Proxy Authentication not working

[Samreen Farooq]

* Search Guard and Elasticsearch version : 5.4.2

* Installed and used enterprise modules, if any: none

* JVM version and operating system version : java version 8, windows 10

* Other installed Elasticsearch or Kibana plugins: none

I am trying to authenticate elasticsearch index by sending get request to obtain authinfo via postman

here is my get request:

http://localhost:9200/_searchguard/authinfo

[{"key":"x-forwarded-for","value":"localhost","description":""},{"key":"x-proxy-user","value":"samreen","description":""},{"key":"x-proxy-roles","value":"sg_samreen_custom","description":""}]

in sg_roles i have defined:

sg_samreen_custom:

    cluster:

        -UNLIMITED

    indices:

       'samreen':

           '*':

            - INDICES_ALL

in sg_roles_mapping i have defined:

sg_samreen_custom:

  users:

    - ProductionSupport

    - samreen

  backendroles:

    - management

    - operations

    - 'cn=ldaprole,ou=groups,dc=example,dc=com'

and in sg_internal_users

i have defined user named samreen

[SG]

Pls. send a postman screenshot on how you do this exactly and what the resposne looks like.

Even better than postman is to try this with curl, like
curl -XGET 'http://localhost:9200/_searchguard/authinfo?pretty=true' -v -H "x-proxy-user: samreen" -H "x-proxy-roles: management" -H "x-forwarded-for: 192.168.1.1"

> --
> You received this message because you are subscribed to the Google Groups "Search Guard Community Forum" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to search-guard...@googlegroups.com.
> To post to this group, send email to search...@googlegroups.com.
> To view this discussion on the web visit https://groups.google.com/d/msgid/search-guard/59d380da-b633-4c6c-a0a8-399b543d18b9%40googlegroups.com.
> For more options, visit https://groups.google.com/d/optout.
> <sg_config.yml>

[Samreen Farooq]

Basically we want to implement an SSO solution for kibana.

i am adding screenshot of postman.

> To unsubscribe from this group and stop receiving emails from it, send an email to search-guard+unsubscribe@googlegroups.com.

> To post to this group, send email to search...@googlegroups.com.
> To view this discussion on the web visit https://groups.google.com/d/msgid/search-guard/59d380da-b633-4c6c-a0a8-399b543d18b9%40googlegroups.com.
> For more options, visit https://groups.google.com/d/optout.
> <sg_config.yml>

--
You received this message because you are subscribed to a topic in the Google Groups "Search Guard Community Forum" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/search-guard/YodYRJpo8OA/unsubscribe.
To unsubscribe from this group and all its topics, send an email to search-guard+unsubscribe@googlegroups.com.

To post to this group, send email to search...@googlegroups.com.

To view this discussion on the web visit https://groups.google.com/d/msgid/search-guard/540A6393-42EA-4C2D-829F-B851704D4184%40search-guard.com.

[SG]

The screenshot looks good, so what's the issue?
Can you send another screenshot with the response for "http://localhost:9200/_searchguard/authinfo"

Please also provide your sg_config.yml

> > To unsubscribe from this group and stop receiving emails from it, send an email to search-guard...@googlegroups.com.

> > To post to this group, send email to search...@googlegroups.com.
> > To view this discussion on the web visit https://groups.google.com/d/msgid/search-guard/59d380da-b633-4c6c-a0a8-399b543d18b9%40googlegroups.com.
> > For more options, visit https://groups.google.com/d/optout.
> > <sg_config.yml>
>
> --
> You received this message because you are subscribed to a topic in the Google Groups "Search Guard Community Forum" group.
> To unsubscribe from this topic, visit https://groups.google.com/d/topic/search-guard/YodYRJpo8OA/unsubscribe.

> To unsubscribe from this group and all its topics, send an email to search-guard...@googlegroups.com.

> To post to this group, send email to search...@googlegroups.com.
> To view this discussion on the web visit https://groups.google.com/d/msgid/search-guard/540A6393-42EA-4C2D-829F-B851704D4184%40search-guard.com.
> For more options, visit https://groups.google.com/d/optout.
>
>

> --
> You received this message because you are subscribed to the Google Groups "Search Guard Community Forum" group.

> To unsubscribe from this group and stop receiving emails from it, send an email to search-guard...@googlegroups.com.

> To post to this group, send email to search...@googlegroups.com.

> To view this discussion on the web visit https://groups.google.com/d/msgid/search-guard/CAF616gY5A4nieaL-j0hU0TVr%2BnrKVN5wpewCC8F%3DRRUimrX%3DhQ%40mail.gmail.com.

> For more options, visit https://groups.google.com/d/optout.

> <Capture.PNG>

[Samreen Farooq]

> > To unsubscribe from this group and stop receiving emails from it, send an email to search-guard+unsubscribe@googlegroups.com.

> > To post to this group, send email to search...@googlegroups.com.
> > To view this discussion on the web visit https://groups.google.com/d/msgid/search-guard/59d380da-b633-4c6c-a0a8-399b543d18b9%40googlegroups.com.
> > For more options, visit https://groups.google.com/d/optout.
> > <sg_config.yml>
>
> --
> You received this message because you are subscribed to a topic in the Google Groups "Search Guard Community Forum" group.
> To unsubscribe from this topic, visit https://groups.google.com/d/topic/search-guard/YodYRJpo8OA/unsubscribe.

> To unsubscribe from this group and all its topics, send an email to search-guard+unsubscribe@googlegroups.com.

> To post to this group, send email to search...@googlegroups.com.
> To view this discussion on the web visit https://groups.google.com/d/msgid/search-guard/540A6393-42EA-4C2D-829F-B851704D4184%40search-guard.com.
> For more options, visit https://groups.google.com/d/optout.
>
>
> --
> You received this message because you are subscribed to the Google Groups "Search Guard Community Forum" group.

> To unsubscribe from this group and stop receiving emails from it, send an email to search-guard+unsubscribe@googlegroups.com.

> To post to this group, send email to search...@googlegroups.com.

> To view this discussion on the web visit https://groups.google.com/d/msgid/search-guard/CAF616gY5A4nieaL-j0hU0TVr%2BnrKVN5wpewCC8F%3DRRUimrX%3DhQ%40mail.gmail.com.
> For more options, visit https://groups.google.com/d/optout.
> <Capture.PNG>

--
You received this message because you are subscribed to a topic in the Google Groups "Search Guard Community Forum" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/search-guard/YodYRJpo8OA/unsubscribe.

To unsubscribe from this group and all its topics, send an email to search-guard+unsubscribe@googlegroups.com.

To post to this group, send email to search...@googlegroups.com.

To view this discussion on the web visit https://groups.google.com/d/msgid/search-guard/59A69976-28C8-4CA9-B402-3A06DA638517%40search-guard.com.

[Samreen Farooq]

can you tell me how the backend roles affect in below config settings:

sg_samreen_custom:

  users:

    - ProductionSupport

  backendroles:

    - management

    - operations

    - 'cn=ldaprole,ou=groups,dc=example,dc=com'

[SG]

see http://docs.search-guard.com/latest/mapping-users-roles#map-users-backend-roles-and-hosts-to-search-guard-roles

> > > To unsubscribe from this group and stop receiving emails from it, send an email to search-guard...@googlegroups.com.

> > > To post to this group, send email to search...@googlegroups.com.
> > > To view this discussion on the web visit https://groups.google.com/d/msgid/search-guard/59d380da-b633-4c6c-a0a8-399b543d18b9%40googlegroups.com.
> > > For more options, visit https://groups.google.com/d/optout.
> > > <sg_config.yml>
> >
> > --
> > You received this message because you are subscribed to a topic in the Google Groups "Search Guard Community Forum" group.
> > To unsubscribe from this topic, visit https://groups.google.com/d/topic/search-guard/YodYRJpo8OA/unsubscribe.

> > To unsubscribe from this group and all its topics, send an email to search-guard...@googlegroups.com.

> > To post to this group, send email to search...@googlegroups.com.
> > To view this discussion on the web visit https://groups.google.com/d/msgid/search-guard/540A6393-42EA-4C2D-829F-B851704D4184%40search-guard.com.
> > For more options, visit https://groups.google.com/d/optout.
> >
> >
> > --
> > You received this message because you are subscribed to the Google Groups "Search Guard Community Forum" group.

> > To unsubscribe from this group and stop receiving emails from it, send an email to search-guard...@googlegroups.com.

> > To post to this group, send email to search...@googlegroups.com.
> > To view this discussion on the web visit https://groups.google.com/d/msgid/search-guard/CAF616gY5A4nieaL-j0hU0TVr%2BnrKVN5wpewCC8F%3DRRUimrX%3DhQ%40mail.gmail.com.
> > For more options, visit https://groups.google.com/d/optout.
> > <Capture.PNG>
>
> --
> You received this message because you are subscribed to a topic in the Google Groups "Search Guard Community Forum" group.
> To unsubscribe from this topic, visit https://groups.google.com/d/topic/search-guard/YodYRJpo8OA/unsubscribe.

> To unsubscribe from this group and all its topics, send an email to search-guard...@googlegroups.com.

> To post to this group, send email to search...@googlegroups.com.
> To view this discussion on the web visit https://groups.google.com/d/msgid/search-guard/59A69976-28C8-4CA9-B402-3A06DA638517%40search-guard.com.
> For more options, visit https://groups.google.com/d/optout.
>
>
>

> --
> You received this message because you are subscribed to the Google Groups "Search Guard Community Forum" group.

> To unsubscribe from this group and stop receiving emails from it, send an email to search-guard...@googlegroups.com.

> To post to this group, send email to search...@googlegroups.com.

> To view this discussion on the web visit https://groups.google.com/d/msgid/search-guard/CAF616gY1o_C_Vf73zAeJZGSsQxkjc6wYAgUj6wr%3D7LeF6rosbQ%40mail.gmail.com.