Kibana Login with Elasticsearch Token

Good Evening Everyone,

This past weekend we finally upgraded our cluster from 7.5.2 to 7.17.5. We had a few hiccups along the way, but most of been resolved. We have one outstanding issue we're not finding a solution to. When our cluster was running version 7.5.2, we were able to sign a user into with a token from elasticsearch API with the following setup:

We get a token using the following endpoint the elasticsearch api /_security/oath2/token

The user would be given a link with the following format:

This would route a request to a nginx reverse proxy with the following relevant config:

        location / {
          if ($arg_token) {
            add_header Set-Cookie "token=$arg_token;max-age=1200;path=/";
          proxy_set_header  X-Found-Cluster mycluster;
          proxy_set_header  Host $host;
          proxy_set_header  X-Real-IP $remote_addr;
          proxy_set_header  X-Forwarded-For $proxy_add_x_forwarded_for;
          proxy_set_header  Authorization "Bearer $cookie_token";
          proxy_pass  "https://mycluster";

This would sign the user in without entering a username and password and allow them to view their dashboards. Is there something that changed between 7.5.2 & 7.17.5 with this type of authentication? Is this still possible and If not what could be a viable replacement? We are using Elasticsearch/Kibana to allow our customer to create dashboards using their data from our web application. We have the accounts linked in the web application to a Kibana user for the Kibana auth. We would be open to upgrading further if needed to restore this functionality, even if it is a different solution.

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.