Can Kibana read the authoriztion header through Nginx?
35 views
Skip to first unread message
Worapoj Chokeanankun
Mar 1, 2019, 4:58:21 AM3/1/19
to search...@googlegroups.com
Hi,
I'm testing Nginx, Kibana and Elasticsearch. Elasticsearch and Kibana install Search-Guard plugin.
I already configure the new user to login the Kibana through Kibana GUI. The user can log-in.
I'm using Nginx to check the authentication of my company authentication application.
If the user login successfully, I will add the authorization header to the HTTP header and re-direct to Kibana.
Kibana will not prompt to the login page again with the authorization header set. That is what I think.
I tried to curl Kibana URL, it returns the HTML page with Search Guard login.
What am I missing here? It seems Kibana with Search Guard does not look at the Authorization header.
I found this document, https://docs.search-guard.com/latest/kibana-authentication-http-basic#session-management.
Is there a way to set the active session by API or script to pass through the login page?
* Search Guard and Elasticsearch version
6.6.1 and 6.6.1
* Installed and used enterprise modules, if any
No
* JVM version and operating system version
1.8
* Search Guard configuration files
Demo certificate
* Elasticsearch log messages on debug level
n/a
* Other installed Elasticsearch or Kibana plugins, if any
n/a
SG
Mar 4, 2019, 6:46:52 PM3/4/19
to search...@googlegroups.com
Please attach your sg_config.yml, kibana.yml and elasticsearch.yml (as files)
> Am 01.03.2019 um 01:58 schrieb Worapoj Chokeanankun <wora...@gmail.com>:
>
> Hi,
>
> I'm testing Nginx, Kibana and Elasticsearch. Elasticsearch and Kibana install Search-Guard plugin.
> I already configure the new user to login the Kibana through Kibana GUI. The user can log-in.
>
> I'm using Nginx to check the authentication of my company authentication application.
> If the user login successfully, I will add the authorization header to the HTTP header and re-direct to Kibana.
>
> You received this message because you are subscribed to the Google Groups "Search Guard Community Forum" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to search-guard...@googlegroups.com.
> To post to this group, send email to search...@googlegroups.com.
> To view this discussion on the web visit https://groups.google.com/d/msgid/search-guard/44abedcc-6254-4857-a359-0faa36c3a8b5%40googlegroups.com.
> For more options, visit https://groups.google.com/d/optout.
> Am 01.03.2019 um 01:58 schrieb Worapoj Chokeanankun <wora...@gmail.com>:
>
> Hi,
>
> I'm testing Nginx, Kibana and Elasticsearch. Elasticsearch and Kibana install Search-Guard plugin.
> I already configure the new user to login the Kibana through Kibana GUI. The user can log-in.
>
> I'm using Nginx to check the authentication of my company authentication application.
> If the user login successfully, I will add the authorization header to the HTTP header and re-direct to Kibana.
>
> I tried to curl Kibana URL, it returns the HTML page with Search Guard login.
> curl -u <username>:<password> http://10.0.0.1:5601/kibana
>
> What am I missing here? It seems Kibana with Search Guard does not look at the Authorization header.
>
> curl -u <username>:<password> http://10.0.0.1:5601/kibana
>
> What am I missing here? It seems Kibana with Search Guard does not look at the Authorization header.
>
> When asking questions, please provide the following information:
>
> * Search Guard and Elasticsearch version
> 6.6.1 and 6.6.1
> * Installed and used enterprise modules, if any
> No
> * JVM version and operating system version
> 1.8
> * Search Guard configuration files
> Demo certificate
> * Elasticsearch log messages on debug level
> n/a
> * Other installed Elasticsearch or Kibana plugins, if any
> n/a
>
>
>
> --
>
> * Search Guard and Elasticsearch version
> 6.6.1 and 6.6.1
> * Installed and used enterprise modules, if any
> No
> * JVM version and operating system version
> 1.8
> * Search Guard configuration files
> Demo certificate
> * Elasticsearch log messages on debug level
> n/a
> * Other installed Elasticsearch or Kibana plugins, if any
> n/a
>
>
>
> You received this message because you are subscribed to the Google Groups "Search Guard Community Forum" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to search-guard...@googlegroups.com.
> To post to this group, send email to search...@googlegroups.com.
> To view this discussion on the web visit https://groups.google.com/d/msgid/search-guard/44abedcc-6254-4857-a359-0faa36c3a8b5%40googlegroups.com.
> For more options, visit https://groups.google.com/d/optout.
SG
Mar 5, 2019, 3:41:40 PM3/5/19
to search...@googlegroups.com
You need to configure proxy based authentication like described here
https://docs.search-guard.com/latest/proxy-authentication
> To view this discussion on the web visit https://groups.google.com/d/msgid/search-guard/b115e7a5-e218-4e4b-9deb-206764e0e99f%40googlegroups.com.
https://docs.search-guard.com/latest/proxy-authentication
> For more options, visit https://groups.google.com/d/optout.
> <kibana.yml><sg_roles.yml><elasticsearch.yml><sg_action_groups.yml><sg_config.yml><sg_internal_users.yml><sg_roles_mapping.yml>
Worapoj Chokeanankun
Mar 12, 2019, 8:35:49 AM3/12/19
to Search Guard Community Forum
It works! Thanks
Reply all
Reply to author
Forward
0 new messages