I'm using elasticsearch and kibana both managed by AWS, I've configured SAML with ADFS to authenticate my users, but some users login successfully by accessing Kibana, while others login fails and shows the following message:
{"statusCode":500,"error":"Internal Server Error","message":"Internal Error"}
Analyzing the errors in the browser I found something about SameSite, but I believe the SameSite error should happen to everyone.
Is there anything you can do in Kibana to solve this problem?
if this is the aws Elasticsearch service you will need to contact their support. they run forks of Elasticsearch and Kibana and their own plugins to handle security that are not source available or community supported
Related
I am trying to set up Google Integration in my self-hosted Nextcloud instance. For this I need a Google Cloud API Web application OAUTH Client ID and Secret, along with the preset Authorized redirect URI from my Nextcloud instance. I can easily create the ID and Secret for the Web app. But, if I put the Authorized redirect URI in the Google Cloud OAUTH page, it tells me "Save failed: The request has been classified as abusive and was not allowed to proceed".
For context, the Domain provided is a Google Domain which I am using with a Cloudflare proxied DNS. Google verification TXT record have been added to Cloudflare. I am self-hosting the Nextcloud instance with a subdomain of this domain behind an Nginx Proxy Manager with a Cloudflare SSL certificate. To add, all of these are running as docker containers on Ubuntu. Additionally I have also verified the Redirect URI as Safe from: https://global.sitesafety.trendmicro.com/result.php
Even then, apart from that specific URI, I have tried URI of other services I am self-hosting as well as the parent domain. All of these are giving the same message from the GCP OAUTH screen.
Kindly help me out with this considering I am fairly a novice.
I have hosted AWS OpenSearch(ELK) and with that Kibana also get hosted. So I have created a dashboard in Kibana where I get the embedded link and insert it to my HTML code. It ask me to login Everytime.
If I host a EC2 instance and install Nginx in it and is it possible if I configure Nginx.conf and provided the access credentials to it so whenever my website gets loaded Visualization inserted in my website through Kibana Embedded Link it should not ask for authentication.
I am trying to set Listener rules on an ALB. I want to add Google Oauth support to one of my servers.
Here are the Google endpoints I am using
I see google auth page alright, but on the callback url I'm seeing 500 Internal Server Error. I've also set the callback URL. Am at a loss as to what's wrong here. Any help is most appreciated!
After authentication, I'm not redirecting to my application, instead I've set ALP to show a text based simple response.
I struggled with the same problem for hours, and in the end it turned out to be the user info endpoint that was wrong. I was using the same one as you, but it should be https://openidconnect.googleapis.com/v1/userinfo.
I haven’t found any Google documentation saying what the value should be, but found this excellent blog post that contained a working example: https://cloudonaut.io/how-to-secure-your-devops-tools-with-alb-authentication/ (the first example uses Cognito, but the second uses OIDC and Google directly).
From AWS documentation
HTTP 500: Internal Server Error
Possible causes:
You configured an AWS WAF web access control list (web ACL) and there was an error executing the web ACL rules.
You configured a listener rule to authenticate users, but one of the following is true:
The load balancer is unable to communicate with the IdP token endpoint or the IdP user info endpoint. Verify that the security groups for your load balancer and the network ACLs for your VPC allow outbound access to these endpoints. Verify that your VPC has internet access. If you have an internal-facing load balancer, use a NAT gateway to enable internet access.
The size of the claims returned by the IdP exceeded the maximum size supported by the load balancer.
A client submitted an HTTP/1.0 request without a host header, and the load balancer was unable to generate a redirect URL.
A client submitted a request without an HTTP protocol, and the load balancer was unable to generate a redirect URL.
The requested scope doesn't return an ID token.
I'm hosting my website on AWS through S3 with Cloudfront. I've noticed that Googlebot and also Apex Ping detect 403 errors when accessing my website. When I access it myself I don't see any 4xx or any 5xx errors in the network tab with Chrome Developer Tools enabled. I'm wondering what might be causing it.
My suspicion is that it may be a Cloudfront configuration. Specifically I've enabled Custom SSL Certificate and am using an AWS generated certificate (ACM). With this option I'm forced to use the Only Clients that Support Server Name Indication (SNI) configuration. Is this potentially causing the breakage? My understanding is that Googlebot supports SNI as per this post so I'm a bit perplexed as to what might be causing the 403s.
Your website is currently giving me the following error:
ERROR
The request could not be satisfied.
The Amazon CloudFront distribution is configured to block access from your country.
Generated by cloudfront (CloudFront)
Request ID: 5i6brNX28KLeWWp8CJ6oSLv96aggZCxlSsMtc6gvZ3I8STS3mtmS9g==
Googlebot and Apex Ping are probably seeing the same response.
So the problem may be that you need to open up more countries in your configuration. This is done on the "Geo-Restriction Settings" page. If your website doesn't need to be Geo Restricted, then don't: set "Enable Geo-Restriction" to "No".
When I call an external web service from Amazon EC2 server I get a 404 response for the request. When I call the same web service locally it works fine. Can anyone tell me why this happens?
It is entirely possible that the owner of the service has been seeing too much abuse from Amazon's IP range and that they have blocked access to the API from EC2. Normally however I would expect them to send back an Access Denied rather than a 404 Not Found.