Hi,
I have a multitenant web application in which each user will have its own Kibana dashboard embeded in an iframe. I have set up users and roles in elasticsearch with the required priviledges for each user to only access its own dashboard. However the iframe prompt the kibana login page before loading, forcing the client to authenticate. I want to get rid of this.
I'm aware of the number of posts in this forum about it, but so far there is no satisfactory solution.
I have tried the following:
POST /api/security/v1/login HTTP/1.1
Host: <kibana_cloud_url>:9243
kbn-version: 7.7.0
Content-Type: application/json
{"username":"user","password":"password"}
When invoked from postman I get back an authentication cookie but when invoking it from my code in javascript I get the following error.
Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at <kibana_cloud_url>:9243/internal/security/login. (Reason: CORS header 'Access-Control-Allow-Origin' missing)
According to this post Unable to perform login on kibana throught browser javascript api call
this is due to CORS not being enabled in Kibana.
Is there any update on that answer?
The other option I have come across is the reverse proxy, however I don't see how can I make that work with Kibana on the cloud and with the dynamic nature of my use case (I dynamically acquire the user credentials to authenticate the dashboard)
Help will be appreciated.
Thanks.