[7.x] Simplify anonymous access & embedding docs. (#99747)

elastic · May 11, 2021 · 534ceb4 · 534ceb4
1 parent 4ff0bb3
commit 534ceb4
Show file tree

Hide file tree

Showing 4 changed files with 21 additions and 22 deletions.
diff --git a/docs/settings/security-settings.asciidoc b/docs/settings/security-settings.asciidoc
@@ -264,7 +264,7 @@ You can configure the following settings in the `kibana.yml` file.
   this to `true` if SSL is configured outside of {kib} (for example, you are
   routing requests through a load balancer or proxy).
 
-| `xpack.security.sameSiteCookies` {ess-icon}
+| [[xpack-security-sameSiteCookies]] `xpack.security.sameSiteCookies` {ess-icon}
   | Sets the `SameSite` attribute of the session cookie. This allows you to declare whether your cookie should be restricted to a first-party or same-site context.
   Valid values are `Strict`, `Lax`, `None`.
   This is *not set* by default, which modern browsers will treat as `Lax`. If you use Kibana embedded in an iframe in modern browsers, you might need to set it to `None`. Setting this value to `None` requires cookies to be sent over a secure connection by setting <<xpack-security-secureCookies, `xpack.security.secureCookies`>>: true`. Some old versions of IE11 do not support `SameSite: None`.

diff --git a/docs/setup/embedding.asciidoc b/docs/setup/embedding.asciidoc
@@ -3,13 +3,13 @@
 
 Once you create a dashboard or a visualization, you might want to share it with your colleagues or friends. The easiest way to do this is to share a direct link to your dashboard or visualization. However, some users might not have access to your {kib}.
 
-With the {kib} embedding functionality, you can display the content you created in {kib} to an internal company website or a personal web page. 
+With the {kib} embedding functionality, you can display the content you created in {kib} to an internal company website or a personal web page.
 
-. Open the main menu, then click *Dashboard* or *Visualize Library*. 
+. Open the main menu, then click *Dashboard* or *Visualize Library*.
 
 . Open the dashboard or visualization you want to embed.
 
-. To generate the HTML code snippet, open the *Share* menu, then click *Embed code > Copy iFrame code*. 
+. To generate the HTML code snippet, open the *Share* menu, then click *Embed code > Copy iFrame code*.
 +
 You can embed this snippet in your web page, and then add analysis, images, and links to give more context to the object you're sharing.
 +

diff --git a/docs/user/security/authentication/index.asciidoc b/docs/user/security/authentication/index.asciidoc
@@ -24,7 +24,7 @@ TIP: To provide login instructions to users, use the `xpack.security.loginHelp`
 
 If you don't want a specific provider to show up at the Login Selector UI (e.g. to only support third-party initiated login) you can hide it with `showInSelector` setting set to `false`. However, in this case, the provider is presented in the provider chain and may be consulted during authentication based on its `order`. To disable the provider, use the `enabled` setting.
 
-TIP: The Login Selector UI can also be disabled or enabled with `xpack.security.authc.selector.enabled` setting. 
+TIP: The Login Selector UI can also be disabled or enabled with `xpack.security.authc.selector.enabled` setting.
 
 Here is how your `kibana.yml` and Login Selector UI can look like if you deal with multiple authentication providers:
 
@@ -292,9 +292,9 @@ xpack.security.authc.providers:
     order: 1
 -----------------------------------------------
 
-IMPORTANT: {kib} uses SPNEGO, which wraps the Kerberos protocol for use with HTTP, extending it to web applications. 
+IMPORTANT: {kib} uses SPNEGO, which wraps the Kerberos protocol for use with HTTP, extending it to web applications.
 At the end of the Kerberos handshake, {kib} forwards the service ticket to {es}, then {es} unpacks the service ticket and responds with an access and refresh token, which are used for subsequent authentication.
-On every {es} node that {kib} connects to, the keytab file should always contain the HTTP service principal for the {kib} host. 
+On every {es} node that {kib} connects to, the keytab file should always contain the HTTP service principal for the {kib} host.
 The HTTP service principal name must have the `HTTP/kibana.domain.local@KIBANA.DOMAIN.LOCAL` format.
 
 
@@ -386,23 +386,20 @@ xpack.security.authc.providers:
 [[anonymous-access-and-embedding]]
 ===== Anonymous access and embedding
 
-One of the most popular use cases for anonymous access is when you embed {kib} into other applications and don't want to force your users to log in to view it. If you configured {kib} to use anonymous access as the sole authentication mechanism, you don't need to do anything special while embedding {kib}.
+One of the most popular use cases for anonymous access is when you embed {kib} into other applications and don't want to force your users to log in to view it.
+If you configured {kib} to use anonymous access as the sole authentication mechanism, you don't need to do anything special while embedding {kib}.
 
-If you have multiple authentication providers enabled, and you want to automatically log in anonymous users when embedding, then you will need to add the `auth_provider_hint=<anonymous-provider-name>` query string parameter to the {kib} URL that you're embedding.
+If you have multiple authentication providers enabled, and you want to automatically log in anonymous users when embedding dashboards and visualizations:
 
-For example, if you generate the iframe code to embed {kib}, it will look like this:
-
-```html
-<iframe src="https://localhost:5601/app/dashboards#/view/722b74f0-b882-11e8-a6d9-e546fe2bba5f?embed=true&_g=(....)" height="600" width="800"></iframe>
-```
-
-To make this iframe leverage anonymous access automatically, you will need to modify a link to {kib} in the `src` iframe attribute to look like this:
-
-```html
-<iframe src="https://localhost:5601/app/dashboards?auth_provider_hint=anonymous1#/view/722b74f0-b882-11e8-a6d9-e546fe2bba5f?embed=true&_g=(....)" height="600" width="800"></iframe>
-```
-
-Note that `auth_provider_hint` query string parameter goes *before* the hash URL fragment.
+. Open the main menu, then click *Dashboard* or *Visualize Library*.
+. Open then dashboard or visualization you want to embed.
+. Open the *Share* menu, then click *Embed code > Public URL*.
++
+You can also use *Public URL* when you're generating permanent links to dashboards, visualizations, and saved searches.
++
+NOTE: *Public URL* is available only when anonymous access is configured and your anonymous service account has privileges to access what you want to embed or share.
++
+For more information, refer to <<embedding, Embed {kib} content in a web page>>.
 
 [float]
 [[anonymous-access-session]]

diff --git a/docs/user/setup.asciidoc b/docs/user/setup.asciidoc
@@ -59,3 +59,5 @@ include::security/tutorials/how-to-secure-access-to-kibana.asciidoc[]
 include::{kib-repo-dir}/setup/connect-to-elasticsearch.asciidoc[]
 
 include::{kib-repo-dir}/setup/upgrade.asciidoc[]
+
+include::{kib-repo-dir}/setup/embedding.asciidoc[]
Original file line number	Diff line number	Diff line change
Expand Up		@@ -59,3 +59,5 @@ include::security/tutorials/how-to-secure-access-to-kibana.asciidoc[]
		include::{kib-repo-dir}/setup/connect-to-elasticsearch.asciidoc[]

		include::{kib-repo-dir}/setup/upgrade.asciidoc[]

		include::{kib-repo-dir}/setup/embedding.asciidoc[]