Cannot reach Kibana dashboard URL after Keycloak (openid) login

Hi ,

We are using “https://docs.search-guard.com/latest/kibana-authentication-openid” documention to integrate kibana with openid(keycloak).
Access to kibana UI through keycloak is successful.

We have created a dashboard in kibana & tried to share that dashboard to others through the “copylink” tag available in kibana. When someone tries to open that dashboard URL , It redirects to keycloak page for authentication & after successful login, it loads kibana home page. But my expectation was to load the dashboard page directly after keycloak authentication.

In our case “searchguard.openid.base_redirect_url” is set to https://: in kibana configuration , is this the reason that ,it always redirect to the kibana homepage?
But, even if I do not set this value, the default value of “searchguard.openid.base_redirect_url” is taken as server.host, server.port and server.basepath from kibana.yml .

What do you suggest here in my case? Is there a way to set “searchguard.openid.base_redirect_url” to such value , so that it can redirect to the actual page expected in a copylink rather than redirect to the home page of kibana?

Regards
Subhashree

The anonymous authentication can be a solution


This topic was automatically closed 21 days after the last reply. New replies are no longer allowed.

Did you set Valid Redirect URI’s correctly? Do you see any error in the Kibana log?

Also, please provide your kibana.yml.

Hi,
I have set the valid URL’s to https://kibana_host:kibana_port/auth/openid/login and https://kibana_host:kibana_port/app/kibana .
But I have tried setting it to ‘*’ as well in this case, it does not redirect to the intended dashboard url , It redirects to the home page ( /app/kibana) only .

Also, there are no error logs in kibana when this occurs.

Below is the kibana.yaml configuration:

Blockquote
server.name: kibana
server.host: “0”
server.customResponseHeaders: { “X-Frame-Options”: “DENY” }
#server.ssl.supportedProtocols: [“TLSv1.2”]
#searchguard.cookie.secure: true
#elasticsearch.requestHeadersWhitelist: [ “Authorization”, “sgtenant”, “x-forwarded-for”, “x-proxy-user”, “x-proxy-roles” ]
searchguard.auth.type: “openid”
searchguard.openid.connect_url: “http://:<keycloak-/auth/realms/elk/.well-known/openid-configuration”
searchguard.openid.client_id: “elk-kibana-sso”
searchguard.openid.client_secret: “5ef93c38-3122-4bea-85e8-84825838c3cf”
searchguard.openid.header: “Authorization”
searchguard.openid.base_redirect_url: “https://:5601”
searchguard.openid.root_ca: “/etc/kibana/certs/keycloak-root-ca.pem”
Blockquote

Thanks.

Try to put https://kibanahost:5601/* as the only value in the Valid Redirect URI field.

Also, you missed the host part in searchguard.openid.base_redirect_url. A valid option is https://kibanahost:5601 where the kibanahost is a valid hostname resolved by DNS.

kibana.yml

searchguard.openid.base_redirect_url: “https://:5601”

Let me know.

Hi ,

I have tried using https://kibanahost:kibanaport/* as the only value in the Valid Redirect URL field , But I could see the same issue again, the dashboard URL from copylink tag redirects to kibana homepage after keycloak authentication.

Also , searchguard.openid.base_redirect_url is set to a valid url i:e https://kibanahost:kibanaport in kibana.yaml , previously which value I have posted for the same was a typo mistake from my end.

could you please help me for this issue ?

Thanks.
Subhashree