We are using Kibana v7.16.3 in our production.
I know there are lots of similar questions asked regarding this topic and I have gone through many of them but they don't seem to answer my question.
I am trying to embed Kibana dashboard in my react application. Now from what I have read, I have 3 options to do this:
- Configure Kibana anonymous access so that dashboard will be loaded without user needing to authenticate again
- Configure Nginx between user and Kibana and add proxy authorization header in it
- Call /internal/security/login API of Kibana to set a session Cookie and then try to load dashboard in the same session
Now, first option works pretty much as per expectation, it loads dashboard in my application. But since it requires anonymous login, anyone can access dashboard by browsing the public URL of dashboard (if Kibana is reachable which pretty much is in our internal network). So we needed to discard this option.
As for the second option, we are getting 401 for " /api/licensing/info" when we try to login to Kibana (even for other genuine users).
Last option we are still trying to explore, so far we were able to set the cookie but we are facing issue there, getting 431 status code for "/internal/security/login" API. Even if we managed to do this, we still are sending username and password for this API in clear text inside body which is not so desirable.
Can anyone provide a better solution or any alternative in existing solution? It would be really helpful.
Any help is appreciated!