as many before me I am trying to embed Kibana dashboards without the need for the user to authenticate twice (once to our app and once to Kibana). Unluckily our app requires dynamic login because different user should access different dashboards in different spaces, so the nginx reverse proxy in front of Kibana is not an option.
We tried to go through the "POST to /api/security/v1/login" route from our webapp before loading the iframe, but unluckily this clashes against kibana CORS settings, i.e. the preflight OPTIONS request gets denied.
We are using a hosted cluster on cloud.elastic.co, and therefore Kibana's server.cors settings are out of our reach. As it has been suggested in another thread, we could remove the Kibana instance from the cluster and host it ourselves, but that would somehow deny the benefit of a managed cluster.
Are there any plans to improve hosted Kibana configurability in this area?