AgentSkillsCN

kibana-auth-validation

使用 Playwright MCP 对 http://47.236.247.55:5601 上的 Kibana 堆栈进行身份验证验证。支持基础认证(Elastic/Summer11)以及阿里云 RAM OAuth 的验证。当您需要运行身份验证回归测试、验证 OAuth 登录流程、检查 JavaScript 错误、测试会话管理,或在配置变更后验证登录功能时,可调用此技能。

SKILL.md
--- frontmatter
name: kibana-auth-validation
description: Kibana authentication validation using Playwright MCP for the stack at http://47.236.247.55:5601. Validates basic auth (elastic/Summer11) and Aliyun RAM OAuth. Use when running authentication regression tests, verifying OAuth login flow, checking for JavaScript errors, testing session management, or validating login after configuration changes.

Kibana Authentication Validation

Validates Kibana authentication methods (Basic Auth + Aliyun RAM OAuth) using Playwright MCP with headless Chromium.

Quick Start

bash
# Check stack health first
curl -sk -u elastic:Summer11 https://127.0.0.1:9200/_cluster/health
curl -s http://localhost:5601/api/status

If stack not running, start it:

bash
cd /home/denny/projects/kibana-9.2.4
./project-starter.sh

Validation Workflow

Step 1: Prerequisites Check

Verify stack is healthy and both services are accessible:

Step 2: Choose Test Suite

Basic Auth Validation - Run for regression testing:

bash
python3 scripts/validate_basic_auth.py

OAuth Validation - Run for OAuth flow testing:

bash
python3 scripts/validate_oauth.py

Step 3: Run Playwright Tests

Use Playwright MCP with headless Chromium to execute the tests generated by the scripts above.

Key Playwright locators for Kibana login:

javascript
// Basic auth form
page.locator('form').filter({ hasText: /username|password/i })

// OAuth button
page.getByText(/aliyun|ram|阿里云/i)

// Login button
page.locator('button[type="submit"]')

OAuth Session Persistence

To bypass CAPTCHA and SMS OTP in automated tests, save an authenticated session once and reuse it:

Save OAuth Cookies (One-Time Setup)

Run the interactive cookie saver:

bash
python3 scripts/save_oauth_cookies.py

This will:

  1. Launch a headed Chromium browser
  2. Navigate to Kibana login page
  3. Wait for you to complete OAuth login manually (with CAPTCHA/SMS)
  4. Save cookies/session to kibana-auth.json

Use Saved Cookies in Tests

javascript
const { chromium } = require('playwright');

async function runTestsWithSession() {
  const browser = await chromium.launch({ headless: true });
  const context = await browser.newContext({
    storageState: 'kibana-auth.json'  // Load saved session
  });
  const page = await context.newPage();

  // Already authenticated - no CAPTCHA/SMS needed!
  await page.goto('http://47.236.247.55:5601/app/home');
  // ... run tests ...
}

When to Re-save Cookies

Re-save when:

  • Session expires (typically after days/weeks)
  • You need to test with a different user
  • Cookies are corrupted

Test Credentials

See references/test_config.md for:

Validation Checklist

  • Basic auth valid credentials → login successful
  • Basic auth invalid password → error shown
  • OAuth button visible on login page
  • OAuth click → redirects to Aliyun
  • Saved session → bypass CAPTCHA/SMS
  • No JavaScript errors in console
  • Session persists across navigation
  • Logout works correctly

Expected Login Page Behavior

  1. OAuth button should be prominent (order: 0 - highest priority)
  2. Basic auth should be secondary option (order: 100)
  3. Both options visible on login page
  4. No console errors on page load

Known Limitations

Full OAuth automation without saved sessions requires manual interaction due to:

  • CAPTCHA challenges on Aliyun login page
  • SMS OTP verification

Solution: Use save_oauth_cookies.py to save an authenticated session once, then reuse it for automated tests.

Troubleshooting

IssueSolution
Stack not runningRun ./project-starter.sh
OAuth redirect mismatchCheck server.publicBaseUrl in kibana.yml
ES SSL errorSelf-signed cert is expected for dev
Playwright can't find elementsCheck selectors in test scripts
Session expiredRe-run save_oauth_cookies.py to save new session