Authentication of was terminated by realm – – How to solve this Elasticsearch error

Opster Team

Aug-23, Version: 6.8-7.15

Briefly, this error occurs when Elasticsearch fails to authenticate a user due to an issue with the security realm. This could be due to incorrect credentials, misconfiguration of the security realm, or a problem with the authentication service. To resolve this, you can check the user’s credentials, ensure the security realm is correctly configured, or troubleshoot the authentication service. If the issue persists, you may need to check the Elasticsearch logs for more detailed error messages.

We recommend you run the Elasticsearch Error Check-Up which can resolve issues that cause many errors.

This guide will help you check for common problems that cause the log “Authentication of Elastic was terminated by realm [reserved]” to appear. It’s important to understand how authentication works and what role realms play in the process, so read the guide below and follow the steps to resolve this error.

What does authentication mean in Elasticsearch?

Authentication refers to the process or action of verifying the identity of a user or process. Elastic stack authenticates the user by identifying and verifying them. The authentication process is handled by one or more authentication services called realms. 

There are various types of realms. Reserved realm is the realm containing the built-in users. Then, there’s the native realm for users defined through the security API (and/or inside Kibana). Lastly, file realm is for users defined in security files on disk.

What this error means

This log message is an INFO message saying that the credentials with which you are trying to authenticate do not match the saved credentials. You will not be able to use the ES cluster, until and unless the username and password match, i.e. until authentication is successful.

How to reproduce this log

First, you need to enable the security settings of Elasticsearch.

Enable security features

To enable security features on the node, turn on the xpack.security.enabled setting. You need to add this setting in the elasticsearch.yml configuration file.

Plain text
Copy to clipboard
Open code in new window
EnlighterJS 3 Syntax Highlighter
xpack.security.enabled: true
xpack.security.enabled: true
xpack.security.enabled: true

Setting built-in user password

The next step is to set the built-in user credentials, using this command: 

Plain text
Copy to clipboard
Open code in new window
EnlighterJS 3 Syntax Highlighter
bin/elasticsearch-setup-passwords interactive
bin/elasticsearch-setup-passwords interactive
bin/elasticsearch-setup-passwords interactive

Restart Elasticsearch

  1. After setting up the password, you need to restart Elasticsearch. By now, Elasticsearch should be running on port 9200. 
  2. Now go to your browser, and hit http://localhost:9200
  3. After hitting that URL, a pop up will open, asking for sign in credentials that you have set while setting the built-in user passwords. 
  4. If either the username or the password does not match with the saved credentials, the following logs will be generated.

The logs generated are:

Plain text
Copy to clipboard
Open code in new window
EnlighterJS 3 Syntax Highlighter
[INFO ][o.e.x.s.a.AuthenticationService] Authentication of [elastic] was terminated by realm [reserved] - failed to authenticate user [elastic]
[INFO ][o.e.x.s.a.AuthenticationService] Authentication of [elastic] was terminated by realm [reserved] - failed to authenticate user [elastic]
[INFO ][o.e.x.s.a.AuthenticationService] Authentication of [elastic] was terminated by realm [reserved] - failed to authenticate user [elastic]

Quick troubleshooting steps

You need to enter the correct username and password that should match with the credentials that you have set while setting the built-in user password.

If by any chance you’ve forgotten the password, you can reset the password by following the steps mentioned in this post.

Log Context

Log “Authentication of [{}] was terminated by realm [{}] – {}” classname is AuthenticationService.java.
We extracted the following from Elasticsearch source code for those seeking an in-depth context :

Plain text
Copy to clipboard
Open code in new window
EnlighterJS 3 Syntax Highlighter
if (result.getException() != null) {
logger.info(new ParameterizedMessage(
"Authentication of [{}] was terminated by realm [{}] - {}";
authenticationToken.principal(); realm.name(); result.getMessage()); result.getException());
} else {
logger.info("Authentication of [{}] was terminated by realm [{}] - {}";
authenticationToken.principal(); realm.name(); result.getMessage());
}
userListener.onFailure(result.getException());
} else {
if (result.getMessage() != null) {
if (result.getException() != null) { logger.info(new ParameterizedMessage( "Authentication of [{}] was terminated by realm [{}] - {}"; authenticationToken.principal(); realm.name(); result.getMessage()); result.getException()); } else { logger.info("Authentication of [{}] was terminated by realm [{}] - {}"; authenticationToken.principal(); realm.name(); result.getMessage()); } userListener.onFailure(result.getException()); } else { if (result.getMessage() != null) {
                                    if (result.getException() != null) {
                                        logger.info(new ParameterizedMessage(
                                                "Authentication of [{}] was terminated by realm [{}] - {}";
                                                authenticationToken.principal(); realm.name(); result.getMessage()); result.getException());
                                    } else {
                                        logger.info("Authentication of [{}] was terminated by realm [{}] - {}";
                                                authenticationToken.principal(); realm.name(); result.getMessage());
                                    }
                                    userListener.onFailure(result.getException());
                                } else {
                                    if (result.getMessage() != null) {

 

 [ratemypost]