Kibana use "kibana" user instead "kibana_system"
I installed Elastic + Kibana, both 8.15 version. When i trying to login as "elastic" user, im not able to do any in UI Kibana.
Elastic logs shows this:
[INFO ][o.e.x.s.a.RealmsAuthenticator] [elasticsearch-01] Authentication of [kibana] was terminated by realm [reserved] - failed to authenticate user [kibana]
[INFO ][o.e.x.s.a.RealmsAuthenticator] [elasticsearch-01] Authentication of [kibana] was terminated by realm [reserved] - failed to authenticate user [kibana]
[INFO ][o.e.x.s.a.RealmsAuthenticator] [elasticsearch-01] Authentication of [kibana] was terminated by realm [reserved] - failed to authenticate user [kibana]
1 time when open UI, and 2 times when login as elastic.
That show me kibana logs:
{"service":{"node":{"roles":["background_tasks","ui"]}},"ecs":{"version":"8.11.0"},"@timestamp":"2024-09-06T19:33:45.418+03:00","message":"Authentication attempt failed: {\"error\":{\"root_cause\":[{\"type\":\"security_exception\",\"reason\":\"unable to authenticate user [kibana] for REST request [/_security/_authenticate]\",\"header\":{\"WWW-Authenticate\":[\"Basic realm=\\\"security\\\", charset=\\\"UTF-8\\\"\",\"Bearer realm=\\\"security\\\"\",\"ApiKey\"]}}],\"type\":\"security_exception\",\"reason\":\"unable to authenticate user [kibana] for REST request [/_security/_authenticate]\",\"header\":{\"WWW-Authenticate\":[\"Basic realm=\\\"security\\\", charset=\\\"UTF-8\\\"\",\"Bearer realm=\\\"security\\\"\",\"ApiKey\"]}},\"status\":401}","log":{"level":"ERROR","logger":"plugins.security.authentication"},"process":{"pid":13961,"uptime":97.666693813},"trace":{"id":"cdc268f732c41d11315652b5882ac158"},"transaction":{"id":"bba4ea098195a6fe"}}
Elsatic have status: Green.
my elastic config:
cluster.name: test-elastic
node.name: elasticsearch-01
network.host: 0.0.0.0
discovery.seed_hosts: [10.10.5.25, 10.10.5.26, 10.10.5.27]
http.port: 9200
cluster.initial_master_nodes: ["10.10.5.25"]
path.data: "/data/elasticsearch"
path.logs: "/var/log/elasticsearch"
xpack.security.enabled: true
xpack.security.http.ssl:
enabled: true
keystore.path: certs/http.p12
xpack.security.transport.ssl:
enabled: true
verification_mode: certificate
client_authentication: required
keystore.path: certs/elastic-certificates.p12
my kibana config:
server.port: 5601
server.host: "0.0.0.0"
server.name: "kibana-01"
#xpack.security.enabled: false
elasticsearch.hosts: ["https://10.10.5.25:9200", "https://10.10.5.26:9200", "https://10.10.5.27:9200",]
#elasticsearch.username: "kibana_system"
#elasticsearch.password: "some_password"
elasticsearch.serviceAccountToken: "some_token"
elasticsearch.ssl.verificationMode: certificate
elasticsearch.ssl.certificateAuthorities: [ "/etc/kibana/elasticsearch-ca.pem" ]
server.ssl.enabled: true
server.ssl.certificate: /etc/kibana/kibana-server.crt
server.ssl.key: /etc/kibana/kibana-server.key
logging:
appenders:
file:
type: file
fileName: /var/log/kibana/kibana.log
layout:
type: json
root:
appenders:
- default
- file
i was trying user/pass and token variants, both times same errors.
Solution
I can't say what exactly the problem was, but adding nodes and kibana to the cluster using tokens rather than manually editing the configuration helped me.
- Keycloak - how to allow linking accounts without registration
- What is the correct way to obtain an instance of the authenticated user if I'm using a JWT
- Spring 3/6 Migration Security Config with Custom Filter/Token/Provider - Issues Persisting Principal after successful Provider authenticate()
- JWT, is it safe to use the same key pair to sign from server-side and encrypt from client-side?
- Unable to load files using pickle and multiple modules
- Login with token authentication SWIFT
- not able to authenticate a com.trilead.ssh2.Connection
- OpenCart text at login page doesnt get changed if I change lines in language files
- How to create an authentication token using Java
- Can anyone show me how to make a proper login system for my django application?
- GCP authentication fails in GitHub actions - IaC with Terraform
- Tumblr reblog (TMTumblrSDK) return 401 error
- How to use Freebase API in a PhoneGap Build app?
- Logon trigger with both authorization and log insert
- Best practice of Hashing passwords
- Device generates special code for web authentication
- Authenticating an application server with a backend server
- Authentication failure when access storage blob from Azure Service
- How do I implement social login with GitHub accounts?
- Issue with login widget in streamlit
- Why Base64 is used in JWTs?
- Proxy authentication for Azure CLI
- Google OAuth 2 authorization - Error: redirect_uri_mismatch
- Django returns "Authentication credentials were not provided" when I attempt token authentication
- How to connect to MongoDB 3.2 in Java with username and password?
- Supabase onAuthStateChange keeps triggering (remix)
- Blazor (Interactive server) cookie authentication: user identity is lost after LocalRedirect from Razor page
- How to force logout when Knox created token has expired?
- Custom RemoteAuthenticationHandler won't sign in
- Using meta to redirect in php, but file is in another folder