Embedding Kibana dashboard in HTML Anonymously

nathansegers · November 25, 2020, 12:07pm

Hi there,

I am using latest Elasticsearch and Kibana version through Elastic Cloud.

I wish to embed a Kibana dashboard into a HTML, but I seem to have encountered some problems.
I have tried the options to setup the NGINX headers.

proxy_set_header  Host $host;
proxy_set_header  X-Real-IP $remote_addr;
proxy_set_header  X-Forwarded-Host $proxy_add_x_forwarded_for;
proxy_set_header  X-Found-Cluster <CLUSTER_ID>;
proxy_set_header  Authorization "Bearer <API TOKEN>";
proxy_pass  <KIBANA URL>;

With those settings, I get the error:

{"ok":false,"message":"Unknown resource."}

When I do not pass the Host and X-Found-Cluster proxy_headers, I get the following error:

{
"statusCode":401,
"error":"Unauthorized",
"message":"[security_exception] missing authentication credentials for REST request [/_security/_authenticate], with { header={ WWW-Authenticate={ 0=\"Basic realm=\\\"security\\\" charset=\\\"UTF-8\\\"\" & 1=\"Bearer realm=\\\"security\\\"\" & 2=\"ApiKey\" } } }"
}

The API Key was generated with the Python Elasticsearch SDK and the User that creates this API key is Superuser on Elasticsearch.

es_security = SecurityClient(es)
api_key = es_security.create_api_key({
  "name": "my_api_key_name", # Normally dynamic, now hardcoded for demo
  "role_descriptors": {
    "superuser-role": { 
      "cluster": ["all"],
      "index": [
        {
          "names": ["*"], # All indices to test
          "privileges": ["all"] # All Privileges to test
        }
       ]
    }
}})

I am developping locally and I have no way to generate an SSL certificate for my local machines.

I found out there was a security option to allow an anonymous user, but I can't seem to get that setup in Elastic Cloud, which I am using now.

Is there any way to embed a whole Kibana Space without requiring a user login?

jportner · December 2, 2020, 3:05pm

I noticed that you've got the wrong authorization value prefix:

proxy_set_header  Authorization "Bearer <API TOKEN>";

According to the docs, it should look like this:

proxy_set_header  Authorization "ApiKey <API TOKEN>";

That prefix tells Kibana what authentication provider to use when dealing with this credential.

If that doesn't work, can you try to test it directly against Kibana? Keep in mind the token must be base64-encoded first. E.g.,

curl --location --request GET 'http://localhost:5601/api/security/role' \
--header 'Content-Type: application/json;charset=UTF-8' \
--header 'kbn-xsrf: true' \
--header 'Authorization: ApiKey aVZlLUMzSUJuYndxdDJvN0k1bU46aGxlYUpNS2lTa2FKeVZua1FnY1VEdw==' \

jportner · December 2, 2020, 3:18pm

Elastic Cloud will allow you to use the anonymous user for Elasticsearch, you just have to create one or more roles for that user. However, Elasticsearch anonymous access can't currently be used in Kibana. We made an enhancement to enable this though, and it's expected to be included in the 7.11 release!

Starting in 7.11, you'll also be able to configure your own anonymous access all within in Kibana (for example, using the API key you generated).

system · December 30, 2020, 3:18pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Embedding Kibana dashboard iframe with authentication Kibana	2	2410	September 22, 2022
On embedding Kibana Iframe to a portal, Kibana don't ask for any credentials even after Basic license enabled Kibana	3	983	May 17, 2020
Embed dashboard in Elastic Observability	2	191	June 14, 2024
Unable to embed Kibana dashboard on a reverse proxy server using Nginx Kibana	3	1494	August 12, 2021
Embed Kibana 7.3.1 in iframe behind nginx? Kibana	4	1492	September 27, 2019

Embedding Kibana dashboard in HTML Anonymously

Related topics