Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Unable to speak with Kibana when security is enabled #119288

Closed
Raboo opened this issue Nov 22, 2021 · 6 comments
Closed

Unable to speak with Kibana when security is enabled #119288

Raboo opened this issue Nov 22, 2021 · 6 comments
Labels
needs-team Issues missing a team label

Comments

@Raboo
Copy link

Raboo commented Nov 22, 2021

Kibana version

7.13.4

APM Server version (if applicable)

7.13.4

Elasticsearch version (if applicable)

7.13.4

Steps to Reproduce

I have a cluster with security enabled, but not API.

elasticsearch.yml

xpack.security.enabled: true
xpack.security.transport.ssl.enabled: true
xpack.security.transport.ssl.client_authentication: optional

And apm-server kibana config enabled.

apm-server.yml

  kibana:
    # For APM Agent configuration in Kibana, enabled must be true.
    enabled: true

With or without basic auth I am unable to authenticate to the kibana /api/status endpoint.

The logs are spammed with these messages

Nov 22 11:02:56 es05 apm-server[22405]: {"log.level":"error","@timestamp":"2021-11-22T11:02:56.984+0100","log.logger":"kibana","log.origin":{"file.name":"kibana/connecting_client.go","file.line":79},"message":"failed to obtain connection to Kibana: fail to get the Kibana version: HTTP GET request to http://localhost:80/api/status fails: <nil>. Response: {\"statusCode\":401,\"error\":\"Unauthorized\",\"message\":\"Unauthorized\"}.","ecs.version":"1.6.0"}

So I've tried with curl using basic auth using internal users apm_system, kibana_system, logstash_system, beats_system, elastic. None of the users can speak to /api/status.

Expected Behavior

Able to authenticate with system users like elastic or apm_system.

Actual Behavior

HTTP/1.1 401 Unauthorized
@Raboo Raboo added the Team:APM All issues that need APM UI Team support label Nov 22, 2021
@elasticmachine
Copy link
Contributor

Pinging @elastic/apm-ui (Team:apm)

@dannycroft dannycroft changed the title [APM] unable to speak with Kibana when security is enabled Unable to speak with Kibana when security is enabled Nov 22, 2021
@dannycroft dannycroft added [zube]: Inbox and removed Team:APM All issues that need APM UI Team support labels Nov 22, 2021
@botelastic botelastic bot added the needs-team Issues missing a team label label Nov 22, 2021
@nickpeihl
Copy link
Member

Thanks very much for your interest in Kibana.

This appears to be a user question, and we'd like to direct these kinds of things to the Kibana forum. If you can post your question there, we'd appreciate it. This allows us to use GitHub for verified bug reports, feature requests, and pull requests.

There's an active community in the forum that should be able to help get an answer to your question. As such, I hope you don't mind that I close this.

@Raboo
Copy link
Author

Raboo commented Dec 9, 2021

How is this a user question? From my point of view it's a bug.

The /api/status endpoint denies requests when authentication is enabled period, even if you authenticate with a valid user.
So when authentication is enabled and no one can use to /api/status, is that not a bug? or are you just saying I am doing something wrong?

@Raboo
Copy link
Author

Raboo commented Dec 10, 2021

@nickpeihl ^^
At least tell me that I am wrong. Then I know this is a config error and I need to use the forums.

@kaykhancheckpoint
Copy link

@Raboo did you ever figure this out?

@Raboo
Copy link
Author

Raboo commented May 10, 2022

No.
The best solution is to change to a competing vendor.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
needs-team Issues missing a team label
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
5 participants
@dannycroft @Raboo @nickpeihl @elasticmachine @kaykhancheckpoint