1

I'm trying to embed an Open search dashboard in an iframe inside a react application. The iframe code is provided by Open Search:

<iframe
    title="Dashboard"
    src="https://app-name.us-east-1.es.amazonaws.com/_dashboards/app/dashboards?security_tenant=READ_ONLY#/view/app-id?_g=(filters:!(),refreshInterval:(pause:!t,value:0),time:(from:now-15m,to:now))&_a=(description:'',filters:!(),fullScreenMode:!f,options:(hidePanelTitles:!f,useMargins:!t),query:(language:kuery,query:''),timeRestore:!f,title:test_abm,viewMode:view)"
  ></iframe>

but I'm getting the following error:

Refused to display 'https://app_name.auth.us-east-1.amazoncognito.com/' in a frame because it set 'X-Frame-Options' to 'deny'.

I think cognito is blocking the conection because it doesn't detect that I'm logged in.

Is there a way to pass my auth token to the iframe so it will display the dashboard?

facundo rotger
  • 115
  • 1
  • 2
  • 10

1 Answers1

0

You can use Proxy-based authentication and send user_header and roles_header to opensearch. So you can have your own authentication

If you already have a single sign-on (SSO) solution in place, you might want to use it as an authentication backend.
Most solutions work as a proxy in front of OpenSearch and the security plugin. If proxy authentication succeeds, the proxy adds the (verified) username and its (verified) roles in HTTP header fields. The names of these fields depend on the SSO solution you have in place.
The security plugin then extracts these HTTP header fields from the request and uses the values to determine the user’s permissions.

https://opensearch.org/docs/latest/security/authentication-backends/proxy/

morteza ataiy
  • 541
  • 4
  • 12