Auto sign-in to an embedded Kibana dashboard iframe

What I Want to Achieve

I pasted a Kibana dashboard’s iframe code in my webapp, which works fine. I’m trying to skip the sign-in screen.

What I Tried

Since I already have the user’s credentials in memory, I figured an AJAX call to /api/v1/auth/login before loading the embedded dashboard should set the appropriate cookie and skip the sign-in screen.

The issue is, Kibana will only accept the request if it has a kbn-version header. But if I add a kbn-version header to the AJAX request, the pre-flight OPTIONS request fails with:

“CORS error: Some headers are not allowed”

I have tried adding kbn-version to some Hapi configuration settings such as server.cors.additionalHeaders, server.cors.headers, server.cors.exposedHeaders, and server.cors.additionalExposedHeaders but none of them seem to work.

This is my custom-kibana.yml file:

$ cat custom-kibana.yml 
# Default Kibana configuration from kibana-docker. kibana "0"
server.cors : true
server.cors.origin: ['*']
server.cors.additionalHeaders: ['kbn-xsrf', 'kbn-version']
server.cors.headers: ["accept", "authorization", "content-type", "if-none-match", "origin", "kbn-xsrf", "kbn-version"]
server.cors.exposedHeaders: ["accept", "authorization", "content-type", "if-none-match", "origin", "kbn-xsrf", "kbn-version"]
server.cors.additionalExposedHeaders: ['kbn-xsrf', 'kbn-version']
# server.ssl.enabled: true
# server.ssl.key: kibana.pem
# server.ssl.certificate: kibana-key.pem
elasticsearch.url: https://localhost:9200
elasticsearch.ssl.verificationMode: none
elasticsearch.username: kibanaserver
elasticsearch.password: <pw>
elasticsearch.requestHeadersWhitelist: ["securitytenant","Authorization"]

opendistro_security.multitenancy.enabled: true
opendistro_security.multitenancy.tenants.preferred: ["Private", "Global"]
opendistro_security.readonly_mode.roles: ["kibana_read_only"]

My Question

How do I skip the sign-in screen, either by solving the issue I encountered or in any other way.

Hello yigal!

Please did you achieve skiping the sign-in screen on embedded Kibana dashboard iframe?