Dashboard embed URL lands at the space selector

We are trying to embed a link to a specific dashboard into our product portal using JWT tokens in the URL parameter and the problem we run into is that instead of landing directly on the dashboard, the page lands at the space selector for the first time (on a new browser session). Subsequent reloads on the same browser session land the page at the dashboard, but the first one always goes to the space selector. Is this a known issue? If so, is there a workaround for this.
Here are my setup details.

  1. JWT and Basic Auth enabled at Elasticsearch. JWT is through Auth Header from Kibana to ES
  2. JWT token based auth at Kibana with URL param used for passing the token
  3. Tenant, roles and role mappings created in the system where roles map to our backend roles (passed through roles and subject field in the JWT)
  4. After this we go to a specific dashboard for a tenant and get the “embed” link to the saved object
  5. We ran with two cases (1) direct link on the browser window. (2) link embedded in an iframe from a server hosted on the same domain.

In both cases, what we noticed is that when we open a fresh browser, the first time it almost always lands on the space selector. Once we choose a space, a subsequent reload will take it to the dashboard. This does not happen when we run with base Kibana (not using tenants and JWT tokens)
Thanks for any help that you can give on this. This will be a blocker for us in deployment.

We need more information to help you.

  1. What SG version do you use?
  2. sg_config.yml.
  3. searchgurad.yml.
  4. kibana.yml.

Also, send logs.

  1. Elasticsearch logs.
  2. Kibana logs.

Attaching the config details here. Can i send you the logs in a private message? they have some proprietary information.

  1. SG Version - Elasticsearch 7.8.1 with Search Guard 7

  2. Here are the config files.
    server.host: “”
    server.basePath: “/kdb”
    server.rewriteBasePath: true
    elasticsearch.hosts: [“https://es-node1:9200”, “https://es-node2:9200”, “https://es-node3:9200”]
    elasticsearch.username: “kibanaserver”
    elasticsearch.password: “kibanaserver”
    xpack.security.enabled: false
    elasticsearch.ssl.certificateAuthorities: “/usr/share/kibana/config/certs/root-ca.pem”
    searchguard.multitenancy.enabled: true
    elasticsearch.requestHeadersWhitelist: [“sgtenant”, “Authorization”]
    searchguard.multitenancy.tenants.preferred: [“Private”, “Global”]
    searchguard.auth.type: “jwt”
    searchguard.jwt.url_param: ‘jwttoken’
    searchguard.jwt.header: ‘Authorization’

sg_config.yml (just the used portions)
type: “config”
config_version: 2

do_not_fail_on_forbidden: true
multitenancy_enabled: true
server_username: kibanaserver
index: ‘.kibana’
anonymous_auth_enabled: false
enabled: false
internalProxies: ‘|’ # regex pattern
description: “Authenticate via HTTP Basic against internal users database”
http_enabled: true
transport_enabled: true
order: 4
type: basic
challenge: true
type: intern
description: “Authenticate via Json Web Token”
http_enabled: true
transport_enabled: true
order: 0
type: jwt
challenge: false
jwt_header: “Authorization”
jwt_url_parameter: null
roles_key: “roles”
subject_key: “subject”
type: noop

Wanted to add one more detail here. My Original URL that i am trying to load looks something like this


The First load always lands at space selector. an immediate reload (within 10-15 seconds) loads the dashboard

Hi @shaliniy,

I am able to reproduce this and will try to find the cause (and hopefully a solution).
I’ll keep you posted!

Thanks for reporting this!
Best Regards

1 Like

Hi @shaliniy,

I forgot to answer here, sorry! We have a fix in place and it will be included in the next release.

Thanks again!
Best Regards

Thanks, Mike. Looking forward to it.
Should i close this topic?

Mike, Any idea when the next release with the fix will be out? Thanks!

@shaliniy it is already out. Pick the latest from the list https://docs.search-guard.com/latest/search-guard-versions

1 Like

This topic was automatically closed 21 days after the last reply. New replies are no longer allowed.