Hi,
I am new in the elastic stack.
My requirement is:
after users login to our website, they do not need to key in account/password again in order to access kibana.
So, I find this
https://www.elastic.co/guide/en/kibana/current/kibana-authentication.html#token-authentication
It says that I can access user info & perform some operations with that TOKEN.
However, what I want is bypassing the login page with that TOKEN. Is it possible?
Any suggestion is appreciated.
Many Thanks,
Han Shih
@Larry_Gregory / @Brandon_Kobel can you please shed some light here ?
Thanks
Rashmi
Welcome to the discussion boards!
You can't directly use the Token Auth provider to bypass the login screen, as Kibana still requires a username and password to create the initial token. How are your users authenticating to your website? I have a couple of ideas for you:
If you're using a Single Sign-On solution such as SAML, AD/LDAP, or OpenID Connect, then you can take advantage of Kibana's SSO solutions to bypass the login screen.
Otherwise, you may want to consider putting a reverse-proxy (such as nginx) in front of Kibana which handles authentication on behalf of your users. An example of that can be found here: Auto-authenticating to iframe-embedded Kibana dashboard
Hi @Larry_Gregory ,
"How are your users authenticating to your website?"
=> Simply username and password
According to the link you provide, I think the scenario of that topic is:
When the user login the website, the dashboard embedded in the webpage (from kibana) should be shown automatically without another login.
(Correct me if I understand it wrong.)
My goal is very similar to the topic you provide:
After the user provide the username and password, I hope to find some "trick" that can use this information to bypass the login page from kibana.
So, is "reverse proxy" the right way I should go?
Thanks for your suggestion.
Yeah it sounds like a reverse proxy is the way to go here
Hi,
It seems that I have to set "username:password" in base64 inside nginx config file
However, if I want to let users access the server with their own account.
Is it possible for nginx to change the header settings dynamically?
I don't think that's possible out-of-the-box. You'd likely have to write your own logic for nginx to support that, and it'd be highly dependent on how you store your existing user sessions. It sounds like you need a true SSO solution for what you're trying to accomplish.
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.