I have a Kibana and Elasticsearch stack running with the following indexes:
When a user in my application is part of a group, his stored index is: users_production_group-name
.
When a user is NOT part of a group, it's: users_production
.
That pattern goes for other types of data beyond just users
and different groups
.
That way, I can limit the data some Kibana user can access. For example, a certain Kibana user may only have read permissions on index pattern *_production_group-1
, other may have users_production_group-2
and still another superuser may have access o *_production*
, giving it unrestricted read rights to all data.
The only requirement for reading a certain type of data then is the credentials someone logging into Kibana has.
That system works just fine, exactly as expected. Maybe a workaround but works great and is simple to implement.
Not only that, but we also needed some data to be publicly accessible, and so I created a reverse proxy for authenticating into a space that contains only that data.
Now for the big problem: we want to embed a Kibana Iframe into a website, the public one is already available using the proxy, but we would like for the user to not have to authenticate twice when dealing with restricted data, once on our website and once in the Iframe.
I have tried sending all sort of funky requests and tricks with the Iframe to allow accessing restricted data, but nothing has worked yet.
Now I'm considering using another reverse proxy that will allow authentication credentials to be sent from the website into itself and passed on to Kibana, somehow.
Has anybody faced a similar problem and solved it?
Am I going on the wrong track here?
Glad for any answers!