Authenticating to iframe-embedded Kibana dashboard

We have shield protected kibana dashboard embedded as iframe in our UI. We need to be able to pass authentication headers to the dashboard so that the reports can display without the user having to put credentials again. How can we pass the auth headers to kibana from UI?


Hi @rupaln,

please take a look at this previous thread. The suggestions made therein still appear to be valid.

We do have a nginx proxy but can not hard code the basic-auth header as it is in cloud environment. Is there any way we can pass the authorization header with each request to kibana.

In that case you will have to rely on the browser to add the header. Some browser do that when the url contains credentials as in, but not all browsers do that due to the inherent security problems. You could also try to perform a pre-flight ajax request to Kibana from JavaScript code on the page containing the iframe. There you should be able to pass authentication headers and thus let Kibana set a session cookie for the domain. This cookie should then be recognized by subsequent requests to Kibana. In order to permit the request from JavaScript code though you would have add CORS headers to your Kibana responses or proxy it through the same host the embedding page is served from.

1 Like

Thanks. Will give it a try.

We tried preforming pre-flight ajax request with authentication headers but do not see the cookie getting created. Is there any configuration setting that we have to enable?

Sorry for the delay, @rupaln and sorry for giving incomplete advice.

I was able to get the Kibana server to respond with a cookie header by POSTing to /api/security/v1/login with a JSON request body of

    "password": "<YOURPASSWORD>",
    "username": "<YOURUSERNAME>"

and the appropriate kbn-version: 5.1.1 header.

We are using kibana version 4.6.1. When I tried posting to /api/security/v1/login, I got 404.

Sorry, about that - I'm mostly living in a 5.x world by now and i would recommend everyone to upgrade :wink: You might be able to achieve the same thing using /api/shield/v1/login instead on Kibana 4.x + Shield 2.x.

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.