Authentication popup is not coming in kibana and ElasticSearch

[prasanna....@gmail.com]

HI All,

I have configured search-guard with my elasticsearch, I am facing few issues after configuration.

Issue1:

Tried accessing localhost:9200 url, it was coming up with data and indices with out asking authentication details.

Tried accessing ipaddress:9200 url, it was asking authentication after entering the details it was giving exception as below

{
  "error" : "RuntimeException[java.lang.RuntimeException: Attempt from null to _all indices for indices:data/read/search and User [name=admin, roles=[admin]]]; nested: RuntimeException[Attempt from null to _all indices for indices:data/read/search and User [name=admin, roles=[admin]]]; ",
  "status" : 500
}

Issue2:

Configured kibana with localhost:9200, kibana is able to start but no where authentication details asked.

Configured kibana with ipaddress:9200, kibana was not able to star to only. Request Time Out Exception is coming.

I am sharing the configuration of elasticsearch.yml also

ElasticSearch.yml:

searchguard.enabled: true
searchguard.check_for_root: false
searchguard.key_path: C:/Test/searchguard_node.key
searchguard.config_index_name: searchguard
searchguard.http.enable_sessions: false

searchguard.allow_all_from_loopback: true

searchguard.authentication.authentication_backend.impl: com.floragunn.searchguard.authentication.backend.simple.SettingsBasedAuthenticationBackend
searchguard.authentication.authentication_backend.cache.enable: true

searchguard.authentication.authorizer.impl: com.floragunn.searchguard.authorization.simple.SettingsBasedAuthorizator
searchguard.authentication.authorizer.cache.enable: true

searchguard.authentication.http_authenticator.impl: com.floragunn.searchguard.authentication.http.basic.HTTPBasicAuthenticator

searchguard.authentication.settingsdb.user.admin: password
searchguard.authentication.settingsdb.user.manager: password

searchguard.authentication.authorization.settingsdb.roles.admin: ["admin"]
searchguard.authentication.authorization.settingsdb.roles.manager: ["manager"]

searchguard.flsfilter.names: ["manager"]
searchguard.flsfilter.marketig.source_excludes: ["username","email"]

searchguard.actionrequestfilter.names: ["readonly"]
searchguard.actionrequestfilter.readonly.allowed_actions: ["indices:data/read/*", "*monitor*"]
searchguard.actionrequestfilter.readonly.forbidden_actions: ["cluster:admin*", "indices:admin*", "indices:data/write*"]

Please do the needful.

Thanks,

Lakshmi.

[SG]

can you pls also share the acl configuration?

localhost:9200 works because you have configured "searchguard.allow_all_from_loopback: true"
ipaddress:9200 throws an error because it seems that the authenticated user does not have the permission to access ALL (_all) indices

> --
> You received this message because you are subscribed to the Google Groups "Search Guard" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to search-guard...@googlegroups.com.
> To post to this group, send email to search...@googlegroups.com.
> To view this discussion on the web visit https://groups.google.com/d/msgid/search-guard/a300f3a7-e7c1-46d6-930b-6e4bf8f5d626%40googlegroups.com.
> For more options, visit https://groups.google.com/d/optout.

[prasanna....@gmail.com]

Here is my acl configuration.

{
    "_index": "searchguard",
    "_type": "ac",
    "_id": "ac",
    "_version": 1,
    "found": true,
    "_source":
    {
        "acl":
        [
            {
                "__Comment__": "Default is to execute all filters",
                "filters_bypass":
                [
                ],
                "filters_execute":
                [
                    "*"
                ]
            },
            {
                "__Comment__": "Any authenticated user do anything on the 'public' index - no filter will be executed",
                "indices":
                [
                    "logstash-2015.06.02"
                ],
                "filters_bypass":
                [
                    "*"
                ],
                "filters_execute":
                [
                ]
            },
            {
                "__Comment__": "This means any user with the role starfleet or command can do anything with the starfleetinfos index",
                "roles":
                [
                    "manager",
                    "command"
                ],
                "indices":
                [
                    "logstash-2014.12.04"
                ],
                "filters_bypass":
                [
                    "*"
                ],
                "filters_execute":
                [
                ]
            },
            {
                "__Comment__": "This means that every requestor (regardless of the requestors hostname and username) which has the root role can do anything",
                "roles":
                [
                    "admin"
                ],
                "filters_bypass":
                [
                    "*"
                ],
                "filters_execute":
                [
                ]
            }
        ]
    }
}

I tried to login with credentails, Username:admin and Password:password. Which is of admin role. and Here is the acl configuration for admin.

Thanks a lot.
Lakshmi.

[SG]

localhost:9200 works because you have configured "searchguard.allow_all_from_loopback: true"
ipaddress:9200 throws an error because it seems that the authenticated user does not have the permission to access ALL (_all) indices

Does this answer your question?

> To view this discussion on the web visit https://groups.google.com/d/msgid/search-guard/d0296bf2-bf49-40d2-baae-6708457f1711%40googlegroups.com.

[prasanna....@gmail.com]

Issue1 is fixed with your sugession.

Issue2 is not resolved yet. Please suggest me.

Thanks,

Lakshmi.

[SG]

pls add a github issue for the unresolved one.

> To view this discussion on the web visit https://groups.google.com/d/msgid/search-guard/d1c9f2da-1cf3-4ca8-b740-873b8f6c0014%40googlegroups.com.