GET Oauth Token API not working in Elastic Search

问题

I'm new to Elastic search. Integrated my Spring boot application with Elastic search through Java High Level Rest Client and I've enabled security by providing below properties after setting up the certificate and passwords:

xpack.security.enabled: true
xpack.security.transport.ssl.enabled: true
xpack.security.transport.ssl.verification_mode: certificate
xpack.security.transport.ssl.keystore.path: elastic-certificates.p12
xpack.security.transport.ssl.truststore.path: elastic-certificates.p12
xpack.security.http.ssl.enabled: true
xpack.security.http.ssl.keystore.path: "http.p12"

I've done the required changes in kibana.yaml as well and I'm able to access it. Tried below call through Kibana to get the OAuth token:

   POST /_security/oauth2/token
    {
      "grant_type" : "password",
      "username" : "elastic",
      "password" : "password_for_elastic_super_user"
    }

Getting below error after executing in kibana:

{
  "error" : {
    "root_cause" : [
      {
        "type" : "security_exception",
        "reason" : "current license is non-compliant for [security tokens]",
        "license.expired.feature" : "security tokens"
      }
    ],
    "type" : "security_exception",
    "reason" : "current license is non-compliant for [security tokens]",
    "license.expired.feature" : "security tokens"
  },
  "status" : 403
}

I've hit the GET license API as well, got below response:

{
  "license" : {
    "status" : "active",
    "uid" : "62b089de-422e-41f0-88c8-9ad76b27cd62",
    "type" : "basic",
    "issue_date" : "2020-06-25T07:17:48.310Z",
    "issue_date_in_millis" : 1593069468310,
    "max_nodes" : 1000,
    "issued_to" : "elasticsearch",
    "issuer" : "elasticsearch",
    "start_date_in_millis" : -1
  }
}

Can anyone please help how to fix this?

回答1:

You are using the basic version of elasticsearch which doesn't have this security feature(security tokens) and causing this issue, you can refer more to what is included in what license under Elastic stack security section in Elastic subscription.

security tokens feature is not available under the basic license as mentioned in the same subscription page and available from the gold tier.

Confirmed above from the elasticsearch x-pack source code as shown this exception is thrown while running the Integration test and this is the production java code which throws the generic exception message for current license is non-compliant for.

You have to upgrade to minimum Gold tier if you want to use security tokens feature.