How to pass a parameter from Kibana dashboard link to Elasticsearch rest client?


#1

Hi Team,
The elastic stack is great thing which made the log collection and virtualization so easy.
Thank you all for providing such great tools.

I secured my Elasticsearch rest API with an open source plugin, and any access to Elasticsearch http Rest API requires the basic authentication. In my own application, I embed some Kibana dashboards.
My requirement is that: when user accessing my application page which has Kibana dashboard embed, I don't like it to prompt the basic authentication dialog.
So is it possible to bypass the authentication by appending something like a token as a parameter to the Kibana Dashboard link, then Kibana pass this token to Elasticsearch, and I can validate the token in my Elasticsearch plugin.
I knew that we can put the user id/password in url header to bypass, but I don't want to do it like that.

Sample of my dashboard link:
192.168.0.2:5601/app/kibana#/dashboard/myDashboard?_g=()&_a=()&token=***
I found I can set the request header in esFactory, but I don't know how to pass the token to the esFactory. Thank you in advance.

es = esFactory({
host: esUrl,
log: 'info',
requestTimeout: 0,
apiVersion: esApiVersion,
plugins: [function (Client, config) {

            // esFactory automatically injects the AngularConnector to the config
            // https://github.com/elastic/elasticsearch-js/blob/master/src/lib/connectors/angular.js
            _['class'](CustomAngularConnector).inherits(config.connectionClass);
            function CustomAngularConnector(host, config) {
              CustomAngularConnector.Super.call(this, host, config);

              this.request = _.wrap(this.request, function (request, params, cb) {
                if (String(params.method).toUpperCase() === 'GET') {
                  params.query = _.defaults({ _: Date.now() }, params.query);
                }
                **//params.headers={'Authorization': 'Basic ' + btoa('Admin:Admin')};**
                return request.call(this, params, cb);
              });
            }

            config.connectionClass = CustomAngularConnector;
          }]
        });

(Tyler Smalley) #2

There is not currently support for this in Kibana. You might be able to create a plugin to check the token and add the credentials to the request.headers.Authorization before it's passed through to Elasticsearch.


(system) #3