Hello,
I was trying to secure my cluster, so I am using X-Pack to define users to each roles. I was trying to embed dashboards in an external web page. The user, when logged in my web page, should be able to see the kibana dashboards that corresponds to each role in the company. I was thinking in using nginx to authenticate my user when getting the kibana dashboards, but I am facing a problem: when I use nginx, accessing the link, a popup of authentication required shows.
There is any way to send those credentials through my web page, without needing that my user type it's credentials?
Hey @Francisca_Lima, are you trying to make it so that users which accessing Kibana using Nginx don't have to type a username/password at all and are always logged in as the same user?
Or are you trying to use Nginx to do your own basic authorization, similar to what is described here and then forward that information on to Kibana?
Then you should add a user in Kibana, I called mine "nginx"
Create a role for this user, I called mine "nginx" as well. Leave all everything default with no permissions to anything except add the users you want authenticated through NGINX to the "Run As privileges" section.
You need to base 64 encode the username:password for the NGINX account in Kibana.
the one shown below ("bmdpbng6c2VjcmV0cGFzc3dvcmQ=") is base 64 encoding of nginx:secretpassword
$NAME_OF_HEADER_WITH_USER_TO_RUN_AS shown below should be a named header that your application uses to pass the username you want authenticated into Kibana. The username from the web app and Kibana must match exactly, as this is what allows the NGINX user in Kibana to run as another user. This would be a header such as $http_x_forwarded_user.
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.