Login kibana without UI (using token)


I am new in the elastic stack.

My requirement is:
after users login to our website, they do not need to key in account/password again in order to access kibana.

So, I find this

It says that I can access user info & perform some operations with that TOKEN.
However, what I want is bypassing the login page with that TOKEN. Is it possible?

Any suggestion is appreciated.

Many Thanks,

Han Shih

@Larry_Gregory / @Brandon_Kobel can you please shed some light here ?



Welcome to the discussion boards!

You can't directly use the Token Auth provider to bypass the login screen, as Kibana still requires a username and password to create the initial token. How are your users authenticating to your website? I have a couple of ideas for you:

If you're using a Single Sign-On solution such as SAML, AD/LDAP, or OpenID Connect, then you can take advantage of Kibana's SSO solutions to bypass the login screen.

Otherwise, you may want to consider putting a reverse-proxy (such as nginx) in front of Kibana which handles authentication on behalf of your users. An example of that can be found here: Auto-authenticating to iframe-embedded Kibana dashboard

Hi @Larry_Gregory ,

"How are your users authenticating to your website?"
=> Simply username and password

According to the link you provide, I think the scenario of that topic is:
When the user login the website, the dashboard embedded in the webpage (from kibana) should be shown automatically without another login.
(Correct me if I understand it wrong.)

My goal is very similar to the topic you provide:
After the user provide the username and password, I hope to find some "trick" that can use this information to bypass the login page from kibana.

So, is "reverse proxy" the right way I should go?

Thanks for your suggestion.

Yeah it sounds like a reverse proxy is the way to go here


It seems that I have to set "username:password" in base64 inside nginx config file

However, if I want to let users access the server with their own account.

Is it possible for nginx to change the header settings dynamically?

I don't think that's possible out-of-the-box. You'd likely have to write your own logic for nginx to support that, and it'd be highly dependent on how you store your existing user sessions. It sounds like you need a true SSO solution for what you're trying to accomplish.

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.