In the following DIY blog series, I described how we can use the framework provided in PeopleTools 8.58 to configure our own custom visualizations and dashboards in Kibana and use them in PeopleSoft applications via the 'Kibana Visualizer'.
DIY Kibana Dashboards with Application Data
Kibana Admin Login
As part of the DIY configuration process (detailed in Part 2), we need to login to the Kibana Administration page and setup index patterns, visualizations and dashboards. Typically, this step would/should be completed by a developer/analyst/admin type of user. As you can see below, the Kibana Administration page requires a separate login. With the latest integration provided in PeopleTools, we can simply use the same userid/password as in PeopleSoft and also enter the database name.
Access Kibana Administration from PeopleSoft using SSO
PeopleSoft already delivered a security plug-in for Kibana that allows end users to access Kibana visualizations and dashboards from within the PeopleSoft UI. Basically, if users are logged in to PeopleSoft (with a PS_TOKEN), then they can simply access the Kibana visualizations without having to login to Kibana again.
We can take the same logic and create a link in PeopleSoft that will open the Kibana (Admin) Home without requiring a separate step to login to Kibana. In the screenshot below, we can see the
The logic for generating this URL is available in
Custom IScript
We can take the same logic available in the delivered Page PeopleCode and create a custom IScript to redirect to the Kibana (Admin) Home.
Custom Content Reference (CREF)
Next, we can create a custom content reference and associated the IScript created in the previous section. For the sake of simplicity, I added the CREF under
Demo
DIY Kibana Dashboards with Application Data
Kibana Admin Login
As part of the DIY configuration process (detailed in Part 2), we need to login to the Kibana Administration page and setup index patterns, visualizations and dashboards. Typically, this step would/should be completed by a developer/analyst/admin type of user. As you can see below, the Kibana Administration page requires a separate login. With the latest integration provided in PeopleTools, we can simply use the same userid/password as in PeopleSoft and also enter the database name.
Access Kibana Administration from PeopleSoft using SSO
PeopleSoft already delivered a security plug-in for Kibana that allows end users to access Kibana visualizations and dashboards from within the PeopleSoft UI. Basically, if users are logged in to PeopleSoft (with a PS_TOKEN), then they can simply access the Kibana visualizations without having to login to Kibana again.
We can take the same logic and create a link in PeopleSoft that will open the Kibana (Admin) Home without requiring a separate step to login to Kibana. In the screenshot below, we can see the
user
and token
parameters in the Kibana iframe
URL.The logic for generating this URL is available in
PTSF_KIBANA_COMP.Activate
Page PeopleCode. Custom IScript
We can take the same logic available in the delivered Page PeopleCode and create a custom IScript to redirect to the Kibana (Admin) Home.
Custom Content Reference (CREF)
Next, we can create a custom content reference and associated the IScript created in the previous section. For the sake of simplicity, I added the CREF under
PeopleTools > Search Framework > Administration
folder. You can change this to an appropriate parent folder of your choice.Demo
Hi Sasank,
ReplyDeleteI have around 5 SRs for quite some time now, at least, regarding Kibana and security.
For example, going from PeopleSoft HTTP from server A to Kibana on server B is not working really straightaway. Some cookie domain issues, support says.
From PeopleSoft HTTPS, it is even more difficult.
And Kibana login page is all but not secure. The least I can say. It is all quite concerning.
You are on a demo HR, I could use PS on your instance without knowing PS's user password, and database even less.
On full HTTPS, Kibana login page is weak, regardless passsword and database (how Kibana knows about database by the way?), you can connect with a proper PeopleSoft user, nothing nore is needed.
On the other hands, HTTPS makes the all exercise more difficult to accomplish.
This is a nice product, for sure, but seeing how it goes, I'm not sure if it is truly ready for PeopleSoft integration yet.
Kind regards,
Nicolas.
Hi Nicolas,
DeleteThank you for sharing your experience! I am planning to explore the SSL configuration for Kibana and how it works with the existing Elasticsearch and PIA setup. I might have more updates/content on that topic later. But wanted to provide a response to your comments in the meantime.
I have not tried setting up https directly on the Kibana layer. Instead I have used a load balancer (like f5). This is how the PIAs are also setup in this scenario.
In any case, I agree that setting up https/SSL for Kibana might require additional thought and consideration depending on existing setup of PIA and Elasticsearch.
Although, I have not encountered issues with the Kibana login page as you mentioned. One thing to note is that, if we are already logged in to PeopleSoft, then the PS_TOKEN will automatically log us in to Kibana (at least in 8.58). I am sure you know that but I did not know if that had anything to do with your experience.
I tried entering just the userid (like PS) a) without password and database; b) without database; and I don't seem to be able to get in. Again, I am not seeing the same behavior as you.
How PeopleSoft knows the database? Based on my understanding, the 8.58 Kibana DPK provides a security plugin for Kibana. This allows Kibana to perform the necessary database level interrogation and connectivity. This is required because (similar to Elasticsearch) Kibana could be serving multiple databases.
These are just a few of my thoughts on this subject. As I said, I will provide more updates/content once I explore the SSL configuration for Kibana more.
Thanks for sharing your experience! It is much appreciated.
Sasank
Hi Sasank,
DeleteI have a P1 service request associated ti a bug opened for two months by now. If it not solved within the upcoming patch round in a week or two, then I will wrote something about that, and more bad experiences I have had si far with ELK and PeopleTools 8.58.
Cheers,
Nicolas
Hi Sasank,
DeleteI have a P1 service request associated ti a bug opened for two months by now. If it not solved within the upcoming patch round in a week or two, then I will wrote something about that, and more bad experiences I have had si far with ELK and PeopleTools 8.58.
Cheers,
Nicolas