Skip Login page for kibana

francisca.lima · February 7, 2019, 5:39pm

If I put in append a src like this http://127.0.0.1:5601/app/kibana, this page will open in the iframe as expected. But with a link to a dashboard, the weird thing happens. This is so strange.

sscarduzio · February 8, 2019, 12:29pm

Strange, are you able to open the dashboard link normally in another tab?

francisca.lima · February 8, 2019, 12:33pm

Yes, this never happened. When I put this link in an iframe and introduce manually the credentials, this does not happen.

sscarduzio · February 8, 2019, 12:47pm

Any logs in Kibana or ES?

Jstyle0302 · August 7, 2019, 4:26am

Hi @sscarduzio
I tried to create an auto-login page for ReadonlyRest_Kibana for some guests who visit the Kibana for the first time. I imitate the method above but it is blocked and cannot auto-login ReadonlyRest. Is there any suggestion to implement this idea?

My web code:

<html><div id="graphEmbedWrapper"></div>
<script src="https://ajax.googleapis.com/ajax/libs/jquery/3.4.1/jquery.min.js"></script>
<script>
var settings = {
	//"async": true,
	"crossDomain": true,
	"url": "http://192.168.0.205:5601/login",
	"method": "POST",
	"headers": {
		"Content-Type": "application/x-www-form-urlencoded,application/json",
		"Accept": "application/json, text/javascript, *\/*; q=0.01",
		"kbn-version" : "6.7.1",
		"kbn-xsrf" : "6.7.1",
		"Access-Control-Allow-Origin": "*",
		"Access-Control-Allow-Credentials" : true,
		"Access-Control-Allow-Methods":"*",
		"Access-Control-Allow-Headers":"*"
	},
	"data": {
		"username": "kibana",
		"password": "kibana"
	}
};

$.ajax(settings).done(function (xhr,data) {
	console.dir(data);
	window.location.replace("http://192.168.0.205:5601/app/kibana#/home?_g=()");
}).fail(function(xhr,data) {
	console.dir(xhr);
	
});
</script>
</html>

And my kibana.yml setting is below:

server.port: 5601
server.host: 0.0.0.0
elasticsearch.hosts: ["http://192.168.0.205:9200","http://192.168.0.206:9200","http://192.168.0.207:9200"]
kibana.index: ".kibana"
logging.dest: stdout
server.cors: true
server.cors.origin: ['*']
xpack.reporting.enabled: true
xpack.security.enabled: false

Readonlyrest.yml is below:

readonlyrest:
  audit_collector: true
  prompt_for_basic_auth: true
  access_control_rules:
  - name: '::KIBANA-SRV::'
    auth_key: kibana:kibana
  - name: superuser
    groups: superuser
    kibana_hide_apps:
    - readonlyrest_kbn

Kibana log is below and it seems working well:

Aug  7 12:14:06 demosite1 kibana: {"type":"response","@timestamp":"2019-08-07T04:14:06Z","tags":["api"],"pid":9331,"method":"get","statusCode":200,"req":{"url":"/api/status","method":"get","headers":{"host":"localhost:5601","user-agent":"Go-http-client/1.1","accept-encoding":"gzip"},"remoteAddress":"127.0.0.1","userAgent":"127.0.0.1"},"res":{"statusCode":200,"responseTime":22,"contentLength":9},"message":"GET /api/status 200 22ms - 9.0B"}

My Kibana version is 6.7.1 and readonlyrest version is 1.18.2.
Is there anything else I should add for YAML? Thanks!

sscarduzio · August 8, 2019, 9:13am

@Jstyle0302, the log line provided is a query for /api/status, not a login request. Also, it would be nice to see what the browser “networking” window in dev tools say. Does it fail the CORS? Does it get refused? What error code does it return?

Jstyle0302 · August 14, 2019, 7:28am

Hi Simone,

I did not get any message from the log. However, I got the message below from the Google Chrome Develop Tool. It seems like I did not successfully communicate with the Kibana Server and my request is blocked by the CORS policy.

Access to XMLHttpRequest at 'http://192.168.0.205:5601/' from origin 'http://192.168.0.205' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource.

How can I transport my account and password to the Server and authenticate my role acting like the ReadonlyRest Login page? Are there other recommended ways? Or will the username and password can authenticate like the jwt token? Thank you!

sscarduzio · August 15, 2019, 7:24am

Actually I could fix this by adding the CORS headers to the login page too, according to what configured in Kibana settings. Should be simple.

Jstyle0302 · August 16, 2019, 3:04am

@sscarduzio Will this change be applied in the lastest readonlyrest_kbn version for kibana6.7.1 or only further version such as Kibana7.2+ and so on? Thanks!

sscarduzio · August 16, 2019, 8:53am

Hi @Jstyle0302, I could not get this to work. After seeing this (and not agreeing with their decision of disabling CORS if not in dev mode), I suggest for now to follow Kibana team’s suggestion and use an nginx or any other reverse proxy, so Kibana thinks every request comes from the same origin.

Jstyle0302 · August 17, 2019, 9:57am

@sscarduzio Okay! Thanks for your suggestion!

Nandini · December 20, 2019, 11:48am

HI sscarduzio, I tried with the same curl but I am getting a response as 404(Not Found).
this is what my request is:

   fetch('https://example.com/login',{
           method:'POST',
           header:{              
            "kbn-version": "7.3.2",
            "kbn-xsrf": "7.3.2",
            "Content-Type": "application/x-www-form-urlencoded; charset=UTF-8",
            "Accept": "application/json",
            "Connection": "keep-alive"
        },
            body:{
             "password": "demo",
             "username": "demo"
         }
   })

codioplus · March 5, 2020, 1:23pm

This will work 100%