Passing credential to the shield through the header of kibana

security

(Josh Star Long) #1

Hi All,

It is very urgent. I'm looking of a mean to dynamically login into shield by passing the user credentials to the header of kibana as authorization basic.

I have given a try as follows:
I configured a reverse proxy with apache2. That is to contact kibana user go to the url of apache2 and apache2 forward their requests to kibana. It works fine.
I then use angularjs to call the url of apache2 by passing authorization basic as header.
That is
var token = $base64('jstar:password')
$http({
method : 'GET',
url : 'url_of_apache2',
headers : {
'Authorization' : 'Basic ' + token
}).success(function(response) {
$scope.showLoading = false;
$scope.showAPIFail = false;
$scope.kibana = response;
$scope.url = response;
})

After doing that, I have nothing being display on the browser. But when I inspect the browser, I see that the call to kibana return 200, OK but not is being displayed. Furthermore I have the following my message Refused to display "some url" in a frame because it set 'X-Frame-Options' to 'DENY'.

Please any help will be welcoming.
Thanks for the concern.


(system) #2