Hello!
I am using the latest SearchGuard bundle version. Kibana is secured using username and password. I develop different visualization and dashboards using Kibana. Now, I have just wanted to export my visualization to another webiste as an iframe (it could in the same server on in different one). I put the iframe in the website, and when I try to visit my dashboards, it is asking me the username and password (in the same way and look that it ask me in Kibana) I have several questions that i could not resolve.
Can I set in some way the username and password in the Iframe not to force to appear it in my site?(I know that it could not be secure)
Can I ask the username and password in a previous view, and set it as a cookie?In that way in will not ask in the next view. How can I set the searchguard_authentication, searchguard_preferences and searchguard_tenant cookies?
I will like to know how can I solve this problem. Thanks in advance,
Aitor
Hi,
sure, Kibana will ask for users credentials every time you want to access it. It does not matter if you embed Kibana in an iFrame or access it directly. Everything else would be a security hole. The login screen is exactly the same because Kibana does not know if it’s embedded in an iFrame or accessed directly.
You cannot pass the user’s credentials in the iFrame call directly, that’s not supported by the Kibana plugin. The plugin checks whether a session cookie already exists, and displays the login page if it’s missing.
You cannot set the cookie in a previous view, because a cookie is always bound to a domain. If your main site runs under example.com, and Kibana runs under kibana.com, then any cookie set by example.com is not accessible by kibana.com
So, at the moment I don’t see how this can be achieved.
···
On Tuesday, May 30, 2017 at 5:25:22 PM UTC+2, Aitor G wrote:
Hello!
I am using the latest SearchGuard bundle version. Kibana is secured using username and password. I develop different visualization and dashboards using Kibana. Now, I have just wanted to export my visualization to another webiste as an iframe (it could in the same server on in different one). I put the iframe in the website, and when I try to visit my dashboards, it is asking me the username and password (in the same way and look that it ask me in Kibana) I have several questions that i could not resolve.
Can I set in some way the username and password in the Iframe not to force to appear it in my site?(I know that it could not be secure)
Can I ask the username and password in a previous view, and set it as a cookie?In that way in will not ask in the next view. How can I set the searchguard_authentication, searchguard_preferences and searchguard_tenant cookies?
I will like to know how can I solve this problem. Thanks in advance,
Aitor
And can it be possible if the iframe is in the same server?How can I place a login screen in the same serve and call to the same methods as the Kibana login to set the cookie properly?
···
El martes, 30 de mayo de 2017, 22:47:42 (UTC+2), Jochen Kressin escribió:
Hi,
sure, Kibana will ask for users credentials every time you want to access it. It does not matter if you embed Kibana in an iFrame or access it directly. Everything else would be a security hole. The login screen is exactly the same because Kibana does not know if it’s embedded in an iFrame or accessed directly.
You cannot pass the user’s credentials in the iFrame call directly, that’s not supported by the Kibana plugin. The plugin checks whether a session cookie already exists, and displays the login page if it’s missing.
You cannot set the cookie in a previous view, because a cookie is always bound to a domain. If your main site runs under example.com, and Kibana runs under kibana.com, then any cookie set by example.com is not accessible by kibana.com
So, at the moment I don’t see how this can be achieved.
On Tuesday, May 30, 2017 at 5:25:22 PM UTC+2, Aitor G wrote:
Hello!
I am using the latest SearchGuard bundle version. Kibana is secured using username and password. I develop different visualization and dashboards using Kibana. Now, I have just wanted to export my visualization to another webiste as an iframe (it could in the same server on in different one). I put the iframe in the website, and when I try to visit my dashboards, it is asking me the username and password (in the same way and look that it ask me in Kibana) I have several questions that i could not resolve.
Can I set in some way the username and password in the Iframe not to force to appear it in my site?(I know that it could not be secure)
Can I ask the username and password in a previous view, and set it as a cookie?In that way in will not ask in the next view. How can I set the searchguard_authentication, searchguard_preferences and searchguard_tenant cookies?
I will like to know how can I solve this problem. Thanks in advance,
Aitor