Hi,
I have a question regarding authenticating Kibana embedded dashboards in another web app and would be grateful if someone could point me in the right direction.
Our current setup is Nginx -> Reverse Proxy -> Kibana and this part is working great when using Kibana on its own. We have our own customer app on the same server hosted by Nginx and I am attempting to embed some dashboards from Kibana inside this app.
As it stands, each customer has their own space in Kibana.
For extra clarity we are using stack version 7.6 and we're on a BASIC licence right now.
So far I have successfully embedded an iframe as per the documentation and I setup BASIC auth in our nginx config file and the mechanism does work, however I have found the following problems:
-
I can only set the BASIC auth key in the Nginx config instead of at runtime - this means anyone with the hostname can access Kibana. I've tried locking it down in the kibana group config but I need to leave enough access for the dashboards to work but this exposes customer data.
-
Setting aside security concerns, the setup above is good for one customer/space, but I need a lot of them. I had considered a hostname per customer/space and I could live with that but I'd be back to the same security problem.
I have also considered hosting kibana on a server behind our public webservers and then making requests internally although I'd have to figure out how to make this work with an iframe (which is probably out of the scope of this topic).
I am a relatively new user to the ELK stack so it could be my lack of understanding and so I thought it wise to ask others before I get in too deep in the wrong direction.
Has anyone ever come up with a solution to this problem? If so I would appreciate any tips/comments to point me in the right direction.
Side note: I am aware there are more authentication options in a higher licence of ELK but at the moment my company won't justify purchasing a licence - although if that is my only option then I'll have to report that back as such.
Thanks in advance
Mark