Hello,
I've setup Elastic/Kibana with basic authentication using x-pack. I understand that I can set up a reverse proxy using Nginx and specify a base 64 encoded username/password to the header to authenticate and use the iframe via the reverse proxy from within my web application.
However, Is there a way to pass in a specific username/password retrieved from my application login and pass it to the proxy so that Kibana will display the iframe with permissions set for that specific user ?
Here are the relevant docs for customizing HTTP authentication in Kibana: Authentication in Kibana | Kibana Guide [7.14] | Elastic
If you have the Basic authentication provider enabled in Kibana (it is enabled default if you are running Elasticsearch with Security enabled), you can pass in any valid base64-encoded username:password combination in the HTTP Authorization header. That's simply called Basic HTTP Authentication.
You could customize your proxy to handle this; I'm not sure of the specifics of how to do it in Nginx though, and that would involve exposing something like a cookie to your proxy. Alternatively you could make your own application-layer proxy to do this for you.
If your license permits and you have the infrastructure in place, you would be better off using some form of single sign-on such as SAML or OIDC.
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.