Closed
Description
Request Type
Bug
Work Environment
| Question | Answer |
|---|---|
| OS version (server) | Debian stretch |
| TheHive version / git hash | 2.13.2-1 |
| Package Type | DEB |
Problem Description
When trying to connect to an ElasticSearch server with enabled authentication, it does not seem possible to configure a username/password in TheHive configuration and thus the connection to ElasticSearch fails.
Steps to Reproduce
- Set up authentication on an ElasticSearch server
- Connect TheHive to it
Complementary information
TheHive configuration extract
[...]
# ElasticSearch
search {
# Name of the index
index = the_hive
# Name of the ElasticSearch cluster
cluster = ES_CLUSTER
# Address of the ElasticSearch instance
host = ["es-server1:9300"]
# Scroll keepalive
keepalive = 1m
# Size of the page for scroll
pagesize = 50
}
[...]
Logs
When starting the application, the following traces are logged in /var/log/thehive/application.conf
2017-12-01 13:07:37,228 [INFO] from org.reflections.Reflections in main - Reflections took 131 ms to scan 5 urls, producing 104 keys and 1098 values
2017-12-01 13:07:37,267 [INFO] from module in main - Loading model class connectors.cortex.models.ReportTemplateModel
2017-12-01 13:07:37,268 [INFO] from module in main - Loading model class models.CaseTemplateModel
2017-12-01 13:07:37,268 [INFO] from module in main - Loading model class models.AuditModel
2017-12-01 13:07:37,268 [INFO] from module in main - Loading model class models.AlertModel
2017-12-01 13:07:37,268 [INFO] from module in main - Loading model class models.LogModel
2017-12-01 13:07:37,269 [INFO] from module in main - Loading model class models.UserModel
2017-12-01 13:07:37,269 [INFO] from module in main - Loading model class connectors.cortex.models.JobModel
2017-12-01 13:07:37,269 [INFO] from module in main - Loading model class models.CaseModel
2017-12-01 13:07:37,269 [INFO] from module in main - Loading model class models.TaskModel
2017-12-01 13:07:37,270 [INFO] from module in main - Loading model class org.elastic4play.services.AttachmentModel
2017-12-01 13:07:37,270 [INFO] from module in main - Loading model class org.elastic4play.services.DBListModel
2017-12-01 13:07:37,270 [INFO] from module in main - Loading model class models.ArtifactModel
2017-12-01 13:07:38,252 [INFO] from akka.event.slf4j.Slf4jLogger in application-akka.actor.default-dispatcher-4 - Slf4jLogger started
2017-12-01 13:07:38,782 [INFO] from org.elasticsearch.plugins.PluginsService in main - no modules loaded
2017-12-01 13:07:38,785 [INFO] from org.elasticsearch.plugins.PluginsService in main - loaded plugin [org.elasticsearch.index.reindex.ReindexPlugin]
2017-12-01 13:07:38,785 [INFO] from org.elasticsearch.plugins.PluginsService in main - loaded plugin [org.elasticsearch.join.ParentJoinPlugin]
2017-12-01 13:07:38,785 [INFO] from org.elasticsearch.plugins.PluginsService in main - loaded plugin [org.elasticsearch.percolator.PercolatorPlugin]
2017-12-01 13:07:38,785 [INFO] from org.elasticsearch.plugins.PluginsService in main - loaded plugin [org.elasticsearch.script.mustache.MustachePlugin]
2017-12-01 13:07:38,785 [INFO] from org.elasticsearch.plugins.PluginsService in main - loaded plugin [org.elasticsearch.transport.Netty3Plugin]
2017-12-01 13:07:38,785 [INFO] from org.elasticsearch.plugins.PluginsService in main - loaded plugin [org.elasticsearch.transport.Netty4Plugin]
2017-12-01 13:07:39,793 [INFO] from io.netty.util.internal.PlatformDependent in main - Your platform does not provide complete low-level API for accessing direct buffers reliably. Unless explicitly requested, heap buffer will always be preferred to avoid potential system instability.
2017-12-01 13:07:40,036 [INFO] from org.elasticsearch.client.transport.TransportClientNodesService in main - failed to get node info for {#transport#-1}{tFc-BgvQRO6nbHsdbJ7O8g}{es-server1}{192.168.10.2:9300}, disconnecting...
org.elasticsearch.transport.RemoteTransportException: [es-server1][192.168.10.2:9300][cluster:monitor/nodes/liveness]
Caused by: org.elasticsearch.ElasticsearchSecurityException: missing authentication token for action [cluster:monitor/nodes/liveness]
at org.elasticsearch.xpack.security.support.Exceptions.authenticationError(Exceptions.java:39)
at org.elasticsearch.xpack.security.authc.DefaultAuthenticationFailureHandler.missingToken(DefaultAuthenticationFailureHandler.java:74)
at org.elasticsearch.xpack.security.authc.AuthenticationService$AuditableTransportRequest.anonymousAccessDenied(AuthenticationService.java:553)
at org.elasticsearch.xpack.security.authc.AuthenticationService$Authenticator.lambda$handleNullToken$16(AuthenticationService.java:363)
at org.elasticsearch.xpack.security.authc.AuthenticationService$Authenticator.handleNullToken(AuthenticationService.java:368)
at org.elasticsearch.xpack.security.authc.AuthenticationService$Authenticator.consumeToken(AuthenticationService.java:295)
at org.elasticsearch.xpack.security.authc.AuthenticationService$Authenticator.lambda$extractToken$7(AuthenticationService.java:267)
at org.elasticsearch.xpack.security.authc.AuthenticationService$Authenticator.extractToken(AuthenticationService.java:284)
at org.elasticsearch.xpack.security.authc.AuthenticationService$Authenticator.lambda$null$0(AuthenticationService.java:218)
at org.elasticsearch.action.ActionListener$1.onResponse(ActionListener.java:59)
at org.elasticsearch.xpack.security.authc.TokenService.getAndValidateToken(TokenService.java:217)
at org.elasticsearch.xpack.security.authc.AuthenticationService$Authenticator.lambda$authenticateAsync$2(AuthenticationService.java:214)
at org.elasticsearch.xpack.security.authc.AuthenticationService$Authenticator.lambda$lookForExistingAuthentication$4(AuthenticationService.java:246)
at org.elasticsearch.xpack.security.authc.AuthenticationService$Authenticator.lookForExistingAuthentication(AuthenticationService.java:257)
at org.elasticsearch.xpack.security.authc.AuthenticationService$Authenticator.authenticateAsync(AuthenticationService.java:210)
at org.elasticsearch.xpack.security.authc.AuthenticationService$Authenticator.access$000(AuthenticationService.java:159)
at org.elasticsearch.xpack.security.authc.AuthenticationService.authenticate(AuthenticationService.java:122)
at org.elasticsearch.xpack.security.transport.ServerTransportFilter$NodeProfile.inbound(ServerTransportFilter.java:145)
at org.elasticsearch.xpack.security.transport.SecurityServerTransportInterceptor$ProfileSecuredRequestHandler.messageReceived(SecurityServerTransportInterceptor.java:314)
at org.elasticsearch.transport.RequestHandlerRegistry.processMessageReceived(RequestHandlerRegistry.java:69)
at org.elasticsearch.transport.TcpTransport$RequestHandler.doRun(TcpTransport.java:1544)
at org.elasticsearch.common.util.concurrent.AbstractRunnable.run(AbstractRunnable.java:37)
at org.elasticsearch.common.util.concurrent.EsExecutors$1.execute(EsExecutors.java:110)
at org.elasticsearch.transport.TcpTransport.handleRequest(TcpTransport.java:1501)
at org.elasticsearch.transport.TcpTransport.messageReceived(TcpTransport.java:1385)
at org.elasticsearch.transport.netty4.Netty4MessageChannelHandler.channelRead(Netty4MessageChannelHandler.java:74)
at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:362)
at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:348)
at io.netty.channel.AbstractChannelHandlerContext.fireChannelRead(AbstractChannelHandlerContext.java:340)
at io.netty.handler.codec.ByteToMessageDecoder.fireChannelRead(ByteToMessageDecoder.java:310)
at io.netty.handler.codec.ByteToMessageDecoder.fireChannelRead(ByteToMessageDecoder.java:297)
at io.netty.handler.codec.ByteToMessageDecoder.callDecode(ByteToMessageDecoder.java:413)
at io.netty.handler.codec.ByteToMessageDecoder.channelRead(ByteToMessageDecoder.java:265)
at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:362)
at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:348)
at io.netty.channel.AbstractChannelHandlerContext.fireChannelRead(AbstractChannelHandlerContext.java:340)
at io.netty.channel.ChannelInboundHandlerAdapter.channelRead(ChannelInboundHandlerAdapter.java:86)
at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:362)
at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:348)
at io.netty.channel.AbstractChannelHandlerContext.fireChannelRead(AbstractChannelHandlerContext.java:340)
at io.netty.channel.DefaultChannelPipeline$HeadContext.channelRead(DefaultChannelPipeline.java:1334)
at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:362)
at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:348)
at io.netty.channel.DefaultChannelPipeline.fireChannelRead(DefaultChannelPipeline.java:926)
at io.netty.channel.nio.AbstractNioByteChannel$NioByteUnsafe.read(AbstractNioByteChannel.java:134)
at io.netty.channel.nio.NioEventLoop.processSelectedKey(NioEventLoop.java:644)
at io.netty.channel.nio.NioEventLoop.processSelectedKeysPlain(NioEventLoop.java:544)
at io.netty.channel.nio.NioEventLoop.processSelectedKeys(NioEventLoop.java:498)
at io.netty.channel.nio.NioEventLoop.run(NioEventLoop.java:458)
at io.netty.util.concurrent.SingleThreadEventExecutor$5.run(SingleThreadEventExecutor.java:858)
at java.lang.Thread.run(Thread.java:748)
2017-12-01 13:07:40,753 [INFO] from connectors.cortex.services.CortexSrv in main - Search for unfinished job ...
2017-12-01 13:07:41,424 [INFO] from akka.actor.CoordinatedShutdown in application-akka.actor.default-dispatcher-4 - Starting coordinated shutdown from JVM shutdown hook
[...]