profile
viewpoint

Ask questionsLogin redirect loop when trying to access Kibana

Reposting from here as the discord doesn't seem to be monitored by the development team.

When I try to dial into Kibana running on k8s (EKS) over an SSH tunnel (via kubectl port-forward services/kibana 5601:5601), I seem to hit some strange issue where I am repeatedly directed back to http://localhost:5601/login?nextUrl=%2F after trying to log in using my admin account (configured via internal-users.yml). No error is displayed in the front-end.

Checking the browser debug console reveals that I hit a 401 Unauthorized status when it tries to fetch /api/v1/restapiinfo, despite the fact that I have set up my kibana.yml with a suitable username and password -

elasticsearch:
  hosts:
  - http://es-http-service:9200
  password: ****
  username: ***
  ssl:
    verificationMode: none
  requestHeadersWhitelist: ["Authorization", "security_tenant"]

When I try to hit this REST endpoint using curl from within the Kibana instance, I get a similar result suggesting that my user is not authorised on the api endpoint.

curl -u kibanaserver:*** localhost:5601/api/v1/restapiinfo

{"user":"User [name=kibanaserver, backend_roles=[], requestedTenant=null]","user_name":"kibanaserver","has_api_access":false,"disabled_endpoints":{"CACHE":["GET","POST","PUT","DELETE","OPTIONS","HEAD","PATCH","TRACE","CONNECT"],"PERMISSIONSINFO":["GET","POST","PUT","DELETE","OPTIONS","HEAD","PATCH","TRACE","CONNECT"],"ACCOUNT":["GET","POST","PUT","DELETE","OPTIONS","HEAD","PATCH","TRACE","CONNECT"],"ACTIONGROUPS":["GET","POST","PUT","DELETE","OPTIONS","HEAD","PATCH","TRACE","CONNECT"],"CONFIG":["GET","POST","PUT","DELETE","OPTIONS","HEAD","PATCH","TRACE","CONNECT"],"SYSTEMINFO":["GET","POST","PUT","DELETE","OPTIONS","HEAD","PATCH","TRACE","CONNECT"],"INTERNALUSERS":["GET","POST","PUT","DELETE","OPTIONS","HEAD","PATCH","TRACE","CONNECT"],"ROLESMAPPING":["GET","POST","PUT","DELETE","OPTIONS","HEAD","PATCH","TRACE","CONNECT"],"AUTHTOKEN":["GET","POST","PUT","DELETE","OPTIONS","HEAD","PATCH","TRACE","CONNECT"],"TENANTS":["GET","POST","PUT","DELETE","OPTIONS","HEAD","PATCH","TRACE","CONNECT"],"ROLES":["G(arg: 2) ","PUT","DELETE","OPTIONS","HEAD","PATCH","TRACE","CONNECT"]}}

Has anyone experienced similar issues trying to run the Open Distro Kibana image on Kubernetes?

opendistro-for-elasticsearch/community

Answer questions alyberty

For any future reference, the opendistro_security.cookie.secure option sets the secure flag on the cookies. If you access your kibana instance over http (not https), these cookies are not sent over the unsecured connection. In general the secure option prevents cookies from being sent over an unsecured connection.

useful!
source:https://uonfu.com/
Github User Rank List