Users cannot login, when other users with the same configuration can

  • Search Guard and Elasticsearch version 6.2.4

We have specific users that cannot log in to Kibana anymore. When they attempt to log in they get a “No tenant available for this user, please contact your system administrator” response (there seems to be another response that shows up initially, but gets overlayed almost immediately with this message).

We don’t believe anything was changed in their user configurations between when they were able to log in and when they started getting this response. Users with the exact same configuration (same role and mapping) are able to log in. So, if I were to create a user with the same exact configuration except for the same username, they are able to log in. We tried deleting and then recreating the user, didn’t work.

The only two things that differentiate these users from our other users (that are able to log in), is that they were created with an invalid backend role initially (whereas the other users were not created with a backend role), and that they were created through the REST API.

Things of note:

  • After attempting to log in with the corrupted user (and not being able to log in), and then logging in as the system administrator, the admin doesn’t have permissions to access the Searchguard configuration but is able to access their other tenants. The admin has to log out and log back in