Hi Brian,
we've analyzed the log files and tried to replicate the problem here, but no luck so far. The log file also looks fine, I can't find anything regarding the login or the internal server error.
The first login attempt starts here:
[2017-07-13T13:58:56,298][DEBUG][c.f.s.a.BackendRegistry ] Try to extract auth creds from http basic
[2017-07-13T13:58:56,298][DEBUG][c.f.s.a.BackendRegistry ] User 'XXX' is in cache? false (cache size: 1)
... LDAP stuff ...
[2017-07-13T13:58:56,466][DEBUG][c.f.d.a.l.b.LDAPAuthenticationBackend] Authenticated username brians
[2017-07-13T13:58:56,468][DEBUG][c.f.s.a.BackendRegistry ] User 'User [name=XXX, roles=[]]' is authenticated
which means that the authentication process takes around 150ms. Which is still a bit high, but depends on network latency and LDAP server performance. So, this seems fine. After that, the user is cached (default is 1 hour), so even the LDAP server should not have any impact anymore:
[2017-07-13T13:58:56,609][DEBUG][c.f.s.a.BackendRegistry ] Try to extract auth creds from http basic
[2017-07-13T13:58:56,609][DEBUG][c.f.s.a.BackendRegistry ] User 'XXX' is in cache? true (cache size: 2)
[2017-07-13T13:58:56,610][DEBUG][c.f.s.a.BackendRegistry ] User 'User [name=XXX, roles=[]]' is authenticated
Cache size seems ok, since both your user and the Kibana server user is cached. Also, there are no Exceptions in the log, which I would have expected since Kibana logs an 500 internal server error.
So, at the moment I can't see anything in the ES log that seems related to the issues you're facing. Also, LDAP is a major use case for Search Guard, and we did not hear about such a behaviour before. Therefore I guess the problem is not related to the LDAP module at the moment. But just to make sure:
- If you only use the internal user database and disable LDAP, do you still see these issues?
- Apart from Search Guard, do you have any other ES plugins installed
- Apart from the SG Kibana plugin, do you have any other Kibana plugins installed
- Are there any other services running against ES?
In other words - can you replicate the problem with a minimum installation of ES/SG and KI/SG Kibana plugin?
Next, let's look at the actual HTTP requests from Kibana. Can you please:
- Delete all log files
- Fire up ES and KI
- In Chrome, open the Developer tools and switch to the Network tab
- Replicate the login problem
In the network tab, can you spot which request is actually taking so long? If you find anything there, please post (or email) the request incl. headers and payload, and the reponse? And send the ES log file as well?
Sorry for the delayed response, but since we can't reproduce the problem we're having a hard time pinpointing the problem.