Hello
My project is to be able to display an opensearch dashboard in a iframe without showing the opensearch login page
For that, i would like to use the jwt_token as the url parameter : for example : the src field of the iframe would be "localhost:5601/app/dashboards?security_tenant=global#/view/edf84fe0-e1a0-11e7-b6d5-4dc382ef7f5b?embed=true?jwt_token={myjwttoken}
For that , i change the config.yml by upgrading the section
jwt_auth_domain:
description: "Authenticate via Json Web Token"
http_enabled: true
transport_enabled: true
order: 0
http_authenticator:
type: jwt
challenge: false
config:
signing_key: "usuxqaUmbbe0VqN+Q90KCk5sXHCfEVookMRyEXAMPLE="
jwt_header: "Authorization"
jwt_url_parameter: jwt_token
roles_key: roles
subject_key: sub
authentication_backend:
type: noop
I generate a jwt token with the following payload:
{
"sub": "admin",
"roles": "admin"
}
and add it to the url
When i load my html page, the beginning seems to be ok until i received 401 to internal request like GET /api/v1/restapiinfo , GET /api/v1/configuration/account
i also add to the opensearch-dasboard.yml config :
opensearch.requestHeadersWhitelist: [ Authorization,securitytenant , authorization, jwt_token]
Is there something i missed ?
Thanks