Set SameSite for cookies

hirendesai · February 19, 2021, 12:36pm

Hi,

I want to use embedded dashboard in external website and for that I want to set SameSite cokie attribute to NONE.
I found equivalent of this in Elastic ELK using xpack but not for open distro version.

Can somebody help here?

clsa · February 21, 2021, 11:26am

Hi,

based on [1], you have to add

opendistro_security.cookie.sameSite: "None"

to your kibana.yml

Regards,

Clifford
[1] security-kibana-plugin/index.ts at main · opendistro-for-elasticsearch/security-kibana-plugin · GitHub

hirendesai · February 21, 2021, 1:54pm

@clsa - Thank you so much.
I am facing “Invalid RequestId” problem when having SSO (SAML) and embedded in iFrame.
I think it’s because of the cookie issue and hopefully it will solve this problem.

hansman · April 1, 2021, 6:43pm

The setting is actually:

opendistro_security.cookie.isSameSite: “None”

It needs to be used on conjunction with:

opendistro_security.cookie.secure: true

SurendarReddy · April 1, 2021, 7:19pm

@hansman, Yes it’s working with these configs. Thank you so much.

wazuhsai · August 30, 2021, 12:30pm

For me am using the Kibana OSS 7.10.2 the above configuration setting are not working to load the Kibana GUI with in the iframe of another site

Topic		Replies	Views
Using opendashboards as iframe code in other apps Open Source Elasticsearch and Kibana troubleshoot	4	609	May 21, 2023
Need configuration to enable disable same site cookie option in the Kibana 7.10.2 version Open Source Elasticsearch and Kibana	3	444	August 30, 2021
Set SameSite for cookies for opensearch dashboard OpenSearch configure	1	626	March 3, 2023
Opendistro 1.10 breaking change - need more information Security	2	471	November 18, 2021
Setting up SSL with OpenID Security	4	2105	July 16, 2021

Set SameSite for cookies

Related topics