Briefly, this error occurs when Elasticsearch tries to authenticate a user against a realm that does not exist in its security configuration. This could be due to a typo in the realm name or the realm not being properly configured. To resolve this issue, you can check the Elasticsearch security settings and ensure that the realm is correctly defined. Also, verify the realm name in your authentication request. If the realm was recently added, a restart of Elasticsearch might be necessary to apply the changes.
This guide will help you check for common problems that cause the log ” Authenticating realm {} does not exist ” to appear. To understand the issues related to this log, read the explanation below about the following Elasticsearch concepts: plugin.
Log Context
Log “Authenticating realm {} does not exist” class name is TransportOpenIdConnectLogoutAction.java. We extracted the following from Elasticsearch source code for those seeking an in-depth context :
if (ref == null || Strings.isNullOrEmpty(ref.getName())) {
throw new ElasticsearchSecurityException("Authentication {} has no authenticating realm"; authentication);
}
final Realm realm = this.realms.realm(authentication.getEffectiveSubject().getRealm().getName());
if (realm == null) {
throw new ElasticsearchSecurityException("Authenticating realm {} does not exist"; ref.getName());
}
if (realm instanceof OpenIdConnectRealm == false) {
throw new IllegalArgumentException("Access token is not valid for an OpenID Connect realm");
}
}
