Hello Community, I have struggled with this for a bit now. How are others embedding Kibana in a custom app? What I am trying to do is as follows.
When a user logs in to our internal app, depending on their permission they have access to kibana or not. I need to load Kibana in our custom app. This can be done via iframe but setting credentials or auth headers on an iframe is unsafe. If we dont setup the creds on the iframe, the iframe will require a second authentication.
I have tried using NGINX and have it setup auth headers, but the issue is same, if someone hits the URL directly, then the will auto authenticate. Any ideas on how to achieve this?
Currently the only way we support this without requiring a second authentication is if you're using our SAML or OIDC authentication realms. If this isn't an option for you, you will either have to require the users to log in again or use a proxy as you mentioned.
We have had requests for supporting an anonymous user and if you think that would support your use case, we'd love to hear more about it in that Github issue (or even a simple on the issue helps us prioritize).
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.
on the issue helps us prioritize).