Kibana Authentication

#1

Hi

I have kibana inside an iframe of my application. Can I automatically login into searchguard after the user logs into my application?

Thank you

#2

No, not really. An iFrame is independent from your surrounding app, so the only way to automatically log in would be to add some form of user credentials (of the logged in user) to the iFrame call.

Since you cannot pass any HTTP headers with in iFrame call, the only way would be to add the username and password to the src of the iFrame. But this would also mean that you need to render the password in cleartext in your HTML. This is a big security concern, so it is not supported by Search Guard.

assigned jkressin #3
#4

Thank you. Any suggestions for solving the problem?

#5

Not really, no. An iFrame is basically the same as a new tab in your browser. The only way for an auto-login would be to add username and password to the URL, like:

https://user:pass@kibana.example.com

But due to the mentioned security concerns we do not support it. I will add this as discussion item to our backlog, but cannot promise any ETA.

1 Like
#6

Just thought about it and to make sure I understood your use case correctly: Are you planning to integrate Kibana as an app in your iFrame, or do you just want to embed visualizations and dashboards? Because in the latter case maybe you could use anonymous authentication. Can you talk a bit more about the actual use case?

#7

Yes, I just want to show the dashboard. I already discovered anonymous authentication and it was a great help. :+1:

Now I have a problem. If users access kibana directly, they have access to all dashboards. Is it possible to hide dashboards by user?

#8

That would only be possible with the (commercial) multi tenancy feature I am afraid …