kibana-own-home icon indicating copy to clipboard operation
kibana-own-home copied to clipboard

Published 20 hours ago verified publisher icon wtakase

Own-Home User Is Not Recognized Unless Default Route Is Set to /app/own_home

Open dbroeh opened this issue 7 years ago • 1 comments

Greetings, I am trying out a similar setup as described in issue #44 (Integration of docker-elk alike setup using Elastic Stack version 5.3.0, Search Guard, and Own Home). In my current configuration, I am facing a somehow similar behaviour as described in this comment. The difference is that if the server.defaultRoute is set to /app/own_home the user is logged in and accesses the .kibana_<username> index that own home provides. However, if the server.defaultRoute is not set to /app/own_home the user cannot access the .kibana_<username> index and is using the undefined .kibana index.

Thus, my question is: Is it only possible to use Own Home in combination with Search Guard if the server.defaultRoute is set to /app/own_home?

I have attached a selection of configuration files. If you have any suggestions regarding these files or if you need to have more configuration parameters from other files, please let me know. Any help is very much appreciated. Thank you.

kibana.yml

# Disable X-Pack
xpack.security.enabled: false
xpack.monitoring.enabled: false
xpack.graph.enabled: false
xpack.reporting.enabled: false

# Kibana 
server.port: 5601
server.host: "0.0.0.0"

# Search Guard                                                                                                                                                                   
elasticsearch.requestHeadersWhitelist: [ cookie, authorization ]
elasticsearch.username: "kibanaserver"
elasticsearch.password: "kibanaserver"
elasticsearch.ssl.verificationMode: none

# Own Home
elasticsearch.url: http://kibana:19200
own_home.get_username_from_session.enabled: true
own_home.get_username_from_session.key: username
own_home.session.isSecure: false
own_home.elasticsearch.url: http://elasticsearch:9200
own_home.session.secretkey: "123567818187654rwrwfsfshdhdhtegdhfzftdhncn"
own_home.local.groups: []
searchguard.cookie.secure: false
searchguard.cookie.password: "123567818187654rwrwfsfshdhdhtegdhfzftdhncn"

server.defaultRoute: /app/kibana\#/dashboard

sg_config.yml

searchguard:
  dynamic:
    http:
      xff:
        enabled: false
    authc:
      basic_internal_auth_domain:
        http_authenticator:
          type: basic
        authentication_backend:
          type: intern

sg_roles_mapping.yml

sg_logstash:
  users:
    - logstash

sg_kibana_server:
  users:
    - kibanaserver

sg_all_access:
  users:
    - admin

sg_own_index:
  users:
    - testuser

sg_roles.yml

sg_all_access:
  cluster:
    - '*'
  indices:
    '*':
      '*':
        - '*'

sg_own_index:
  cluster:
    - CLUSTER_COMPOSITE_OPS
  indices:
    '?kibana_${user_name}':
      '*':
        - ALL
    'data-*':
      '*':
        - READ

sg_kibana_server:
  cluster:
    - CLUSTER_MONITOR
    - CLUSTER_COMPOSITE_OPS
  indices:
    '?kibana*':
      '*':
        - ALL

sg_logstash:
  cluster:
    - indices:admin/template/get
    - indices:admin/template/put
    - CLUSTER_MONITOR
    - CLUSTER_COMPOSITE_OPS
  indices:
    'logstash-*':
      '*':
        - CRUD
        - CREATE_INDEX

dbroeh avatar Jun 25 '17 19:06 dbroeh

Thus, my question is: Is it only possible to use Own Home in combination with Search Guard if the server.defaultRoute is set to /app/own_home?

Yes, you need to set to /app/own_home.

wtakase avatar Jun 26 '17 00:06 wtakase