Can not configure ElasticSearch authentication

[srilumpa]

Request Type

Bug

Work Environment

Question	Answer
OS version (server)	Debian stretch
TheHive version / git hash	2.13.2-1
Package Type	DEB

Problem Description

When trying to connect to an ElasticSearch server with enabled authentication, it does not seem possible to configure a username/password in TheHive configuration and thus the connection to ElasticSearch fails.

Steps to Reproduce

1. Set up authentication on an ElasticSearch server
2. Connect TheHive to it

Complementary information

TheHive configuration extract

[...]
# ElasticSearch
search {
  # Name of the index
  index = the_hive
  # Name of the ElasticSearch cluster
  cluster = ES_CLUSTER
  # Address of the ElasticSearch instance
  host = ["es-server1:9300"]
  # Scroll keepalive
  keepalive = 1m
  # Size of the page for scroll
  pagesize = 50
}

[...]

Logs

When starting the application, the following traces are logged in /var/log/thehive/application.conf

2017-12-01 13:07:37,228 [INFO] from org.reflections.Reflections in main - Reflections took 131 ms to scan 5 urls, producing 104 keys and 1098 values 
2017-12-01 13:07:37,267 [INFO] from module in main - Loading model class connectors.cortex.models.ReportTemplateModel
2017-12-01 13:07:37,268 [INFO] from module in main - Loading model class models.CaseTemplateModel
2017-12-01 13:07:37,268 [INFO] from module in main - Loading model class models.AuditModel
2017-12-01 13:07:37,268 [INFO] from module in main - Loading model class models.AlertModel
2017-12-01 13:07:37,268 [INFO] from module in main - Loading model class models.LogModel
2017-12-01 13:07:37,269 [INFO] from module in main - Loading model class models.UserModel
2017-12-01 13:07:37,269 [INFO] from module in main - Loading model class connectors.cortex.models.JobModel
2017-12-01 13:07:37,269 [INFO] from module in main - Loading model class models.CaseModel
2017-12-01 13:07:37,269 [INFO] from module in main - Loading model class models.TaskModel
2017-12-01 13:07:37,270 [INFO] from module in main - Loading model class org.elastic4play.services.AttachmentModel
2017-12-01 13:07:37,270 [INFO] from module in main - Loading model class org.elastic4play.services.DBListModel
2017-12-01 13:07:37,270 [INFO] from module in main - Loading model class models.ArtifactModel
2017-12-01 13:07:38,252 [INFO] from akka.event.slf4j.Slf4jLogger in application-akka.actor.default-dispatcher-4 - Slf4jLogger started
2017-12-01 13:07:38,782 [INFO] from org.elasticsearch.plugins.PluginsService in main - no modules loaded
2017-12-01 13:07:38,785 [INFO] from org.elasticsearch.plugins.PluginsService in main - loaded plugin [org.elasticsearch.index.reindex.ReindexPlugin]
2017-12-01 13:07:38,785 [INFO] from org.elasticsearch.plugins.PluginsService in main - loaded plugin [org.elasticsearch.join.ParentJoinPlugin]
2017-12-01 13:07:38,785 [INFO] from org.elasticsearch.plugins.PluginsService in main - loaded plugin [org.elasticsearch.percolator.PercolatorPlugin]
2017-12-01 13:07:38,785 [INFO] from org.elasticsearch.plugins.PluginsService in main - loaded plugin [org.elasticsearch.script.mustache.MustachePlugin]
2017-12-01 13:07:38,785 [INFO] from org.elasticsearch.plugins.PluginsService in main - loaded plugin [org.elasticsearch.transport.Netty3Plugin]
2017-12-01 13:07:38,785 [INFO] from org.elasticsearch.plugins.PluginsService in main - loaded plugin [org.elasticsearch.transport.Netty4Plugin]
2017-12-01 13:07:39,793 [INFO] from io.netty.util.internal.PlatformDependent in main - Your platform does not provide complete low-level API for accessing direct buffers reliably. Unless explicitly requested, heap buffer will always be preferred to avoid potential system instability.
2017-12-01 13:07:40,036 [INFO] from org.elasticsearch.client.transport.TransportClientNodesService in main - failed to get node info for {#transport#-1}{tFc-BgvQRO6nbHsdbJ7O8g}{es-server1}{192.168.10.2:9300}, disconnecting...
org.elasticsearch.transport.RemoteTransportException: [es-server1][192.168.10.2:9300][cluster:monitor/nodes/liveness]
Caused by: org.elasticsearch.ElasticsearchSecurityException: missing authentication token for action [cluster:monitor/nodes/liveness]
	at org.elasticsearch.xpack.security.support.Exceptions.authenticationError(Exceptions.java:39)
	at org.elasticsearch.xpack.security.authc.DefaultAuthenticationFailureHandler.missingToken(DefaultAuthenticationFailureHandler.java:74)
	at org.elasticsearch.xpack.security.authc.AuthenticationService$AuditableTransportRequest.anonymousAccessDenied(AuthenticationService.java:553)
	at org.elasticsearch.xpack.security.authc.AuthenticationService$Authenticator.lambda$handleNullToken$16(AuthenticationService.java:363)
	at org.elasticsearch.xpack.security.authc.AuthenticationService$Authenticator.handleNullToken(AuthenticationService.java:368)
	at org.elasticsearch.xpack.security.authc.AuthenticationService$Authenticator.consumeToken(AuthenticationService.java:295)
	at org.elasticsearch.xpack.security.authc.AuthenticationService$Authenticator.lambda$extractToken$7(AuthenticationService.java:267)
	at org.elasticsearch.xpack.security.authc.AuthenticationService$Authenticator.extractToken(AuthenticationService.java:284)
	at org.elasticsearch.xpack.security.authc.AuthenticationService$Authenticator.lambda$null$0(AuthenticationService.java:218)
	at org.elasticsearch.action.ActionListener$1.onResponse(ActionListener.java:59)
	at org.elasticsearch.xpack.security.authc.TokenService.getAndValidateToken(TokenService.java:217)
	at org.elasticsearch.xpack.security.authc.AuthenticationService$Authenticator.lambda$authenticateAsync$2(AuthenticationService.java:214)
	at org.elasticsearch.xpack.security.authc.AuthenticationService$Authenticator.lambda$lookForExistingAuthentication$4(AuthenticationService.java:246)
	at org.elasticsearch.xpack.security.authc.AuthenticationService$Authenticator.lookForExistingAuthentication(AuthenticationService.java:257)
	at org.elasticsearch.xpack.security.authc.AuthenticationService$Authenticator.authenticateAsync(AuthenticationService.java:210)
	at org.elasticsearch.xpack.security.authc.AuthenticationService$Authenticator.access$000(AuthenticationService.java:159)
	at org.elasticsearch.xpack.security.authc.AuthenticationService.authenticate(AuthenticationService.java:122)
	at org.elasticsearch.xpack.security.transport.ServerTransportFilter$NodeProfile.inbound(ServerTransportFilter.java:145)
	at org.elasticsearch.xpack.security.transport.SecurityServerTransportInterceptor$ProfileSecuredRequestHandler.messageReceived(SecurityServerTransportInterceptor.java:314)
	at org.elasticsearch.transport.RequestHandlerRegistry.processMessageReceived(RequestHandlerRegistry.java:69)
	at org.elasticsearch.transport.TcpTransport$RequestHandler.doRun(TcpTransport.java:1544)
	at org.elasticsearch.common.util.concurrent.AbstractRunnable.run(AbstractRunnable.java:37)
	at org.elasticsearch.common.util.concurrent.EsExecutors$1.execute(EsExecutors.java:110)
	at org.elasticsearch.transport.TcpTransport.handleRequest(TcpTransport.java:1501)
	at org.elasticsearch.transport.TcpTransport.messageReceived(TcpTransport.java:1385)
	at org.elasticsearch.transport.netty4.Netty4MessageChannelHandler.channelRead(Netty4MessageChannelHandler.java:74)
	at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:362)
	at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:348)
	at io.netty.channel.AbstractChannelHandlerContext.fireChannelRead(AbstractChannelHandlerContext.java:340)
	at io.netty.handler.codec.ByteToMessageDecoder.fireChannelRead(ByteToMessageDecoder.java:310)
	at io.netty.handler.codec.ByteToMessageDecoder.fireChannelRead(ByteToMessageDecoder.java:297)
	at io.netty.handler.codec.ByteToMessageDecoder.callDecode(ByteToMessageDecoder.java:413)
	at io.netty.handler.codec.ByteToMessageDecoder.channelRead(ByteToMessageDecoder.java:265)
	at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:362)
	at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:348)
	at io.netty.channel.AbstractChannelHandlerContext.fireChannelRead(AbstractChannelHandlerContext.java:340)
	at io.netty.channel.ChannelInboundHandlerAdapter.channelRead(ChannelInboundHandlerAdapter.java:86)
	at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:362)
	at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:348)
	at io.netty.channel.AbstractChannelHandlerContext.fireChannelRead(AbstractChannelHandlerContext.java:340)
	at io.netty.channel.DefaultChannelPipeline$HeadContext.channelRead(DefaultChannelPipeline.java:1334)
	at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:362)
	at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:348)
	at io.netty.channel.DefaultChannelPipeline.fireChannelRead(DefaultChannelPipeline.java:926)
	at io.netty.channel.nio.AbstractNioByteChannel$NioByteUnsafe.read(AbstractNioByteChannel.java:134)
	at io.netty.channel.nio.NioEventLoop.processSelectedKey(NioEventLoop.java:644)
	at io.netty.channel.nio.NioEventLoop.processSelectedKeysPlain(NioEventLoop.java:544)
	at io.netty.channel.nio.NioEventLoop.processSelectedKeys(NioEventLoop.java:498)
	at io.netty.channel.nio.NioEventLoop.run(NioEventLoop.java:458)
	at io.netty.util.concurrent.SingleThreadEventExecutor$5.run(SingleThreadEventExecutor.java:858)
	at java.lang.Thread.run(Thread.java:748)
2017-12-01 13:07:40,753 [INFO] from connectors.cortex.services.CortexSrv in main - Search for unfinished job ...
2017-12-01 13:07:41,424 [INFO] from akka.actor.CoordinatedShutdown in application-akka.actor.default-dispatcher-4 - Starting coordinated shutdown from JVM shutdown hook
[...]

[nadouani]

TheHive doesn't support yet Elasticsearch authentication.

[srilumpa]

Are you able to give me a potential milestone for this feature?