I'm trying to embed kibana to an intranet site our users have access to, I want to do it as close as possible to a seamless no user input authentication. We are using 7.8 and cannot upgrade, we have authentication setup via an ldap realm. We use other services to get user accessible data via a service user and the run_as header passing the users full dn in as a value. This all works finer and i want to use the same premise for the embedded interface.
The intranet knows and has access to the users full dn when they load the site, i'm trying to have the user authenticated in a similar way to the service users we already use. Such that the service user is who login in to kibana but runs as the dn user with their roles and such. I tried to implement token authentication detailed here (Authentication in Kibana | Kibana Guide [7.8] | Elastic) but it seems this cannot be used how i assumed where the user is authenticated, a token returned and we can use that to do everything in kibana. I can get the token but cant enter it in the login screen.
Any suggestions on how to have the user authenticated but avoid the user having to sign in with their full dn. I have read that a reverse proxy can be used to achieve this [x] and [x] written in 2016/17 but then [x] and [x] saying even that will not work.