Hi, I’m authenticating to searchguard using JWT. Now, when I hit a URL like
http://localhost:9200/app/kibana?jwtparam=xxx
``
Then it actually works, and I seem to be properly authenticated to Kibana. Yay!
However, when I try to embed a dashboard as an iFrame in my site, I also add the jwtparam field to my request, however, the request now takes the following shape:
http://localhost:5601/app/kibana#/dashboard/[dashboard-id]?embed=true&jwtparam=[my_jwt_token]&_g=[kibana’s_parameters_to_the_dashboard]
``
And this tells me that my token is invalid! Boo.
So basically, my jwt token is refused when sent as a parameter to the dashboard. Is this expected behaviour? Is there some kind of workaround? I’m simply trying to embed a dashboard in my site without triggering an obvious sign-on process. Seems like embedding the token in the iFrame’s URL is the way, but I could stick it in the Auth header - or is there something I’m missing?
I should add:
Kibana: 6.4.2-17
Elasticsearch: 6.4.2-23.2
Help with this would be greatly appreciated!