Embedding Kibana dashboard in HTML Anonymously

Hi there,

I am using latest Elasticsearch and Kibana version through Elastic Cloud.

I wish to embed a Kibana dashboard into a HTML, but I seem to have encountered some problems.
I have tried the options to setup the NGINX headers.

proxy_set_header  Host $host;
proxy_set_header  X-Real-IP $remote_addr;
proxy_set_header  X-Forwarded-Host $proxy_add_x_forwarded_for;
proxy_set_header  X-Found-Cluster <CLUSTER_ID>;
proxy_set_header  Authorization "Bearer <API TOKEN>";
proxy_pass  <KIBANA URL>;

With those settings, I get the error:

{"ok":false,"message":"Unknown resource."}

When I do not pass the Host and X-Found-Cluster proxy_headers, I get the following error:

"message":"[security_exception] missing authentication credentials for REST request [/_security/_authenticate], with { header={ WWW-Authenticate={ 0=\"Basic realm=\\\"security\\\" charset=\\\"UTF-8\\\"\" & 1=\"Bearer realm=\\\"security\\\"\" & 2=\"ApiKey\" } } }"

The API Key was generated with the Python Elasticsearch SDK and the User that creates this API key is Superuser on Elasticsearch.

es_security = SecurityClient(es)
api_key = es_security.create_api_key({
  "name": "my_api_key_name", # Normally dynamic, now hardcoded for demo
  "role_descriptors": {
    "superuser-role": { 
      "cluster": ["all"],
      "index": [
          "names": ["*"], # All indices to test
          "privileges": ["all"] # All Privileges to test

I am developping locally and I have no way to generate an SSL certificate for my local machines.

I found out there was a security option to allow an anonymous user, but I can't seem to get that setup in Elastic Cloud, which I am using now.

Is there any way to embed a whole Kibana Space without requiring a user login?

I noticed that you've got the wrong authorization value prefix:

proxy_set_header  Authorization "Bearer <API TOKEN>";

According to the docs, it should look like this:

proxy_set_header  Authorization "ApiKey <API TOKEN>";

That prefix tells Kibana what authentication provider to use when dealing with this credential.

If that doesn't work, can you try to test it directly against Kibana? Keep in mind the token must be base64-encoded first. E.g.,

curl --location --request GET 'http://localhost:5601/api/security/role' \
--header 'Content-Type: application/json;charset=UTF-8' \
--header 'kbn-xsrf: true' \
--header 'Authorization: ApiKey aVZlLUMzSUJuYndxdDJvN0k1bU46aGxlYUpNS2lTa2FKeVZua1FnY1VEdw==' \

Elastic Cloud will allow you to use the anonymous user for Elasticsearch, you just have to create one or more roles for that user. However, Elasticsearch anonymous access can't currently be used in Kibana. We made an enhancement to enable this though, and it's expected to be included in the 7.11 release!

Starting in 7.11, you'll also be able to configure your own anonymous access all within in Kibana (for example, using the API key you generated).

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.