Alphayeeeet
commented
3 weeks ago Unfortunately there is no API in Kibana which can be used to create the users.
Closed Alphayeeeet closed 20 hours ago
Alphayeeeet
commented
3 weeks ago Unfortunately there is no API in Kibana which can be used to create the users.
dmlemeshko
commented
3 weeks ago Hey @Alphayeeeet
Security API allows not only to create a user, but also update it:
Assuming you created a user my_test_user
PUT /_security/user/my_test_user
{
"roles" : [ "viewer" ],
"full_name" : "Alphayeeeet",
"email" : "alphayeeeet@example.com",
}Docs link
But since elastic user is reserved one, you won't be able to change full name / email. It is expected behaviour, for reserved ones only password can be changed.
Let me know if you still have questions
Alphayeeeet
commented
3 weeks ago Yeah I know. But when I create users with the API from Elasticsearch, they cannot change profile settings like dark mode, which are saved in Kibana saved objects not user metadata.
Please try to reproduce first.
elasticmachine
commented
3 weeks ago Pinging @elastic/kibana-security (Team:Security)
SiddharthMantri
commented
3 weeks ago Hi @Alphayeeeet, can you please share the full request made to the ES API for creating users? We'd also like to know how are the newly created users then logging in?
Alphayeeeet
commented
3 weeks ago The Users are logging in via Basic Auth over a Reverse Proxy. They use Authorization Header Basic for each request. I will provide The request ASAP but it should be a regular POST to the ES users api with Fullname, Username, Email and Password in the Body.
SiddharthMantri
commented
3 weeks ago Hey @Alphayeeeet, thank you for the clarification.
Unfortunately, authenticating users over a proxy is a limitation we currently have. For such scenarios, we are unable to create sessions and hence activate profiles for these users. This in turn causes side effects like being unable to save profile changes
There's a lot more context here - specifically under the header: Interactive users (authenticating via HTTP proxy).
We've got an issue to track this here: https://github.com/elastic/kibana/issues/158277
Alphayeeeet
commented
2 weeks ago @SiddharthMantri Thank you for the update. Thats very unfortunate. I hope support for proxy is provided soon, as it is a limitation for our users.
The ES-API request would be like this:
POST /_security/user/jacknich { "password" : "l0ng-r4nd0m-p@ssw0rd", "roles" : [ "admin", "other_role1" ], "full_name" : "Jack Nicholson", "email" : "jacknich@example.com", "metadata" : { "script_managed": true } }
Alphayeeeet
commented
4 days ago @SiddharthMantri You can close this ticket with reference to the other, as there is already https://github.com/elastic/kibana/issues/158277 to track this issue.
Kibana version: 8.14.0
Elasticsearch version: 8.14.0
Server OS version: RHEL 8
Browser version: current Chrome/Edge
Browser OS version: Windows 11
Original install method (e.g. download page, yum, from source, etc.): download page RPM
Describe the bug: Users who were created using the Elasticsearch create/update users API cannot change their profile settings. There should be a separate Kibana API to initialize those saved object data. Then when the users are created using the UI, they can change their profile settings.
Steps to reproduce:
Expected behavior: Users created by the Users API should be able to change their profile settings.
Screenshots (if relevant): Standard User:
API created user:
Any additional context: Reference: #185949