Set SameSite for cookies

Hi,

I want to use embedded dashboard in external website and for that I want to set SameSite cokie attribute to NONE.
I found equivalent of this in Elastic ELK using xpack but not for open distro version.

Can somebody help here?

Hi,

based on [1], you have to add

opendistro_security.cookie.sameSite: "None"

to your kibana.yml

Regards,

Clifford
[1] security-kibana-plugin/index.ts at main · opendistro-for-elasticsearch/security-kibana-plugin · GitHub

1 Like

@clsa - Thank you so much.
I am facing “Invalid RequestId” problem when having SSO (SAML) and embedded in iFrame.
I think it’s because of the cookie issue and hopefully it will solve this problem.

The setting is actually:

opendistro_security.cookie.isSameSite: “None”

It needs to be used on conjunction with:

opendistro_security.cookie.secure: true

2 Likes

@hansman, Yes it’s working with these configs. Thank you so much.

1 Like

For me am using the Kibana OSS 7.10.2 the above configuration setting are not working to load the Kibana GUI with in the iframe of another site