Login to kibana iframe using ApiKey

We want to use Attribute-Based Access Control for accessing kibana dashboard. For this we are generating multiple ApiKeys with different set of security attributes.

We want to embed the kibana iframe into our application. When a user logs in to our application we will generate the elastic ApiKey based on the role the user has in our application. We want to use this generated ApiKey to authenticate the user in kibana iframe. We do not want users to login to kibana using the username/password.

Is there a way to authenticate users to kibana in iframe using the ApiKey instead of username/password?

We read about the NGINX reverse proxy based solution, but that cannot be used for our use-case as we will be generating the ApiKeys dynamically. NGINX requires a static ApiKey to be hardcoded into its config file.

The Kibana HTTP authentication section states that:

API keys are intended for programmatic access to Kibana and Elasticsearch. Do not use API keys to authenticate access via a web browser.

So I think what you want to achieve is only doable through any of Single Sign On methods (SAML, OpenID, Kerberos) and dynamically assigning different roles to your users.

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.