Unable to log into embedded Kibana anonymously

I tried to embed Kibana into a webpage but was unable to login as they kept bringing me back to the login page.
So I decided to take a different approach and allow user to log in anonymously.
I create an API-Key and link a newly created role to the api-key. However, when I try to login anonymously, I received this error


This is how I create my api-key in dev tools

POST /_security/api_key
{
  "name": "anonymous",
  "expiration": "1d",   
  "role_descriptors": { 
    "role-a": {
      "cluster": ["all"],
      "index": [
        {
          "names": ["anonymous-role"],
          "privileges": ["all"]
        }
      ]
    }
  },
  "metadata": {
    "application": "my-application",
    "environment": {
       "level": 1,
       "trusted": true,
       "tags": ["dev", "staging"]
    }
  }
}

This is the privileges I gave to my newly created role



And in my kibana.yml file I added the following xpack code.

xpack.security.authc.providers:
    basic.basic1:
        order: 0
    anonymous.anonymous1:
        order: 1
        credentials:
            apiKey.id: "ve_guH0BuaYiJNe0VH1r"
            apiKey.key: "cyivUsIkQBKybk2v6XiOYQ"

I'm sorry if this is an easy fix. I am still new and learning Kibana. Any advice is greatly appreciated! Thank you for your time!

Docs recommend to change sameSiteCookies policy and use auth_provider_hint for this approach

Have you tried this?

Hello @dosant sorry I forgot to add that I did use auth_provider_hint in my iFrame code.

<iframe src="http://localhost:5601/app/dashboards?auth_provider_hint=anonymous1#/view/e1eb4b30-3ba1-11ec-818d-cba5e7ef064e?embed=true&_g=(...)" height="600" width="800"></iframe>

and when I tried to use sameSiteCookies by adding xpack.security.sameSiteCookies: "None" in my kibana.yml, I received this error instead


This is the error I saw in my console

  1. [error][server][Kibana][http] Error: "SameSite: None" requires Secure connection at validateOptions
  2. [warning][process] PromiseRejectionHandledWarning: Promise rejection was handled asynchronously (rejection id: 2)
  3. Error: Internal Server Error at HapiResponseAdapter.toInternalError

I Have the same error ,did you solve it?

Hello @yanwencheng , I went with a different approach. Instead of giving an API key the privilege role (in my case the role is called anonymous-role), I gave the anonymous-role to a newly created user and used the following code instead;

xpack.security.authc.providers:
    basic.basic1:
        order: 0
    anonymous.anonymous1:
        order: 1
        credentials:
            username: "[insert username here]"
            password: "[insert password here]"

You can refer to my post here regarding it here

You mean that you only need to configure kibana.yml, I see the official documentation needs to add Elasticsearch.yml

xpack.security.authc:
anonymous:
username: anonymous1
roles: anonymousRole
authz_exception: true

I got a new error again

Error: [security_exception: [security_exception] Reason: unable to authenticate user [anonymousUser1] for REST request [/_security/_authenticate]]: unable to authenticate user [anonymousUser1] for REST request [/_security/_authenticate]
    at login_form_LoginForm.loginWithSelector (http://192.168.30.243:5601/44266/bundles/plugin/security/8.0.0/security.chunk.5.js:8:22037)
    at async login_form_LoginForm.componentDidMount (http://192.168.30.243:5601/44266/bundles/plugin/security/8.0.0/security.chunk.5.js:8:23159)

that's what I did last time but I got the same error. So I add the roles to a newly created user and am able to log in anonymously using my iFrame code.

I set a user password of 888888 on kibana page, and in kibana YML is configured as

xpack.security.authc.providers:
    basic.basic1:
        order: 0
    anonymous.anonymous1:
        order: 1
        credentials:
            username: "ceshiyonghu"
            password: "888888"

Kibana Do you need to configure other YML? I still have this error

Thank you very much. After using STL, iframe can be embedded easily。

1 Like

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.