Embed OpenSearch Dashboards using iframe

Versions (relevant - OpenSearch/Dashboard/Server OS/Browser):
2.7.0

Describe the issue:
I’m trying to include my OpenSearch Dashboard in my website using iframe like this :

<iframe src="https://localhost:5601" style="width: 100vw; height: 100vh;"></iframe>

So I can see the login page, however when i try to log in, the login page stays the same, and i have this error in the console :

image1020×518 46.3 KB

How can I login into OpenSearch Dashboards using iframe ?

PS : The dashboard works perfectly fine when I use it in the browser.

Configuration:

• opensearch.yml :

plugins.security.disabled: "false"

plugins.security.ssl.transport.pemcert_filepath: node1.pem
plugins.security.ssl.transport.pemkey_filepath: node1-key.pem
plugins.security.ssl.transport.pemtrustedcas_filepath: root-ca.pem
plugins.security.ssl.transport.enforce_hostname_verification: false
plugins.security.ssl.http.enabled: true
plugins.security.ssl.http.pemcert_filepath: node1.pem
plugins.security.ssl.http.pemkey_filepath: node1-key.pem
plugins.security.ssl.http.pemtrustedcas_filepath: root-ca.pem
plugins.security.authcz.admin_dn:
  - 'CN=A,OU=UNIT,O=ORG,L=TORONTO,ST=ONTARIO,C=CA'
plugins.security.nodes_dn:
  - 'CN=node1.dns.a-record,OU=UNIT,O=ORG,L=TORONTO,ST=ONTARIO,C=CA'
  - 'CN=node2.dns.a-record,OU=UNIT,O=ORG,L=TORONTO,ST=ONTARIO,C=CA'

plugins.security.restapi.roles_enabled: ["all_access", "security_rest_api_access", "client1_role"]

• opensearch_dashboards.yml :

opensearch.hosts: ["https://localhost:9200"]
opensearch.ssl.verificationMode: certificate
server.ssl.enabled: true
server.ssl.certificate: "path/to/client.pem"
server.ssl.key: "path/to/client-key.pem"
opensearch.ssl.certificateAuthorities: ["path/to/root-ca.pem"]
opensearch.username: kibanaserver
opensearch.password: kibanaserver
opensearch.requestHeadersAllowlist: ["securitytenant","Authorization"]
opensearch_security.multitenancy.enabled: true
opensearch_security.multitenancy.tenants.enable_global: true
opensearch_security.multitenancy.tenants.enable_private: true
opensearch_security.multitenancy.tenants.preferred: ["Private", "Global"]
opensearch_security.multitenancy.enable_filter: false

Relevant Logs or Screenshots:

Does anyone have an idea how to resolve this problem please ?

Hi Zakaria. I have done iframing dashboards when authentication was not enabled. In your case, I have a feeling that authentication page doesn’t allow being iframed. I will run an experiment to see what i can find.

Looks like it will take me a lot longer to run an experiment but here is an alternate solution that might interest you.

You can create anonymous read-only access and that way your dashboard can be ifamed without popping up the login screen. If that interests you, the comment below describes how it is done.

I need the login page, because i’m working with different users

@pablo Do you have any idea in this subject please ?

Can you try adding these lines to your Dashboards’ config file:

opensearch_security.cookie.secure: true
opensearch_security.cookie.isSameSite: "None"

This will allow the cookies from the different domain (Dashboards) be set when the visitor is on a different domain (your website).

Also, due to Apple’s ITP, if the Dashboards is not a subdomain of the page hosting the iframe, it will not work in Safari.