Embedding Kibana dashboard iframe with authentication

Hello People,

We are using Kibana v7.16.3 in our production.

I know there are lots of similar questions asked regarding this topic and I have gone through many of them but they don't seem to answer my question.

I am trying to embed Kibana dashboard in my react application. Now from what I have read, I have 3 options to do this:

  1. Configure Kibana anonymous access so that dashboard will be loaded without user needing to authenticate again
  2. Configure Nginx between user and Kibana and add proxy authorization header in it
  3. Call /internal/security/login API of Kibana to set a session Cookie and then try to load dashboard in the same session

Now, first option works pretty much as per expectation, it loads dashboard in my application. But since it requires anonymous login, anyone can access dashboard by browsing the public URL of dashboard (if Kibana is reachable which pretty much is in our internal network). So we needed to discard this option.

As for the second option, we are getting 401 for " /api/licensing/info" when we try to login to Kibana (even for other genuine users).

Last option we are still trying to explore, so far we were able to set the cookie but we are facing issue there, getting 431 status code for "/internal/security/login" API. Even if we managed to do this, we still are sending username and password for this API in clear text inside body which is not so desirable.

Can anyone provide a better solution or any alternative in existing solution? It would be really helpful.

Any help is appreciated!

After trying many things, we have reached to a conclusion that we can't embed the dashboards while also having some kind of authentication in place (in community edition).

So far anonymous access works well for us. Configuring nginx with authorization header was never an option for us since it is as good as having anonymous access. While setting session cookie did not help since Kibana starts its own session when dashboard gets loaded in an iframe.

If we find any alternative solution, we will definitely post that here.

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.