Enable CORS on Kibana

Shreyansh_Jain · May 23, 2023, 7:12am

Hi all,

I am using kibana version v 7.17.9
I am trying to use this api endpoint to generate cookies in my front end angular application : "/internal/security/login". But while making a post call from my web application, i am getting cors error on "/internal/security/login".

How to enable CORS on kibana. i am trying to put this is kibana.yml

server.cors.enabled: true
server.cors.credentials: true
server.cors.origin: '*'

But the same is not working. Is it even possible to enable cors in kibana?

Thanks

carly.richmond · May 23, 2023, 8:30am

Hi @Shreyansh_Jain,

Can you explain a bit more about what you are trying to do, and why you need to disable CORS? I found an old discuss thread and GitHub issue and it looks like CORS support in production mode has been removed at least from version 7.6.

Shreyansh_Jain · May 23, 2023, 8:45am

Thanks for your response @carly.richmond . I am trying to make a post api call to "/internal/security/login" from my web application. But it is giving me CORS error.

Basically i want to authenticate the kibana based on the cookie that this endpoint "/internal/security/login" generates.

Is there any way i can enable CORS to * or make this api work so that i am able to call it and get the response?

carly.richmond · May 23, 2023, 9:59am

Why do you need to ping the login API from your web application? Are you trying to embed a Kibana dashboard within your app?

Shreyansh_Jain · May 23, 2023, 11:50am

Hi @carly.richmond , yes I’m trying to embed the kibana dashboard into other application.

If not this, can you please let me know any other alternatives for my use case?
Where I’m able to do basic authentication for embedding the dashboards into my app.

carly.richmond · May 23, 2023, 12:35pm

Thanks for confirming @Shreyansh_Jain. You can embed the dashboard in an iframe. I would recommend checking out the Embed code guide in the documentation.

For authentication I would have a look at the below options to see if either works for you:

Shreyansh_Jain · May 23, 2023, 12:52pm

Thanks for your response @carly.richmond .
I went through the above links.
one of them says that "it’s highly advisable to configure Kibana as a part of the SSO setup". Now, i use okta SSO as idp and protocol for authentication to my web application.
But i think SSO authentication is not available for open source and community version of elastic and kibana (Please correct me if i am wrong). This is the reason why i was trying out the login api to set cookies and authenticate using basic auth. If not SSO, can you please let me know any other auth like basic auth which i can use in my free tier of elastic and kibana?

Really appreciate your prompt responses @carly.richmond

carly.richmond · May 24, 2023, 9:09am

Hi @Shreyansh_Jain,

You're right that the SAML integration is a licensed feature for platinum and above as covered in the feature matrix.

When embedding a dashboard it will pop up with the sign in screen initially. If that's not ideal I would have a potential look at the anonymous access embedding, or the xpack.security.sameSiteCookies option.

Shreyansh_Jain · May 25, 2023, 7:30am

Thanks @carly.richmond . I am very close to the solution. Can you please point me to a documentation which tells me what changes to be done in kibana to configure cookie based authentication for kibana iframe embedded in a web application.

What are the config changes that needs to be done so that kibana iframe url picks up the "sid" cookie automatically.

carly.richmond · May 25, 2023, 8:32am

Hi @Shreyansh_Jain,

Are you referring to configuration on the Kibana side or your app containing the iframe? The documentation covering Kibana cookie settings is available here. I see the default value for the cookie name attribute is sid but perhaps some of the other properties need tweaking with your setup?

Shreyansh_Jain · June 1, 2023, 7:40am

Thanks @carly.richmond. I am able to set the cookie "sid" on my web application where i have embedded the iframe url.
But the iframe embed url is not getting auto logged in.

I have not made any changes in the kibana.yml yet to enable basic auth. Can you please point me toward the changes which i need to make so that iframe url picks the cookie already set for its domain.

Quite close to the solution though. Thanks to you @carly.richmond

carly.richmond · June 1, 2023, 8:59am

Have you enabled the xpack.security.sameSiteCookies option mentioned above in your config? From this thread that looks to be the missing piece.

Shreyansh_Jain · June 6, 2023, 4:33am

@carly.richmond thanks for this. At the Last Step, i'm facing this issue. I'm putting my kibana.yml and error i am encountering while reading cookie automatically from the browser.

My Kibana.yml :

pid.file: /opt/bitnami/kibana/tmp/kibana.pid
    server.host: "::"
    server.port: 5601
    elasticsearch.hosts: [https://elasticsearch:9200]
    server.rewriteBasePath: true
    xpack.security.sameSiteCookies: None
    xpack.security.secureCookies: true
    xpack.security.authc.providers: [basic]
    xpack.security.session.lifespan: 0
    xpack.security.cookieName: "sid"

Error at Kibana Instance :

[2023-06-06T04:29:08.883+00:00][INFO ][plugins.security.routes] Logging in with provider "basic" (basic)
[2023-06-06T04:29:21.413+00:00][INFO ][plugins.security.authentication] Authentication attempt failed: UNEXPECTED_SESSION_ERROR

Please help here. As discussed earlier, i am able to set the cookie as "sid" for the cross domain but i'm unable to auto login.

system · July 4, 2023, 4:34am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.