Get two times http code 403 at dashboards start

Versions (relevant - OpenSearch/Dashboard/Server OS/Browser):
2.11.1

Describe the issue:
I get thios output at start time of my OpenSearch dashboards:

log [11:34:37.991] [error][plugins][securityDashboards] StatusCodeError: Authorization Exception
at respond (E:\Apps\opensearch-dashboards\node_modules\elasticsearch\src\lib\transport.js:349:15)
at checkRespForFailure (E:\Apps\opensearch-dashboards\node_modules\elasticsearch\src\lib\transport.js:306:7)
at HttpConnector. (E:\Apps\opensearch-dashboards\node_modules\elasticsearch\src\lib\connectors\http.js:173:7)
at IncomingMessage.wrapper (E:\Apps\opensearch-dashboards\node_modules\lodash\lodash.js:4991:19)
at IncomingMessage.emit (node:events:525:35)
at IncomingMessage.emit (node:domain:489:12)
at endReadableNT (node:internal/streams/readable:1359:12)
at processTicksAndRejections (node:internal/process/task_queues:82:21) {
status: 403,
displayName: ‘AuthorizationException’,
path: ‘/_plugins/_security/tenantinfo’,
query: {},
body: undefined,
statusCode: 403,
response: ‘’,
toString: [Function (anonymous)],
toJSON: [Function (anonymous)]
}
log [11:34:38.000] [warning][environment] Detected an unhandled Promise rejection.
Authorization Exception :: {“path”:“/_plugins/_security/tenantinfo”,“query”:{},“statusCode”:403,“response”:“”}

But I don’t kow from what this comes. The dashboards are reahcable and working.
Thanks a lot.

@Juergen Could you share your opensearch_dashboards.yml file?

The error regards authentication of the OpenSearch Dashboards with OpenSearch.

Please share the output of the following command.

curl --insecure -u admin:admin -XGET https://<OpenSearch_node>:9200
curl --insecure -u admin:admin -XGET https://<OpenSearch_node>:9200/_plugins/_security/authinfo

This is the output of the two curl commands:

E:\bin>curl --insecure -u admin:admin -XGET https://xxx.xxx.xxx.xxx:9200
{
“name” : “xxx-opensearch-node-1”,
“cluster_name” : “xxx-opensearch-cluster”,
“cluster_uuid” : “yyyyyyyyyyyy”,
“version” : {
“distribution” : “opensearch”,
“number” : “2.11.1”,
“build_type” : “zip”,
“build_hash” : “6b1986e964d440be9137eba1413015c31c5a7752”,
“build_date” : “2023-11-29T21:43:34.361901800Z”,
“build_snapshot” : false,
“lucene_version” : “9.7.0”,
“minimum_wire_compatibility_version” : “7.10.0”,
“minimum_index_compatibility_version” : “7.0.0”
},
“tagline” : “The OpenSearch Project: https://opensearch.org/
}

E:\bin>curl --insecure -u admin:admin -XGET https://xxx.xxx.xxx.xxx:9200/_plugins/_security/authinfo
{“user”:
“User [name=admin,
backend_roles=[admin],
requestedTenant=null]”,
“user_name”:“admin”,
“user_requested_tenant”:null,
“remote_address”:“yyy.yyy.yyy.yyy:33456”,
“backend_roles”:[“admin”],
“custom_attribute_names”:,
“roles”:[“own_index”,
“all_access”],
“tenants”:{“global_tenant”:true,“admin_tenant”:true,“admin”:true},“principal”:null,“peer_certificates”:“0”,“sso_logout_url”:null}

Opensearch and Opensearch-dashboards are running both on the same windows 2019-server.

This is may opensearch-dashboards.yml:

server.port: 5601
server.host: “xxx.xxx.xxx.xxx”

opensearch.hosts: [“https://xxx.xxx.xxx.xxx:9200”]
opensearch.ssl.verificationMode: none
opensearch.username: admin
opensearch.password: admin
opensearch.requestHeadersWhitelist: [authorization, securitytenant]

server.ssl.enabled: true
server.ssl.certificate: E:\Apps\opensearch-dashboards\config\yyyyyy-cert.pem
server.ssl.key: E:\Apps\opensearch-dashboards\config\yyyyyyy.key
server.ssl.certificateAuthorities: [ “E:\Apps\opensearch-dashboards\config\yyyyyyy.pem” ]

opensearch_security.multitenancy.enabled: true
opensearch_security.multitenancy.tenants.preferred: [Private, Global]
opensearch_security.readonly_mode.roles: [kibana_read_only]

opensearch_security.cookie.secure: true

@Juergen Can you access OpenSearch Dashboards and login?

Yes, this works fine.
Except :
→ Obersvability-> Applications → Logs Events:
There’s also a security issue in the background. But I don’t know, if this belongs together …

And on the console of the dashboards, I could see this:

PPL query fetch err: StatusCodeError: Bad Request
at respond (E:\Apps\opensearch-dashboards\node_modules\elasticsearch\src\lib\transport.js:349:15)
at checkRespForFailure (E:\Apps\opensearch-dashboards\node_modules\elasticsearch\src\lib\transport.js:306:7)
at HttpConnector. (E:\Apps\opensearch-dashboards\node_modules\elasticsearch\src\lib\connectors\http.js:173:7)
at IncomingMessage.wrapper (E:\Apps\opensearch-dashboards\node_modules\lodash\lodash.js:4991:19)
at IncomingMessage.emit (node:events:525:35)
at IncomingMessage.emit (node:domain:489:12)
at endReadableNT (node:internal/streams/readable:1359:12)
at processTicksAndRejections (node:internal/process/task_queues:82:21) {
status: 400,
displayName: ‘BadRequest’,
path: ‘/_plugins/_ppl’,
query: {},
body: ‘{\n’ +
’ “error”: {\n’ +
’ “reason”: “Invalid Query”,\n’ +
"details": "can't resolve Symbol(namespace=FIELD_NAME, name=patterns_field) in type env",\n +
’ “type”: “SemanticCheckException”\n’ +
’ },\n’ +
’ “status”: 400\n’ +
‘}’,
statusCode: 400,
response: ‘{\n’ +
’ “error”: {\n’ +
’ “reason”: “Invalid Query”,\n’ +
"details": "can't resolve Symbol(namespace=FIELD_NAME, name=patterns_field) in type env",\n +
’ “type”: “SemanticCheckException”\n’ +
’ },\n’ +
’ “status”: 400\n’ +
‘}’,
toString: [Function (anonymous)],
toJSON: [Function (anonymous)]
}

I’m not sure, if this are different topics, or if this belongs togehter…
For my feeling, there’s something wrong in the communication…
Perhaps a fault in the yml-configs ?
The certificates are looking good. There’s no error or something insecure in the browser.

It says that your PPL query is incorrect. This is not related to the security.

Hello @pablo,

in the Query workbech, PPL works.
I made this:

and there, it worked fine.

In the observability -_> application, it doesn’t work.

I did it there in the same way:

But how could I test it there and fix it, if it doesn’t work?