Hi, I embed the dashboard iframe to a custom web page, but I am afraid that the url is eavesdroping if some people with bad intentions get the url directly. But I don't want users key in the password every time when the person login to the custom web page.How can I do?
thank you in advance!
I have installed x-pack, and I found that every time I log in I need to retype account and password.
I think it's a little inconvenient for users.
Hi, I embed the dashboard iframe to a custom web page, but I am afraid that the url is eavesdroping if some people with bad intentions get the url directly. But I don't want users key in the password every time when the person login to the custom web page.How can I do?
Is there specific information that you're not wanting to disclose via the URL that you're using with the iframe?
I have installed x-pack, and I found that every time I log in I need to retype account and password.
I think it's a little inconvenient for users.
We store the login information in a cookie that by default doesn't timeout but it is tied to the browser's session storage, so if you close down the browser and re-open it then you'll have to log back in. Do you have xpack.security.sessionTimeout set in your Kibana.yml?
ok, I got it .
Just hope when I enter my external page and load kibana iframe, it needn't type the account and password, and other people can't directly enter the kibana url.
@f26227279 if you have security enabled in Kibana/Elasticsearch, users will always have to login to be able to use Kibana/Elasticsearch, even if Kibana is in an iframe.
If you'd like to embed a secured instance of Kibana in an iframe and not require users to login, you can create a user that has read-only access to Kibana and put a reverse-proxy in-front of Kibana that provides the username/password through Basic Auth header as discussed here
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.