Skip Login page for kibana

shubhamverma27 (shubham) 2017-07-12 09:53:29 UTC #1

Hi, @sscarduzio @ld57
How to skip the login screen for kibana , and pass the credentials through Basic Authentication during POST request?
Like I want to share an Iframe link of Dashboard and want the user to call it through his application…
So I dont want the login page to appear again and want to pass the credentials from previous app…
I am using LDAP.

[GUIDE] ROR, Own Home and NGINX

hijakk 2017-07-14 19:15:11 UTC #2

This is interesting to me as well. At present I’ve disabled the Kibana plugin to avoid the login page when doing passthrough auth, but that doesn’t seem like the best solution.

sscarduzio (Simone Scarduzio) 2017-07-14 22:05:21 UTC #3

You need the Kibana plugin, you should make an HTTP call to the Kibana POST /login endpoint (with username and password), obtain the cookie in the response header, and then inject the iframe code in the page.

The alternative is modifying the Kibana plugin for reading credentials from the query parameters in the iframe embed code, which a) is not handy because you should edit manually each Kibana embed code. And b) you’d be copy-pasting around credentials.

Another option would be to implement an ACL in the Kibana plugin too, which is something that me and @ld57 have been talking about recently. This would unlock: user-specific url redirects and public url passthrough (like this).

hepamela 2017-12-29 18:29:26 UTC #4

Hi simone, @sscarduzio
I am following this
"You need the Kibana plugin, you should make an HTTP call to the Kibana POST /login endpoint (with username and password), obtain the cookie in the response header, and then inject the iframe code in the page."

I’m trying to get the cookie in the response header but I got the error “Request must contain kbn-xsrf header”.
I’m doing a web service who calls a kibana iframe.
What can I do?

sscarduzio (Simone Scarduzio) 2018-01-02 15:47:33 UTC #5

The required value for that header is the kibana version i.e. “6.1.1”

hepamela 2018-01-02 18:06:11 UTC #6

Simone I got this, but I have Internal server error.
What can I do with this?

sscarduzio (Simone Scarduzio) 2018-01-02 18:19:58 UTC #7

OK that’s progress, do you see errors in the Kibana logs?

hepamela 2018-01-02 19:58:26 UTC #8

cannot read property ‘username’ @sscarduzio

TypeError: Uncaught error Cannot read property ‘username’ of null at login (/usr/share/kibana/plugins/readonlyrest_kbn/server/routes/lib/auth.js:6:956)

sscarduzio (Simone Scarduzio) 2018-01-02 22:05:56 UTC #9

yeah it’s because you are not passing the credentials to the API. Pass “username” and “password” fields via HTTP POST.

hepamela 2018-01-03 20:58:27 UTC #10

Simone, I think this is my last question

We got the cookies (rorCookie and username), and now we’re trying to request the URL Iframe
but if we use GET it only appears “Loading Kibana” and If we use POST we come back to the login session.
If we send with the Url Iframe the cookies, headers and credentials, we got "status code: 404, error: ‘Not Found’.
What can we do now ?
And thanks for all, @sscarduzio .

sscarduzio (Simone Scarduzio) 2018-01-04 18:06:30 UTC #11

can you do this test:

get the embeddable graph URL
Run your ajax that logs in and gets the cookie
paste the embeddable graph url in the browser address bar and verify it works (without iframes)

Do this with the chrome dev tools open on the network tab, and see if some request ends up in error.
Also check the JS console tab for JS errors.