What I Want to Achieve
I pasted a Kibana dashboard’s iframe code in my webapp, which works fine. I’m trying to skip the sign-in screen.
What I Tried
Since I already have the user’s credentials in memory, I figured an AJAX call to
/api/v1/auth/login before loading the embedded dashboard should set the appropriate cookie and skip the sign-in screen.
The issue is, Kibana will only accept the request if it has a
kbn-version header. But if I add a
kbn-version header to the AJAX request, the pre-flight
OPTIONS request fails with:
“CORS error: Some headers are not allowed”
I have tried adding
kbn-version to some Hapi configuration settings such as
server.cors.additionalExposedHeaders but none of them seem to work.
This is my
$ cat custom-kibana.yml --- # Default Kibana configuration from kibana-docker. server.name: kibana server.host: "0" server.cors : true server.cors.origin: ['*'] server.cors.additionalHeaders: ['kbn-xsrf', 'kbn-version'] server.cors.headers: ["accept", "authorization", "content-type", "if-none-match", "origin", "kbn-xsrf", "kbn-version"] server.cors.exposedHeaders: ["accept", "authorization", "content-type", "if-none-match", "origin", "kbn-xsrf", "kbn-version"] server.cors.additionalExposedHeaders: ['kbn-xsrf', 'kbn-version'] # server.ssl.enabled: true # server.ssl.key: kibana.pem # server.ssl.certificate: kibana-key.pem elasticsearch.url: https://localhost:9200 elasticsearch.ssl.verificationMode: none elasticsearch.username: kibanaserver elasticsearch.password: <pw> elasticsearch.requestHeadersWhitelist: ["securitytenant","Authorization"] opendistro_security.multitenancy.enabled: true opendistro_security.multitenancy.tenants.preferred: ["Private", "Global"] opendistro_security.readonly_mode.roles: ["kibana_read_only"]
How do I skip the sign-in screen, either by solving the issue I encountered or in any other way.