Cannot reach Kibana dashboard URL after Keycloak (openid) login

Hi ,

We are using “https://docs.search-guard.com/latest/kibana-authentication-openid” documention to integrate kibana with openid(keycloak).
Access to kibana UI through keycloak is successful.

We have created a dashboard in kibana & tried to share that dashboard to others through the “copylink” tag available in kibana. When someone tries to open that dashboard URL , It redirects to keycloak page for authentication & after successful login, it loads kibana home page. But my expectation was to load the dashboard page directly after keycloak authentication.

In our case “searchguard.openid.base_redirect_url” is set to https://: in kibana configuration , is this the reason that ,it always redirect to the kibana homepage?
But, even if I do not set this value, the default value of “searchguard.openid.base_redirect_url” is taken as server.host, server.port and server.basepath from kibana.yml .

What do you suggest here in my case? Is there a way to set “searchguard.openid.base_redirect_url” to such value , so that it can redirect to the actual page expected in a copylink rather than redirect to the home page of kibana?

Regards
Subhashree

The anonymous authentication can be a solution


This topic was automatically closed 21 days after the last reply. New replies are no longer allowed.

Did you set Valid Redirect URI’s correctly? Do you see any error in the Kibana log?

Also, please provide your kibana.yml.

Hi,
I have set the valid URL’s to https://kibana_host:kibana_port/auth/openid/login and https://kibana_host:kibana_port/app/kibana .
But I have tried setting it to ‘*’ as well in this case, it does not redirect to the intended dashboard url , It redirects to the home page ( /app/kibana) only .

Also, there are no error logs in kibana when this occurs.

Below is the kibana.yaml configuration:

Blockquote
server.name: kibana
server.host: “0”
server.customResponseHeaders: { “X-Frame-Options”: “DENY” }
#server.ssl.supportedProtocols: [“TLSv1.2”]
#searchguard.cookie.secure: true
#elasticsearch.requestHeadersWhitelist: [ “Authorization”, “sgtenant”, “x-forwarded-for”, “x-proxy-user”, “x-proxy-roles” ]
searchguard.auth.type: “openid”
searchguard.openid.connect_url: “http://:<keycloak-/auth/realms/elk/.well-known/openid-configuration”
searchguard.openid.client_id: “elk-kibana-sso”
searchguard.openid.client_secret: “5ef93c38-3122-4bea-85e8-84825838c3cf”
searchguard.openid.header: “Authorization”
searchguard.openid.base_redirect_url: “https://:5601”
searchguard.openid.root_ca: “/etc/kibana/certs/keycloak-root-ca.pem”
Blockquote

Thanks.

Try to put https://kibanahost:5601/* as the only value in the Valid Redirect URI field.

Also, you missed the host part in searchguard.openid.base_redirect_url. A valid option is https://kibanahost:5601 where the kibanahost is a valid hostname resolved by DNS.

kibana.yml

searchguard.openid.base_redirect_url: “https://:5601”

Let me know.

Hi ,

I have tried using https://kibanahost:kibanaport/* as the only value in the Valid Redirect URL field , But I could see the same issue again, the dashboard URL from copylink tag redirects to kibana homepage after keycloak authentication.

Also , searchguard.openid.base_redirect_url is set to a valid url i:e https://kibanahost:kibanaport in kibana.yaml , previously which value I have posted for the same was a typo mistake from my end.

could you please help me for this issue ?

Thanks.
Subhashree

Hi , Is there any update on this issue ? Could you help us find a solution for this issue , as above mentioned parameters doesn’t help resolve the issue.

Thanks
Subhashree

We have created a dashboard in kibana & tried to share that dashboard to others through the “copylink” tag available in kibana. When someone tries to open that dashboard URL , It redirects to keycloak page for authentication & after successful login, it loads kibana home page. But my expectation was to load the dashboard page directly after keycloak authentication.

I am able to reproduce it. Definitely it is desirable to redirect to the dashboard page after the user is authenticated. This issue is already in the feature queue. I’ll update you when it is fixed.

Thank you very much for the information.
Could you please share , tentatively when could the fix be available?
Thanks.

Hi @srgbnd ,
Do you have any updates on this issue fix ?

Thanks.

It is still in the queue. I prioritized it by moving it down the queue.
In the latest version, the user is redirected to the dashboards list.

Thank you for the response. Can you share in which version the fix is expected tentatively ?

I added it to the next sprint queue which ends approximately in one month. But we shall investigate the possible solutions first.

I’ll ping you when we have it fixed.