Embed Kibana dashboard into other app

I want to embed a kibana dashboard from an instance that is using ReadonlyREST to another application using iFrame, but I want to skip the authentication window on the exported dashboard so they don’t have to login again to view it.
I see Kibana has Anonymous access and embedding when using the integrated access control. Is there anything similar when using ReadonlyREST access control?

Hello @oskrdt,

Actually we can do something better than anonymous access: we can embed the authentication in the URL.

Great! I’ll try that.
I just don’t understand how to use the roles and roles_claim to control the access from this section. Do you have any other doc link or can you explain me how that works?

Sorry about the crappy documentation about this. Will make it better, thanks for pointing out.

Let’s take this example JWT token, and imagine that your identity provider has produced it, and now the user agent is sending it in the “Authorization: Bearer <…>” header.

ReadonlyREST plugin will analyze the token and find the “claims” in the JWT token payload are:

  "sub": "1234567890",
  "hasName": "John Doe",
  "hasRoles": ["admins", "devops"],
  "iat": 1516239022

In ReadonlyREST you have configured the ACL like this:

    - name: Valid JWT token with a admins role
      kibana_access: admin
        name: "my_JWT_connector"
        roles: ["admins"]

    - name: Valid JWT token with a devops role
      kibana_access: rw
        name: "my_JWT_connector"
        roles: ["devops"]

    - name: "my_JWT_connector"
      signature_algo: HMAC
      signature_key: "your_signature_min_256_chars"
      user_claim: "hasName"
      roles_claim: "hasRoles"

Notice that you declare a jwt connector called “my_JWT_connetor”, and then you reference it in the ACL blocks.

Notice also that “roles_claims” in the JWT connector definition is literally the JSON key where ReadonlyREST expects to find the array of strings representing the list of roles.

Whereas in the ACL block, you can restrict the match to only certain “roles”.

I hope this helps, let me know if you have more questions.

1 Like