Redirect to dashboard after SSO with SAMl

I created a WordPress plugin that embeds a kibana dashboard in the administrative panel. This works fine however I have the problem that when accessing the dashboard page the user, who is already logged in to WordPress, must log in to kibana as well. To solve this problem I implemented SSO with SAML in xpack and in WordPress, this also works well, but it generates a problem, when I access the page with an active section the IdP recognizes and redirects to the kibana home page and not the dashboard I created .

This is not really a mistake, at some point in my Elastic Stack or in my Service Provider I must have defined that the base URL was the initial of kibana and that's what I want when the user accesses the kibana directly, however when it accesses a page that loads the kibana dashboard via iframe I want it to be redirected there after authentication and not to the home page. It is possible?

I do not know if I was clear, but what I need is to have the possibility of defining where to redirect the user after the recognition of the active section in the IdP or after login, and that this redirection needs to be variable so that I can redirect to two different places depending on the environment accessed.

Can you try setting server.defaultRoute in your kibana.yml to the dashboard you want to display?

Do you have one Kibana installation for both environments, or one Kibana for each environment?

A unique kibana installation. The environments are:

1 - Normal Kibana (https: // kibana: 5601)
When login should redirect to the root of the same kibana and is ok

2 - A kibana dashboard being loaded via iframe inside the WordPress admin panel (https: // kibana: 5601 / app / kibana # / dashboard / 1f0e2f80-65ff-11e9-b6ce-2b8f48b758d2? Embed = true & _g = ())

The problem is that if I am not logged in to kibana via SSO, but logged in to WP via SSO, the system makes the redirects to test if there are active sections and when it identifies it already exists it redirects my iframe to https: // kibana: 5601 to instead of the dashboard.

If I do reload the page then yes the iframe loads the kibana dashboard, this because it already has section active in the kibana.

What I think is that when I am not logged in to kibana there is an extra process to identify if there are other active sections and then in this process it loses the reference and redirects me to the root.

serverDefaultRoute does not suit me, it modifies the kibana homepage for all cases.

What I need is that after checking that there is active section is redirected to the page that started the process. That is, I need the cases

Case 1 - I opened kibana: 5601 I will be redirected to IdP authentication and when I finish the process I want to go back to kibana: 5601

Case 2 - I abrikibana: 5601 / app / dashboard / ....... I will be redirected to IdP authentication and when I finish the process I want to go back to kibana: 5601 / app / dashboard / .......

In case 2 only works if the kibana section is active, if the active section is from another service, like WordPress, it identifies that I am already logged in but it redirects me to kibana: 5601, ignoring the rest of the URL.

Thanks for the additional info and insight. I believe you're running into a limitation, which we have documented here: https://github.com/elastic/kibana/issues/18392. This comment by @azasypkin does a nice job explaining why this happens.

As far as I know, we don't have a workaround at this time

Thank you very much, I have already arrived in this issue and I will see how I can turn around here.

Thank you!

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.