Kibana Authentication Validation
Validates Kibana authentication methods (Basic Auth + Aliyun RAM OAuth) using Playwright MCP with headless Chromium.
Quick Start
# Check stack health first curl -sk -u elastic:Summer11 https://127.0.0.1:9200/_cluster/health curl -s http://localhost:5601/api/status
If stack not running, start it:
cd /home/denny/projects/kibana-9.2.4 ./project-starter.sh
Validation Workflow
Step 1: Prerequisites Check
Verify stack is healthy and both services are accessible:
- •Elasticsearch: https://127.0.0.1:9200
- •Kibana: http://47.236.247.55:5601
Step 2: Choose Test Suite
Basic Auth Validation - Run for regression testing:
python3 scripts/validate_basic_auth.py
OAuth Validation - Run for OAuth flow testing:
python3 scripts/validate_oauth.py
Step 3: Run Playwright Tests
Use Playwright MCP with headless Chromium to execute the tests generated by the scripts above.
Key Playwright locators for Kibana login:
// Basic auth form
page.locator('form').filter({ hasText: /username|password/i })
// OAuth button
page.getByText(/aliyun|ram|阿里云/i)
// Login button
page.locator('button[type="submit"]')
OAuth Session Persistence
To bypass CAPTCHA and SMS OTP in automated tests, save an authenticated session once and reuse it:
Save OAuth Cookies (One-Time Setup)
Run the interactive cookie saver:
python3 scripts/save_oauth_cookies.py
This will:
- •Launch a headed Chromium browser
- •Navigate to Kibana login page
- •Wait for you to complete OAuth login manually (with CAPTCHA/SMS)
- •Save cookies/session to
kibana-auth.json
Use Saved Cookies in Tests
const { chromium } = require('playwright');
async function runTestsWithSession() {
const browser = await chromium.launch({ headless: true });
const context = await browser.newContext({
storageState: 'kibana-auth.json' // Load saved session
});
const page = await context.newPage();
// Already authenticated - no CAPTCHA/SMS needed!
await page.goto('http://47.236.247.55:5601/app/home');
// ... run tests ...
}
When to Re-save Cookies
Re-save when:
- •Session expires (typically after days/weeks)
- •You need to test with a different user
- •Cookies are corrupted
Test Credentials
See references/test_config.md for:
- •Basic Auth: elastic / Summer11
- •OAuth: dongdongplanet@1437310945246567.onaliyun.com / Summer11
- •SMS Phone: 18972952966
Validation Checklist
- • Basic auth valid credentials → login successful
- • Basic auth invalid password → error shown
- • OAuth button visible on login page
- • OAuth click → redirects to Aliyun
- • Saved session → bypass CAPTCHA/SMS
- • No JavaScript errors in console
- • Session persists across navigation
- • Logout works correctly
Expected Login Page Behavior
- •OAuth button should be prominent (order: 0 - highest priority)
- •Basic auth should be secondary option (order: 100)
- •Both options visible on login page
- •No console errors on page load
Known Limitations
Full OAuth automation without saved sessions requires manual interaction due to:
- •CAPTCHA challenges on Aliyun login page
- •SMS OTP verification
Solution: Use save_oauth_cookies.py to save an authenticated session once, then reuse it for automated tests.
Troubleshooting
| Issue | Solution |
|---|---|
| Stack not running | Run ./project-starter.sh |
| OAuth redirect mismatch | Check server.publicBaseUrl in kibana.yml |
| ES SSL error | Self-signed cert is expected for dev |
| Playwright can't find elements | Check selectors in test scripts |
| Session expired | Re-run save_oauth_cookies.py to save new session |