We want to use Attribute-Based Access Control for accessing kibana dashboard. For this we are generating multiple ApiKeys with different set of security attributes.
We want to embed the kibana iframe into our application. When a user logs in to our application we will generate the elastic ApiKey based on the role the user has in our application. We want to use this generated ApiKey to authenticate the user in kibana iframe. We do not want users to login to kibana using the username/password.
Is there a way to authenticate users to kibana in iframe using the ApiKey instead of username/password?
We read about the NGINX reverse proxy based solution, but that cannot be used for our use-case as we will be generating the ApiKeys dynamically. NGINX requires a static ApiKey to be hardcoded into its config file.