We are configuring single sign-on using an OpenID Connect provider (Keycloak) in our ELK deployment and are seeing the following error in the browser when accessing the Kibana dashboard:
{
"statusCode": 403,
"error": "Forbidden",
"message": "[security_exception] current license is non-compliant for [oidc], with { license.expired.feature=\"oidc\" }"
}
I have a platinum license with Elastic, and it doesn't expire until October.
In order to use advanced security features in ECK such a OIDC and SAML integration, an Enterprise level subscription is required per Elastic's website:
https://www.elastic.co/subscriptions/enterprise
Related
Is it possible to write APM data to file and send this data to APM server via logstash or filebeat?
For security reasons, I can not reach the APM server directly on my Asp.net Core application.
This is APM configuration and I can only see the server Http address as configuration option:
"ElasticApm": {
"SecretToken": "",
"ServerUrls": "http://localhost:8200",
"ServiceName": "projectname",
"Environment": "development"
}
I am able to establish connection between elastic search kibana and jira service management(jirasm) cloud but getting ssl error for connection between elastic search kibana and jira service managment(jirasm) data center version.
Error:
Action][Jira]: Unable to get capabilities. Error: write EPROTO 140447345760192:error:1408F10B:SSL routines:ssl3_get_record:wrong version number:../deps/openssl/openssl/ssl/record/ssl3_record.c:332: . Reason: unknown: errorResponse was null
I am planning to create the incident in jirasm. Can advise any ssl configuration required.
I am trying to connect to IBM MQ running on cloud using REST API. I started with the documents link1 and also refereed link2 but looks like these document talk about on-prem instance of IBM MQ. I generated LTPA token and when i execute send message API, i get below error with 403 http error code. I understand that here the user i am using has no proper rights. I am not getting any documentation which explain how i can configure the user roles for IBM MQ running on cloud. Anyone has tried it and can shed some light ?
"explanation": "The authenticated principal is not authorized to perform the requested REST API operation.",
"message": "MQWB0103E: Not authorized to put to 'queue1'.",
As #habercode states your starting point should be the "Invoking the queue manager REST APIs" documentation For IBM MQ on Cloud - https://cloud.ibm.com/docs/mqcloud?topic=mqcloud-mqoc_qm_rest_api
As the doc states you will need a MQ username and API key to authenticate.
Get your MQ username and API key from your service instance in IBM
Cloud, then ...
base64 encode the combination, before using it with basic authentication.
Once you can authenticate, you can use the REST API documentation to configure your API calls.
Is it possible configure filebeat to communicate with an Elastic Cloud instance using token authentication?
According to the docs, if I'm using a cloud instance I should configure cloud.id and cloud.auth in filebeat.yml
cloud.id: "..."
cloud.auth: "filebeat_setup:YOUR_PASSWORD"
The docs say that cloud.auth should be a username and password from my Elastic Cloud instance. I'd like to use an api_key instead. However, when I configure an API key
output.elasticsearch:
# Authentication credentials - either API key or username/password.
api_key: "key-id:key-value"
and attempt to test my connection,
$ sudo filebeat test output
elasticsearch: https://...:443...
parse url... OK
connection...
parse host... OK
dns lookup... OK
addresses: 52.202.123.120, 18.214.74.184, 50.19.154.221
dial up... OK
TLS...
security: server's certificate chain verification is enabled
handshake... OK
TLS version: TLSv1.2
dial up... OK
talk to server... ERROR 401 Unauthorized: {"error":{"root_cause":[{"type":"security_exception","reason":"missing authentication credentials for REST request [/]","header":{"WWW-Authenticate":["Basic realm=\"security\" charset=\"UTF-8\"","Bearer realm=\"security\"","ApiKey"]}}],"type":"security_exception","reason":"missing authentication credentials for REST request [/]","header":{"WWW-Authenticate":["Basic realm=\"security\" charset=\"UTF-8\"","Bearer realm=\"security\"","ApiKey"]}},"status":401}
It appears that filebeat doesn't acknowledge my API Key
"root_cause":[
{
"type":"security_exception",
"reason":"missing authentication credentials for REST request [/]"
/* ... */
I've had success connecting to my cloud instance with the #elastic/elasticsearch javascript package using this token.
Before I continue to debug this probiem -- is it even possible to use token authentication to connection to Elasticsearch via filebeat? Or does filebeat only support username/password authentication?
The answer to this question turned out to be: Yes, you can use an api_key with filebeat, even if you're using elastic cloud.
While the error message received during my config test
missing authentication credentials for REST request
indicated the authentication was missing, the real problem was the key I had had previous success with had recently expired. I presume filebeat tried the API key, was rejected, and then fell back to trying the user credentials. When those credentials were missing, it gave the above error.
I am facing an issue while connecting filebeats with my trial version of elastic cloud.
I am getting below error
ERROR pipeline/output.go:100 Failed to CLOUD_ID): 401 Unauthorized:
{"error":{"root_cause":[{"type":"security_exception","reason":"unable to authenticate user
[USER_EMAIL] for REST request [/]","header":{"WWW-Authenticate":["Basic realm=\"security\"
charset=\"UTF-8\"","Bearer realm=\"security\"","ApiKey"]}}],"type":"security_exception","reason":
"unable to authenticate user ...
I have attached my filebeat.yml too. Please look.
I crossed check my username and password both are correct.
please help!
Here my cloud credentials don’t look right. The syntax for cloud.auth is user:password
It needs to be the cluster credentials, not the cloud account credentials. (Default username is elastic, and you’re presented a randomly generated password when the cluster is created)