Authenticating to iframe-embedded Kibana dashboard


(rupaln) #1

Hi,
We have shield protected kibana dashboard embedded as iframe in our UI. We need to be able to pass authentication headers to the dashboard so that the reports can display without the user having to put credentials again. How can we pass the auth headers to kibana from UI?


Auto-authenticate Kibana 5.3 dashboard embedded in iframe
By passing the login page in the embedded Iframe
(Felix Stürmer) #2

Hi @rupaln,

please take a look at this previous thread. The suggestions made therein still appear to be valid.


Kibana public visualization
(rupaln) #3

We do have a nginx proxy but can not hard code the basic-auth header as it is in cloud environment. Is there any way we can pass the authorization header with each request to kibana.


(Felix Stürmer) #4

In that case you will have to rely on the browser to add the header. Some browser do that when the url contains credentials as in https://user:password@my-kiba.na, but not all browsers do that due to the inherent security problems. You could also try to perform a pre-flight ajax request to Kibana from JavaScript code on the page containing the iframe. There you should be able to pass authentication headers and thus let Kibana set a session cookie for the domain. This cookie should then be recognized by subsequent requests to Kibana. In order to permit the request from JavaScript code though you would have add CORS headers to your Kibana responses or proxy it through the same host the embedding page is served from.


(rupaln) #5

Thanks. Will give it a try.


No handler found for uri [/api/security/v1/login] for auto-authentication embedded iframe
(rupaln) #6

We tried preforming pre-flight ajax request with authentication headers but do not see the cookie getting created. Is there any configuration setting that we have to enable?


(Felix Stürmer) #7

Sorry for the delay, @rupaln and sorry for giving incomplete advice.

I was able to get the Kibana server to respond with a cookie header by POSTing to /api/security/v1/login with a JSON request body of

{
    "password": "<YOURPASSWORD>",
    "username": "<YOURUSERNAME>"
}

and the appropriate kbn-version: 5.1.1 header.


Auto-authenticate Kibana 5.3 dashboard embedded in iframe
Authenticate on Kibana 6.0.0 with a post
Ajax call to open the Kibana page
Can't set cookie from login kibana 5.4.0
Custom realm and parsing request params
(rupaln) #8

We are using kibana version 4.6.1. When I tried posting to /api/security/v1/login, I got 404.


(Felix Stürmer) #9

Sorry, about that - I'm mostly living in a 5.x world by now and i would recommend everyone to upgrade :wink: You might be able to achieve the same thing using /api/shield/v1/login instead on Kibana 4.x + Shield 2.x.


(system) #10

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.