Kibana iframe with Token (Authentication purpose)

vishal_M · November 13, 2019, 4:24pm

Hello Team,

I have integrated the Kibana dashboard "iframe" with my react application. But, each time I have to log-in to see the Kibana dashboard. (FYI: My Kibana version 7.4.0)

So, I have followed a few paths to bypass the authentication mechanism. But, didn't succeed.

Used Nginx proxy to bypass the authentication. However, this is a 50% result. Because the Dashboard URL will be accessible even without logging in to my application.
Tried to pass userName and password as a part of the Kibana iframe URL. But, it didn't work.

I have also seen a few Api's from the Elasticsearch that will provide us Tokens (Please refer below).

Get token API | Elasticsearch Guide [7.4] | Elastic

If I receive a successful bearer token using the above API. Will I be able to see the dashboard if I append the token with Kibana iframe URL ?

Ex:
<iframe src="http://localhost:1.1.1.1/app/kibana#/dashboard/yy6asd-hasdgj-88789?embed=true&_g=()&_a=(description:'',filters:!(),fullScreenMode:!f,options:(hidePanelTitles:!f)?Token=8u88i996ggsghasdujeusiwk899></iframe>

or

Do I need to make any custom header configurations to send the token as a separate header along with iframe url to make it work?

ikakavas · November 15, 2019, 9:53am

Elasticsearch Token Service tokens have specific properties that make them difficult to use for your use case, specifically that they have very short life ( by default 20 mins and up to 1hr ) after which you either need to use the refresh token to refresh it or get another access token. You can use bearer tokens in your requests to Kibana but you need to enable the Token authentication provider in kibana , see Authentication in Kibana | Kibana Guide [8.11] | Elastic, but whether this is suitable for your scenario, I doubt it.

I can't really unwrap how you tried it and what Exactly failed ? This is the most obvious way forward for you, so I'd suggest we focus on making this work. There are numerous examples in previous posts in this forum to help you, start with Nginx reverse proxy for kibana that contains further links to other relevant posts

vishal_M · November 15, 2019, 3:46pm

Hello @ikakavas,

As per your comments. i have used token service made a [POST ] call to my elastic api "/_security/oauth2/token" which is running on"9200" to generate tokens and it is successful in getting access token and refresh token. Please may i know the next step to store the token in my browser. I don't think it will work if i set the bearer token in my browser with any "keyname"..

Also, I have also tried another alternative using this post:

If you refer to the screenshot, I was able to get some JSON response. But i am not getting the cookie.

Do I need to make any changes in elasticsearch.yaml or kibana.yaml files in order to get the cookie? If i get the cookie. I can store it in my browser. But, Will it work after getting the cookie?
Please can you provide me a right path in achieving this.

ikakavas · November 15, 2019, 4:42pm

Hi there, my comment was that you should not use tokens for your use case ,not the other way around:)

Not sure i follow. Our docs detail how to use a token as a bearer token for authentication 139732 but again, I cant see how this can help you with your use case.

The cookie comes in a response header, not in the body of the response, you need to examine the headers in postman

vishal_M · November 18, 2019, 8:57pm

Hello @ikakavas,

I am able to call the Kibana Api and can see all the response headers in the network Tab.

Also, I can print all the headers in the console window. But, except ['Set-Cookie']. Is it because of http -only?

Please, may I know how to grab the cookie?

ikakavas · November 18, 2019, 9:14pm

I will repeat once more that this path forward doesn't satisfy your use case, so I'm unsure if you should be pursuing this further.

This question has now become: "How can I handle response headers in React" and I can't be of any help. Maybe someone else from the community can assist you

vishal_M · November 21, 2019, 2:30pm

Thanks for your info @ikakavas ,

As a developer, I have to try every possibility to get the things done in a proper way. I felt working with access tokens and cookies will be more secure than Nginx proxy. Because, I hope we have to hardcode basic authentication header in the nginx configuration file. So that, whomever hits the url will be re-directed to kibana dashboards. Please let me know if my understanding is wrong and can you suggest me a good Nginx configuration where i can pass dynamic authentication from my web application.So that, I can configure multiple users and pass the auth headers in the runtime.

FYI : I am currently using kibana 7.3.0 and will be upgrading to 7.4.0 in the near future.

Thanks,
Vishal

vishal_M · November 26, 2019, 6:31pm

Hello @ikakavas ,

Please can you POST your response.

Thanks,
Vishal

ikakavas · November 27, 2019, 7:19am

Hi @vishal_M,

Please refrain from pinging folks directly in this forum. This is a community forum, it may take time for someone to reply to your question, and other people might have insights or ideas to share that will help you get to the bottom of your issue. For more information please refer to the Community Code of Conduct specifically the section "Be patient".
If you are in need of a service with an SLA that covers response times for questions then you may want to consider talking to us about a subscription.

As I wrote above

Also

Again, not the best person to help you with this, but I have shared a few links to setups that folk have used successfully with nginx earlier in this thread

system · December 25, 2019, 7:19am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.