Hi, I embed the dashboard iframe to a custom web page, but I am afraid that the url is eavesdroping if some people with bad intentions get the url directly. But I don't want users key in the password every time when the person login to the custom web page.How can I do?
Hi, I embed the dashboard iframe to a custom web page, but I am afraid that the url is eavesdroping if some people with bad intentions get the url directly. But I don't want users key in the password every time when the person login to the custom web page.How can I do?
Is there specific information that you're not wanting to disclose via the URL that you're using with the iframe?
I have installed x-pack, and I found that every time I log in I need to retype account and password.
I think it's a little inconvenient for users.
We store the login information in a cookie that by default doesn't timeout but it is tied to the browser's session storage, so if you close down the browser and re-open it then you'll have to log back in. Do you have xpack.security.sessionTimeout set in your Kibana.yml?
ok, I got it .
Just hope when I enter my external page and load kibana iframe, it needn't type the account and password, and other people can't directly enter the kibana url.
@f26227279 if you have security enabled in Kibana/Elasticsearch, users will always have to login to be able to use Kibana/Elasticsearch, even if Kibana is in an iframe.
If you'd like to embed a secured instance of Kibana in an iframe and not require users to login, you can create a user that has read-only access to Kibana and put a reverse-proxy in-front of Kibana that provides the username/password through Basic Auth header as discussed here
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.