Auto authenticating to an embedded Kibana dashboard (on Elastic.co CLOUD)

I have ElasticSearch 5.1 on Elastic.co with a Kibana 5.1 dashboard that I'm embedding into a web app via iframe, protected by XPack authentication.
Is there any way to programmatically provide the user/password so that the user automatically auths and the dashboard is displayed?

hi @Gabriele,

you can do this by passing the login information with a reverse-proxy.

See this thread for more information: Auto-authenticating to iframe-embedded Kibana dashboard.

The example there uses nginx, but other platforms should support a similar setup.

@thomasneirynck since this is a known issue, you can not give a solution to avoid the cross domain problem, such as a GET API for the login in an embedded web-app , instead suggest the use of a proxy?

hi @Gabriele

Do I have it right, you want to be able to do this without a reverse proxy?

As for the CORS issue, that is generally resolved server-side as well (in this case, you would configure this in the reverse proxy too). You'll need to configure the server to allow requests from remote hosts.

You might be interested in this outstanding enhancement request too: https://github.com/elastic/kibana/issues/4453. It calls for a more fine-grained access to Kibana-objects (e.g. a dashboard). Perhaps this is more in line with what you are looking for?

Hi @thomasneirynck,

As for the CORS issue, that is generally resolved server-side as well (in this case, you would configure this in the reverse proxy too). You'll need to configure the server to allow requests from remote hosts.

I do not think it's a possible solution using the Elastic.co cloud service

You might be interested in this outstanding enhancement request too: [Infra UI] Use URL /infrastructure/metrics instead of /metrics by Zacqary · Pull Request #44532 · elastic/kibana · GitHub. It calls for a more fine-grained access to Kibana-objects (e.g. a dashboard). Perhaps this is more in line with what you are looking for?

thank you, but it's not what I'm looking for

Hi @thomasneirynck,

I've tried to use ngix as a reverse-proxy.
But I had this error message:
{"ok":false,"message":"Unknown cluster."}
I'm using an Elastic.co cloud instance.

Could you help me please?
Thx

@michele.pagnin you should probably post this as a separate issue, not tack it onto someone else's. You'll need to provide some information about what you've tried, I imagine, for anyone to be able to help.

Hi @Cylindric
@Gabriele and I are working for the same company and we have the same target.
So, my request in this thread is correct

Ah, you didn't make that clear. I think some information about what you've done to the nginx config will be required though/

@Cylindric, as @thomasneirynck wrote, I have tryed to use nginx as reverse proxy.
This is what I wrote in configuration file:
server {
listen 443;
server_name localhost;

	#root html;
	#index index.html index.htm;

	ssl on;
	ssl_certificate /etc/nginx/ssl/nginx.crt;
    ssl_certificate_key /etc/nginx/ssl/nginx.key;

	ssl_session_cache    shared:SSL:1m;
	ssl_session_timeout 5m;

	#ssl_protocols SSLv3 TLSv1 TLSv1.1 TLSv1.2;
	#ssl_ciphers "HIGH:!aNULL:!MD5 or HIGH:!aNULL:!MD5:!3DES";
	ssl_ciphers  HIGH:!aNULL:!MD5;
	ssl_prefer_server_ciphers on;

	location / {
         proxy_set_header  Host $host;
         proxy_set_header  X-Real-IP $remote_addr;
         proxy_set_header  X-Forwarded-For $proxy_add_x_forwarded_for;
         proxy_set_header  Authorization "Basic XXXXXXXXXXXXXXXXX";
         proxy_pass  https://XXXXXXXXXXXXXX.eu-west-1.aws.found.io/app/kibana;
     }
}
1 Like

@Cylindric, @thomasneirynck

Attention! We are using the application in the Elastic.co cloud

@michele.pagnin

thanks,

not sure about that error message and how this would relate to the cloud cluster.

Do you get that when you are trying to visit any link to a Kibana-page? or just the embedded dashboard links?

@thomasneirynck

We have resolved the issue in the following way:

server {
	listen 443;
	server_name localhost;
	ssl on;
	ssl_certificate /etc/nginx/ssl/nginx.crt;
    ssl_certificate_key /etc/nginx/ssl/nginx.key;
	ssl_session_cache    shared:SSL:1m;
	ssl_session_timeout 5m;
	ssl_ciphers  HIGH:!aNULL:!MD5;
	ssl_prefer_server_ciphers on;

	location / {
	     proxy_set_header  X-Found-Cluster XXXXXX;
         proxy_set_header  Host $host;
         proxy_set_header  X-Real-IP $remote_addr;
         proxy_set_header  X-Forwarded-For $proxy_add_x_forwarded_for;
         proxy_set_header  Authorization "Basic YYYYYY";
         proxy_pass  https://XXXXXX.eu-west-1.aws.found.io;
     }
}

Where XXXXXX is the cluster ID and YYYYYY is the string "username:password" encoded in base64.
Thank to everyone for the support
Bye

2 Likes

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.