embedding Kibana in iframe - how to auth?

I have ELK 6.5.4 running with the appropriate Search Guard.

I want to be able to share a visualization from Kibana and show it via an iframe.

I have examined old messages, they say this was not possible.

Is it still not possible?

I saw proxy auth mentioned - if users of a web site have IDs there (Wordpress), can we use that to auth for Kibana content that is embedded in iframes?

When asking questions, please provide the following information:

• Search Guard and Elasticsearch version

• Installed and used enterprise modules, if any

• JVM version and operating system version

• Search Guard configuration files

• Elasticsearch log messages on debug level

• Other installed Elasticsearch or Kibana plugins, if any

This is indeed not possible since the Visualization URL you use in the iFrame would need to contain some form of user credentials. The support for embedding username / password like:

https://username:password@hostname/

has been dropped by all major browsers due to security considerations.

Proxy authentication only works if you use a “real” proxy that adds the respective proxy HTTP headers (x-forwarded-for, x-proxy-user etc.) to the HTTP call. Adding HTTP headers within an iFrame is not possible, so this also does not work.

You can think about leveraging anonymous authentication, however:

You could enable anonymous authentication and then map the anon user to a SG role that has access to the Dashboards / underlying data. Then the iFrame approach would work since all unauthenticated requests would be mapped to the anon user and thus the corresponding SG role automatically.

If you want to restrict access to some Dashboards only, then this would require multi-tenancy which is an enterprise feature.