JWT Reworking for Kibana API requests#63
Merged
KjellKod merged 7 commits intologrhythm:4.1.10_NMfrom Sep 6, 2016
Merged
Conversation
added 4 commits
September 2, 2016 16:35
Working for Audit but not for pcap download...
src/kibana/index.js
Outdated
| console.log("KIBANA: Full Url = **"+ fullUrl +"**"); | ||
| console.log("KIBANA: Search Url = **"+ searchUrl +"**"); | ||
| console.log("KIBANA: Href Url = **"+ hrefUrl +"**"); | ||
| console.log("OFFICIAL JWT: **" + oneTrueJwt[1] + "**"); |
Author
There was a problem hiding this comment.
I've grown fond of them now
|
what about search audits? |
src/kibana/index.js
Outdated
| 'Expires': 0 | ||
| }); | ||
| var fullUrl = window.location; | ||
| var searchUrl = window.location.search; |
Author
There was a problem hiding this comment.
remove this and above line
|
👍 |
|
|
||
| // Look for 'token=', then capture all characters | ||
| // after (non-greedy) until either end of substring | ||
| // or the next ampersand. |
|
👍 |
Author
|
@alexweltman To reference your question, Audit log was fixed with the Restangular request interceptor after also passing the jwt through the iframe url. Pcap download and file recon required the extra effort that we discussed on GTM |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
The ONLY reasonably safe way for us to communicate our JWT from netmon www world to kibana is to pass it as a URL parameter when we display the iframe.
Now, when kibana gets the URL that we want to display, we will regex match the token as a string and save it in Kibana's domain cache (separate from www's domain cache).
In order to do pcap download, we use ANOTHER iframe to talk to www as a GET request. When we do this, again, we must pass the JWT in the iframe URL.
To read this off appropriately, I needed to add a function in our API class to 1) get the token from the HTTP headers if it is there and 2) look for it in the URL paramters if it is not.