-
Notifications
You must be signed in to change notification settings - Fork 8.3k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Simplify anonymous access & embedding docs. #90409
Merged
azasypkin
merged 11 commits into
elastic:master
from
azasypkin:issue-xxx-simplify-anonymous-docs
Feb 23, 2021
Merged
Changes from 9 commits
Commits
Show all changes
11 commits
Select commit
Hold shift + click to select a range
7edec76
Simply anonymous access & embedding docs.
azasypkin 67d1119
Merge branch 'master' into issue-xxx-simplify-anonymous-docs
azasypkin 26a456d
Merge branch 'master' into issue-xxx-simplify-anonymous-docs
azasypkin e2ed50b
Review#1: handle review feedback and add dedicated section for embedd…
azasypkin 436322e
Merge branch 'master' into issue-xxx-simplify-anonymous-docs
azasypkin 6a9d213
Merge branch 'master' into issue-xxx-simplify-anonymous-docs
azasypkin 60d7ca0
Review#2: handle review feedback.
azasypkin ddf76c7
Merge branch 'master' into issue-xxx-simplify-anonymous-docs
azasypkin ef5788e
Review#3: handle review feedback.
azasypkin 54b2f48
Merge branch 'master' into issue-xxx-simplify-anonymous-docs
azasypkin 2349a92
Review#4: handle review feedaback.
azasypkin File filter
Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,55 @@ | ||
[[embedding]] | ||
== Embedding {kib} content in a web page | ||
|
||
Once you create a dashboard or a visualization, you might want to share it with your colleagues or friends. The easiest way to do this is to share a direct link to your dashboard or visualization. However, some users might not have access to your {kib}. | ||
|
||
With the {kib} embedding functionality, you can display the content you created in {kib} to an internal company website or a personal web page. From *Dashboard* or *Visualize*, open the *Share > Embed code* menu, and then click *Copy iFrame code* to generate an HTML code snippet. You can embed this snippet in your web page, and then add analysis, images, and links to give more context to the object you're sharing. | ||
|
||
image::images/embed-kibana.png[Generate an HTML snippet to embed {kib}, align=center] | ||
|
||
NOTE: Embedding of any other part of {kib} is also generally possible, but you may need to craft the proper HTML code manually. | ||
This comment was marked as resolved.
Sorry, something went wrong. |
||
|
||
[float] | ||
[[embedding-security]] | ||
=== Configure security | ||
|
||
Embedding content through iframes requires careful consideration to minimize security risks. By default, modern web browsers enforce the | ||
https://developer.mozilla.org/en-US/docs/Web/Security/Same-origin_policy[same-origin policy] to restrict the behavior of framed pages. When | ||
{stack-security-features} are enabled on your cluster, you must relax this constraint for cookies as described in <<embedding-cookies, Cookies>> for {kib} to function | ||
in an iframe. Refer to https://developer.mozilla.org/en-US/docs/Web/HTML/Element/iframe[iframe] and | ||
https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie/SameSite[SameSite cookies] for more information. | ||
|
||
[float] | ||
==== Authentication | ||
If you're embedding {kib} in a website that supports Single Sign-On with SAML, OpenID Connect, Kerberos, or PKI, it's highly advisable to configure {kib} as a part of the Single Sign-On setup. Operating in a single and properly configured security domain provides you with the most secure and seamless user experience. You can read more at <<kibana-authentication, Authentication in {kib}>>. | ||
|
||
If you want users to access embedded {kib} by skipping the login step, and Single Sign-On isn't an option for you, consider configuring <<anonymous-authentication, anonymous access>>. It is already natively integrated into the workflow for embedding dashboards and visualizations. | ||
|
||
If you have multiple authentication providers enabled, and you want to automatically log in anonymous users when embedding anything other than dashboards and visualizations, then you will need to add the `auth_provider_hint=<anonymous-provider-name>` query string parameter to the {kib} URL that you're embedding. | ||
This comment was marked as resolved.
Sorry, something went wrong.
This comment was marked as resolved.
Sorry, something went wrong.
This comment was marked as resolved.
Sorry, something went wrong. |
||
|
||
For example, if you craft the iframe code to embed {kib}, it might look like this: | ||
|
||
```html | ||
<iframe src="https://localhost:5601/app/monitoring#/elasticsearch/nodes?embed=true&_g=(....)" height="600" width="800"></iframe> | ||
``` | ||
|
||
To make this iframe leverage anonymous access automatically, you will need to modify a link to {kib} in the `src` iframe attribute to look like this: | ||
|
||
```html | ||
<iframe src="https://localhost:5601/app/monitoring?auth_provider_hint=anonymous1#/elasticsearch/nodes?embed=true&_g=(....)" height="600" width="800"></iframe> | ||
``` | ||
|
||
Note that the `auth_provider_hint` query string parameter goes *before* the hash URL fragment. | ||
|
||
[float] | ||
[[embedding-cookies]] | ||
==== Cookies | ||
|
||
Regardless of the authentication type that you're using for the embedded {kib}, you must make sure that the browsers can transmit session cookies to a {kib} server. The setting you need to be aware of is <<xpack-security-sameSiteCookies, `xpack.security.sameSiteCookies`>>. To support modern browsers, you must set it to `None`: | ||
|
||
[source,yaml] | ||
-- | ||
xpack.security.sameSiteCookies: "None" | ||
-- | ||
|
||
For more information about possible values and implications, go to <<xpack-security-sameSiteCookies, xpack.security.sameSiteCookies>>. |
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.