Constant warnings in Elasticsearch log when using SAML

[Max Caines]

Hi

I'm using SAML authentication, which is working fine, but my Elasticsearch log is full of WARN messages that say:

No 'Basic Authorization' header, send 401 and 'WWW-Authenticate-Basic'

After raising the logging level to DEBUG I found that these were appearing every time  my browser refreshed the current dashboard. Immediately after was the line recognizing my username and roles. 

Does this indicate a problem? If not, can I suppress these messages? I suppose I could reduce logging to ERROR, but this seems like a bad idea

Regards

Max

[Jochen Kressin]

No, it is not a problem, and the log level here should rather be info or even debug.

The reason you are seeing it is because there are two authentication domains active, Basic (which comes first) and SAML (which comes second). Whenever a SAML authenticated requests hits the Basic domain, authentication fails (as expected). It is then passed to the SAML domain which successfully authenticates the request. So it is expected that the Basic auth domain fails, and that's why the log level is probably not correct here.

[Jochen Kressin]

As a workaround, you can set the log level of the respective class to error:

logger.searchguard.name = com.floragunn.searchguard.support.HTTPHelper

logger.searchguard.level = error

[Max Caines]

Thanks. That does fix it

Max

--
You received this message because you are subscribed to the Google Groups "Search Guard Community Forum" group.
To unsubscribe from this group and stop receiving emails from it, send an email to search-guard...@googlegroups.com.
To post to this group, send email to search...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/search-guard/5b806baf-566f-434b-b4d7-f3cba0609da1%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.