sg_config.yml anonymous user

[djtecha]

With the latest release 2.3.3 BETA 3 how does one go about allow anonymous users? I tried changing anonymous_auth_enabled: false to true but I still get:

[2016-05-31 14:54:13,115][DEBUG][com.floragunn.searchguard.http.XFFResolver] xff resolve /10.0.11.193:53199

[2016-05-31 14:54:13,115][DEBUG][com.floragunn.searchguard.http.XFFResolver] no xff done true,false,class org.elasticsearch.http.netty.NettyHttpRequest,{}

[2016-05-31 14:54:13,115][DEBUG][com.floragunn.searchguard.auth.BackendRegistry] Try to extract auth creds from http {} basic

[2016-05-31 14:54:13,120][INFO ][com.floragunn.searchguard.auth.BackendRegistry] java.lang.IllegalArgumentException: password must not be null or empty extracting credentials from basic

[2016-05-31 14:54:13,120][DEBUG][com.floragunn.searchguard.auth.BackendRegistry] Authentication finally failed

Are there any examples on how to get something like the following working?

sg_roles_mapping.yml

sg_public:

  users:

    - '*'

[SG]

can you send your sg_config.yml?

Something like that should work with beta3

searchguard:
dynamic:
http:
anonymous_auth_enabled: true
xff:
enabled: false
internalProxies: 192\.168\.0\.10|192\.168\.0\.11
remoteIpHeader: "x-forwarded-for"
proxiesHeader: "x-forwarded-by"
trustedProxies: "proxy1|proxy2"
authc:
authentication_domain_basic_internal:
enabled: true
order: 0
http_authenticator:
type: basic
authentication_backend:
type: intern

> --
> You received this message because you are subscribed to the Google Groups "Search Guard" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to search-guard...@googlegroups.com.
> To post to this group, send email to search...@googlegroups.com.
> To view this discussion on the web visit https://groups.google.com/d/msgid/search-guard/ac1a7020-5ed3-473c-a686-969c67101851%40googlegroups.com.
> For more options, visit https://groups.google.com/d/optout.

[Daniel Kasen]

I I tried with that exact sg_config.yml and get the same error when I try to use an undefined username. Before something like:

sg_public:

  users:

    - '*'

would let me do this after checking that the username wasn't defined.

To view this discussion on the web visit https://groups.google.com/d/msgid/search-guard/945A49BF-9674-4903-A45F-675845335FBF%40search-guard.com.

[SG]

sorry, but cannot reproduce this

> To view this discussion on the web visit https://groups.google.com/d/msgid/search-guard/CAArf3714O16SQUZ3vJ_2THwc-tf0yStreVj-kiNdLgks2B-rKg%40mail.gmail.com.

[djtecha]

Ok, so I got this working with RC1 using the proxy method. I'm almost there but am a little confused on how you would set up users to have access through kibana. I have nginx passing the correct username and see it being matched via "[2016-06-10 14:51:49,997][DEBUG][com.floragunn.searchguard.configuration.PrivilegesEvaluator] evaluate permissions for User [name=testuser, roles=[]]" But when I then try to restrict sg_public at all kibana barfs on me about not having admin index stuff. I tried just adding the '*' as a user to the kibana4 group which lets me see everything again but with no restrictions by index or type. Is there an example of an anonymous user being set up in the sg_roles.yml that anyone could help me with?

[SG]

Is this issue still valid?

> To view this discussion on the web visit https://groups.google.com/d/msgid/search-guard/7038b51f-5a48-4e40-a34e-5401c8c659a4%40googlegroups.com.