How to pass dynamic username-password through nginx for authenticating embedded iframe

Elastic Stack Kibana
1

I have a web application created using angular 8 in which I want to embed a kibana iframe. it should auto signin once the user logs in. I have done it using nginx reverse proxy method for one user. But I have to show different spaces to different users logging in to application. I tried to send the base64 credentials from queryparams to nginx and there adding it dynamically. But it still shows not authorised error on browser.

Where am I going wrong? Below is my nginx code:

www.kibana.example.com/kibana/?basic_auth=base64unamepass

location /kibana/ {
    set $abc 0;
    if ($arg_basic_auth) {
        set $abc $arg_basic_auth;
    }
    proxy_set_header Host $host;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    # proxy_set_header Authorization "Basic (base64 uname:pass)"; #this works properly
    proxy_set_header Authorization "Basic $abc"; #but this dosent
    proxy_pass http://0.0.0.0:5601/;
}

Where exactly am I be going wrong?

2

As the hardcoded base64 authorization works fine for you, this looks more like an nginx config issue than a Kibana issue. I would suggest looking at the request nginx forwards to Kibana (either by using a mitm-tool like socat or by replacing Kibana by a webserver which logs the whole request including headers) to see what's happening there. That should give you more insight.

I have almost no experience configuring nginx, but what I suspect here is $arg_basic_auth being a decoded form of the basic auth string which has to be re-encoded somehow.

3

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.