Anonymous access on iframe but sign in otherwise

I am creating a web app that has kibana iframes embedded that I would like to not require sign in for them. I have read all of the elastic forums and githubs but I still can't figure out how to allow this.

When I use the settings I posted below, the iframe doesn't need auth and neither when I access kibana directly. However, I'm unable to sign in with another user so that I can do admin work.
On the top right, I can click on the user, and it says "Sign In" I press that, it signs me out, and then there's another "Sign In" screen, and upon pressing that, I'm back to the same anonymous user. If I add:

xpack.security.authc.providers:
  basic.basic1:
    order: 1

to elasticsearch.yml, then I have to click on the anonymous sign in to make that work. What am I missing?

elasticsearch.yml

xpack.security.enabled: true
xpack.security.authc:
  anonymous:
    username: anonymous_user
    roles: public
    authz_exception: false

kibana.yml

xpack.security.enabled: true
xpack.security.authc.providers:
  anonymous.anonymous1:
    order: 1
    credentials:
      username: "user"
      password: "pw"

Hi @seanziee ,

You Kibana authentication configuration should look like this:

xpack.security.authc.providers:
  basic.basic1:
    order: 1
  anonymous.anonymous1:
    order: 2
    credentials:
      username: "user"
      password: "pw"

With this configuration you don't need to enable anonymous access in elasticsearch.yml (it's even discouraged if you don't need it). The only thing you're missing is the auth_provider_hint=anonymous1 query string parameter in your iframe URL, read more about here. In 7.11 you need to add this parameter manually, but since Kibana 7.12 there will be a UI toggle for that instead.

Best,
Oleg

Oh ok thanks! I thought that the key for the hint was going to be the username, not anonumous1. It works now, thanks!

I'll remove the elasticsearch anon!

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.