Briefly, this error occurs when a user tries to use the “run as” header for authentication in Elasticsearch, which is not supported. This feature allows one user to impersonate another, but it’s not enabled by default. To resolve this issue, you can either disable the use of the “run as” header in your client or enable it in Elasticsearch by setting the “run_as_enabled” to true in the role definition. Also, ensure that the user has the “manage_token” privilege.
This guide will help you check for common problems that cause the log ” ignore run-as header since it is currently not supported for authentication [{}] ” to appear. To understand the issues related to this log, read the explanation below about the following Elasticsearch concepts: plugin.
Log Context
Log “ignore run-as header since it is currently not supported for authentication [{}]” classname is AuthenticatorChain.java.
We extracted the following from Elasticsearch source code for those seeking an in-depth context :
finishAuthentication(context; authentication; listener); return; } if (false == authentication.supportsRunAs(anonymousUser)) { logger.info("ignore run-as header since it is currently not supported for authentication [{}]"; authentication); finishAuthentication(context; authentication; listener); return; } // Now we have a valid runAsUsername