I am trying to embed Kibana (with XPACK) enabled in a custom app.
Logically it would work as follows
The user is authenticated in the custom app and then a call is made to Kibana (with authentication headers) based on his role. The list of Visuals and Dashboards is displayed and the user is able to see them.
I am having a hard time with the auth enabled. If I call the dashboard directly, I am able to authenticate but then it needs several libraries to render the UI and it fails.
If I do a iFrame, setting the Auth on it is very insecure. Whats the best way to accomplish this?
@Larry_Gregory/ @Brandon_Kobel so far we have been doing it with iFrames. I am not sure if I understand why this is insecure? Can we please get some help?
The best way to accomplish this is via reverse-proxy. Instead of having an iframe with hard-coded credentials, the iframe can point to a reverse proxy that you control. The proxy then has logic to add the auth headers, as required.
Here's an example setup for nginx that you can use as a starting point: Auto-authenticating to iframe-embedded Kibana dashboard
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.