elasticsearch 开放发行版Elasticsearch-通过JWT向Kibana进行身份验证,elasticsearch,jwt,kibana,elasticsearch-opendistro,elasticsearch,Jwt,Kibana,Elasticsearch Opendistro" /> elasticsearch 开放发行版Elasticsearch-通过JWT向Kibana进行身份验证,elasticsearch,jwt,kibana,elasticsearch-opendistro,elasticsearch,Jwt,Kibana,Elasticsearch Opendistro" />
Fatal编程技术网
  • elasticsearch/
  • elasticsearch 开放发行版Elasticsearch-通过JWT向Kibana进行身份验证

elasticsearch 开放发行版Elasticsearch-通过JWT向Kibana进行身份验证

jwt kibana

elasticsearch 开放发行版Elasticsearch-通过JWT向Kibana进行身份验证,elasticsearch,jwt,kibana,elasticsearch-opendistro,elasticsearch,Jwt,Kibana,Elasticsearch Opendistro,我可以使用basic auth(使用内部用户数据库)运行open发行版,现在我需要使用JWT令牌对Kibana仪表板进行身份验证 Elasticsearch配置: basic_internal_auth_domain: http_enabled: false transport_enabled: true order: 4 http_authenticator: type: basic

我可以使用basic auth(使用内部用户数据库)运行open发行版,现在我需要使用JWT令牌对Kibana仪表板进行身份验证

Elasticsearch配置:

     basic_internal_auth_domain:
        http_enabled: false
        transport_enabled: true
        order: 4
        http_authenticator:
          type: basic
          challenge: true
        authentication_backend:
          type: intern
      proxy_auth_domain:
        http_enabled: false
        transport_enabled: false
        order: 3
        http_authenticator:
          type: proxy
          challenge: false
          config:
            user_header: "x-proxy-user"
            roles_header: "x-proxy-roles"
        authentication_backend:
          type: noop
      jwt_auth_domain:
        enabled: true
        http_enabled: true
        transport_enabled: true
        order: 0
        http_authenticator:
          type: jwt
          challenge: false
          config:
            signing_key: "EdzdXd5weiuSVFyddfjhjhfjjchJGRrZmpkayZPUA=="
            jwt_header: "Authorization"
            jwt_url_parameter: "token"
            roles_key: "roles"
            subject_key: "sub"
        authentication_backend:
          type: noop
Kibana配置:

server.name: kibana
server.port: 5601
server.host: "127.0.0.1"

elasticsearch.url: https://127.0.0.1:9200
elasticsearch.ssl.verificationMode: none
elasticsearch.username: kibanaserver
elasticsearch.password: kibanaserver
elasticsearch.requestHeadersWhitelist: ["securitytenant","Authorization"]

opendistro_security.auth.type: "jwt"
opendistro_security.jwt.url_param: token

opendistro_security.multitenancy.enabled: true
opendistro_security.multitenancy.tenants.preferred: ["Private", "Global"]
opendistro_security.readonly_mode.roles: ["kibana_read_only"]
在此之后,当我打开时,验证失败,elasticsearch日志显示此消息-

[c.a.o.s.h.HTTPBasicAuthenticator][node-1]无“基本授权” 标头、发送401和“WWW-Authenticate-Basic”

我已经完全遵循了文档,但是现在互联网上几乎没有什么资料,我想大多数人都还处于POC阶段。有什么建议吗?

正在寻找答案的人-我的JWT令牌错误,请确保您根据服务器计时而不是本地时间配置“iat”、“nbf”和“exp”。

正在寻找答案的人-我的JWT令牌错误,请确保您配置“iat”、“nbf”和“exp”根据您的服务器计时,而不是您的本地时间。

@gauravmakwana问题在于工作配置片段,问题在于jwt错误config@gauravmakwana问题是配置代码段工作正常,问题是jwt配置错误