Kibana auto login (with security enabled)

borisr84 · December 26, 2021, 12:37pm

Hi,
I've enabled Kibana security with x-pack security and now when I access Kibana UI I need to provide credentials.
My preferred behavior is to authenticate users automatically (as my system already has a login screen so I do not want to force users to login again when access to logs is needed).
I've seen the following post:
Kibana default basic auth - #2 by Brandon_Kobel
However, I prefer providing the credentials from code and not hard coded in the reverse proxy (e.g. NGINX).
Is there a way to do it via an API while still allowing me to access the Kibana UI with credentials if I access the Kibana directly (i.e. for cases when I want to login with a different user, for example - a more privileged one)?
i.e. something like the /internal/security/login API, but official?

Thanks!

lukeelmers · December 29, 2021, 7:10pm

Hey there,

It sounds like you might want to look into anonymous access, which would allow you to specify an existing user account to automatically log users in with. But this is assuming that:

your Kibana deployment is already protected behind your own authentication system
you want your users to access Kibana via a shared/service account
you aren't interested in using SSO (SAML/Kerberos/OIDC)

Is there a way to do it via an API while still allowing me to access the Kibana UI with credentials if I access the Kibana directly (i.e. for cases when I want to login with a different user, for example - a more privileged one)?

For this case, you could configure the auth providers to still allow for basic auth, in addition to guest/anonymous access, so that you are able to choose an option at login.

Krithika_Natarajan · January 3, 2022, 1:49pm

How to authenticate Kibana login API without nginix proxy server? Please suggest me any ideas. I tried AJAX call but getting CORS issue.
$.ajax({

    type: "POST",

    url: "https://****:5601/internal/security/login",

    data: {

'providerType':'basic',

         'providerName': 'basic',

         "currentURL": "/",

        "params": JSON.stringify({username: 'username',password:'password'})

    },

    headers: {

        'Authorization': 'Basic ****************',

        'kbn-version': '7.15.2',

        'kbn-xsrf': 'reporting',

    },

    success: function(){},

    dataType: "json",

    contentType : "application/json"

});

borisr84 · January 4, 2022, 10:42am

Hi,
You can do this using the following code (however do note that this is internal API, i.e. it might change tomorrow or be deleted and your code will stop working, that's why I'm looking for a different API/solution):

fetch('https://YOUR_URI_PREFIX/internal/security/login', {
method: 'POST',
body: JSON.stringify({
    providerType: "basic",
    providerName: "basic",
    currentURL: "https://YOUR_URI_PREFIX/logs/app/discover#",
    params: {
        username: "log_viewer_user",
        password: "log_viewer_user_pass"
    }
}),
headers: {
    "Content-Type": "application/json",
    "kbn-version": "7.15.2",
    "kbn-system-request": "true"
}
}).then(async res => res.json()).then(d => console.log(d))

Where YOUR_URI_PREFIX can be 'localhost', for example.

Krithika_Natarajan · January 4, 2022, 10:57am

Thanks for your reply. I tried the above code. But still getting CORS issue
"Access to fetch at 'https://****/internal/security/login' from origin '*****' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource. If an opaque response serves your needs, set the request's mode to 'no-cors' to fetch the resource with CORS disabled."

system · February 1, 2022, 10:57am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.