Set SameSite for cookies


I want to use embedded dashboard in external website and for that I want to set SameSite cokie attribute to NONE.
I found equivalent of this in Elastic ELK using xpack but not for open distro version.

Can somebody help here?


based on [1], you have to add

opendistro_security.cookie.sameSite: "None"

to your kibana.yml


[1] security-kibana-plugin/index.ts at main · opendistro-for-elasticsearch/security-kibana-plugin · GitHub

1 Like

@clsa - Thank you so much.
I am facing “Invalid RequestId” problem when having SSO (SAML) and embedded in iFrame.
I think it’s because of the cookie issue and hopefully it will solve this problem.

The setting is actually:

opendistro_security.cookie.isSameSite: “None”

It needs to be used on conjunction with: true


@hansman, Yes it’s working with these configs. Thank you so much.

1 Like

For me am using the Kibana OSS 7.10.2 the above configuration setting are not working to load the Kibana GUI with in the iframe of another site