.pemcert_filepath: cert.pem
    searchguard.ssl.transport.pemtrustedcas_filepath: cacert.pem
    searchguard.ssl.transport.enforce_hostname_verification: false
  • TLSv1.2
    searchguard.ssl.http.pemkey_filepath: key.pem
    searchguard.ssl.http.pemcert_filepath: cert.pem
    searchguard.ssl.http.pemtrustedcas_filepath: cacert.pem
    searchguard.ssl.http.enabled: true
  • TLSv1.2
  • CN=Server,XXXXXX
    searchguard.check_snapshot_restore_write_privileges: true

Hi @Varinder1,

I have noticed that you are using the RC version, the GA is now available and I would strongly suggest using GA, please see more here:

How did you deploy your internal user, and how did you hash passwords?


I am using elasticsearch 8. I am using latest version of searchguard.2.0.0

@mantas Am I missing something, please suggest . Can i use **pongo#~!$*()_-+=.?/pongo#~!$()-+=.?/pongo#~`!$()-+=.?/db18 as a username without any issue.

@Varinder1, yes that is the correct way to get the plugin.

Should look something like: (with out rc)

how do you create your internal users?

Could you please elaborate on the below:


I have tried the GA version it also fails
“${INSTALL_PATH}”/bin/elasticsearch-plugin install -b file:“${SCRIPT_PATH}/sources/” >>“${INSTALL_LOG}”

I did not do anything special to create internal user

I also want to edit this post , can any body help me with this .

Can anybody brief the discussion?
It’s getting tough to understand cause the coding is just too much and messy.

I was using pongo#~!$*()_-+=.?/pongo#~ !$() -+=.?/pongo#~`!$() -+=.?/db18 as user name it is working fine in ES6 but throwing error in ES8.
Thats it.

This topic was automatically closed 21 days after the last reply. New replies are no longer allowed.