Embedded kibana authentication

I'm trying to embed kibana to an intranet site our users have access to, I want to do it as close as possible to a seamless no user input authentication. We are using 7.8 and cannot upgrade, we have authentication setup via an ldap realm. We use other services to get user accessible data via a service user and the run_as header passing the users full dn in as a value. This all works finer and i want to use the same premise for the embedded interface.

The intranet knows and has access to the users full dn when they load the site, i'm trying to have the user authenticated in a similar way to the service users we already use. Such that the service user is who login in to kibana but runs as the dn user with their roles and such. I tried to implement token authentication detailed here (Authentication in Kibana | Kibana Guide [7.8] | Elastic) but it seems this cannot be used how i assumed where the user is authenticated, a token returned and we can use that to do everything in kibana. I can get the token but cant enter it in the login screen.

Any suggestions on how to have the user authenticated but avoid the user having to sign in with their full dn. I have read that a reverse proxy can be used to achieve this [x] and [x] written in 2016/17 but then [x] and [x] saying even that will not work.

Any help?

So follow up, didn't do this in the end. It was possible to do it with tokens, to have a service user, pass the users details in a run_as header get a token and set the Authorisation header for kibana to the token. Iframes dont support using headers and it was more hassle to build a reverse proxy and use that in between. As I am using LDAP it was a simpler implementation to use the PKI realm, have the user pass a pki and delegate auth to ldap. Works in the same way as entering your ldap details but less effort for the users.

Good luck if you find yourself in this position!

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.