Hi, @sscarduzio @ld57
How to skip the login screen for kibana , and pass the credentials through Basic Authentication during POST request?
Like I want to share an Iframe link of Dashboard and want the user to call it through his application…
So I dont want the login page to appear again and want to pass the credentials from previous app…
I am using LDAP.
Hi, @sscarduzio @ld57
[GUIDE] ROR, Own Home and NGINX
This is interesting to me as well. At present I’ve disabled the Kibana plugin to avoid the login page when doing passthrough auth, but that doesn’t seem like the best solution.
You need the Kibana plugin, you should make an HTTP call to the Kibana POST /login endpoint (with username and password), obtain the cookie in the response header, and then inject the iframe code in the page.
The alternative is modifying the Kibana plugin for reading credentials from the query parameters in the iframe embed code, which a) is not handy because you should edit manually each Kibana embed code. And b) you’d be copy-pasting around credentials.
Another option would be to implement an ACL in the Kibana plugin too, which is something that me and @ld57 have been talking about recently. This would unlock: user-specific url redirects and public url passthrough (like this).
Hi simone, @sscarduzio
I am following this
"You need the Kibana plugin, you should make an HTTP call to the Kibana POST /login endpoint (with username and password), obtain the cookie in the response header, and then inject the iframe code in the page."
I’m trying to get the cookie in the response header but I got the error “Request must contain kbn-xsrf header”.
I’m doing a web service who calls a kibana iframe.
What can I do?
The required value for that header is the kibana version i.e. “6.1.1”
OK that’s progress, do you see errors in the Kibana logs?
cannot read property ‘username’ @sscarduzio
TypeError: Uncaught error Cannot read property ‘username’ of null at login (/usr/share/kibana/plugins/readonlyrest_kbn/server/routes/lib/auth.js:6:956)
yeah it’s because you are not passing the credentials to the API. Pass “username” and “password” fields via HTTP POST.
Simone, I think this is my last question
We got the cookies (rorCookie and username), and now we’re trying to request the URL Iframe
but if we use GET it only appears “Loading Kibana” and If we use POST we come back to the login session.
If we send with the Url Iframe the cookies, headers and credentials, we got "status code: 404, error: ‘Not Found’.
What can we do now ?
And thanks for all, @sscarduzio .
can you do this test:
- get the embeddable graph URL
- Run your ajax that logs in and gets the cookie
- paste the embeddable graph url in the browser address bar and verify it works (without iframes)
Do this with the chrome dev tools open on the network tab, and see if some request ends up in error.
Also check the JS console tab for JS errors.