Hi,
I am new in the elastic stack.
My requirement is:
after users login to our website, they do not need to key in account/password again in order to access kibana.
So, I find this
https://www.elastic.co/guide/en/kibana/current/kibana-authentication.html#token-authentication
It says that I can access user info & perform some operations with that TOKEN.
However, what I want is bypassing the login page with that TOKEN. Is it possible?
Any suggestion is appreciated.
Many Thanks,
Han Shih
Welcome to the discussion boards!
You can't directly use the Token Auth provider to bypass the login screen, as Kibana still requires a username and password to create the initial token. How are your users authenticating to your website? I have a couple of ideas for you:
If you're using a Single Sign-On solution such as SAML, AD/LDAP, or OpenID Connect, then you can take advantage of Kibana's SSO solutions to bypass the login screen.
Otherwise, you may want to consider putting a reverse-proxy (such as nginx) in front of Kibana which handles authentication on behalf of your users. An example of that can be found here: Auto-authenticating to iframe-embedded Kibana dashboard
Hi @Larry_Gregory ,
"How are your users authenticating to your website?"
=> Simply username and password
According to the link you provide, I think the scenario of that topic is:
When the user login the website, the dashboard embedded in the webpage (from kibana) should be shown automatically without another login.
(Correct me if I understand it wrong.)
My goal is very similar to the topic you provide:
After the user provide the username and password, I hope to find some "trick" that can use this information to bypass the login page from kibana.
So, is "reverse proxy" the right way I should go?
Thanks for your suggestion.
Yeah it sounds like a reverse proxy is the way to go here
Hi,
It seems that I have to set "username:password" in base64 inside nginx config file
However, if I want to let users access the server with their own account.
Is it possible for nginx to change the header settings dynamically?
I don't think that's possible out-of-the-box. You'd likely have to write your own logic for nginx to support that, and it'd be highly dependent on how you store your existing user sessions. It sounds like you need a true SSO solution for what you're trying to accomplish.
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2018. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.