Embedded Kibana dashboard login page keeps reloading back to the same page

I'm still new to Kibana and when I try to embed my Kibana dashboard by giving it anonymous access, it keeps refreshing itself without me doing anything. Gif below for illustration.
Animation
This is the code I used in my kibana.yml file for anonymous access

xpack.security.authc.providers:
    basic.basic1:
        order: 0
    anonymous.anonymous1:
        order: 1
        credentials:
            username: "anonymous1"
            password: "changeme"

I've also done auth_provider_hint=anonymous1 in my iFrame code:
<iframe src="http://localhost:5601/app/dashboards?auth_provider_hint=anonymous1#/view/f4d17e40-3ae3-11ec-838d-cba5e7ef064e?embed=true&_g=(...)" height="600" width="800"></iframe>

In my Kibana, I also create a new user called anonymous1 and given him a custom role which basically gives the user full access to Kibana.
I've also tried logging into anonymous1 through Kibana UI and I am indeed able to utilize Kibana fully as seen from the picture below.


User created for anonymous1:

Privileges I gave to anonymous-role picture 1:

picture 2:

Any advice will be greatly appreciated! Thank you for your time!

Which version of the stack you are on please?
@azasypkin can we please get some help?

Thanks,
Bhavya

Hello @bhavyarm thank you for your reply

I am currently using 7.15.0 for both Elasticsearch & kibana

Hi @Arrick ,

The configuration looks correct to me (except that the anonymous1 user is a way too powerful, please reduce the permissions if/when you expose Kibana to the internet).

Let's try to figure out what's going on here:

  • Have you tried setting xpack.security.sameSiteCookies to "None" as described here?
  • Can you try to open the tab with embedded Kibana in a private window? I just want to make sure you don't have any old cookies (you can also explicitly remove all Kibana-specific cookies with browser dev tools).
  • If two previous points don't help, can you please record and share a HAR file so that we can see how these infinite redirects look like exactly? It will also might help if you enable verbose logging for Kibana and share the relevant logs:
logging:
  loggers:
    - name: plugins.security
      appenders: [console]
      level: debug

--
Oleg

1 Like

Hello @azasypkin thank you for your reply!
My embedded works perfectly now when I started to use a new browser (FireFox) instead.

I assume I did have a cookies issue with google chrome.
I did try to use xpack.security.sameSiteCookies: "None" in my kibana.yml file but I received an error when trying to enter the website. But that should not be an issue since I know its a cookies error now.
For anonymous1 I will reduce its power as I just wanted to make sure I have full access when logging in.
Thank you for the help and advice! Really appreciate it!

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.