We can change the default tenancy, and the display ordering of the tenancies in the ROR menu by providing the defaultGroup query parameter in the HTTP request submitted by the login form, and change the order of availableGroups thanks to the enrichIdentitySessionMetadata method.
Declare readonlyrest_kbn.custom_middleware_inject_file: 'path/to/custom_middleware_inject_file.js' in the kibana.yml and declare custom_middleware_inject_file.js
asyncfunctioncustomMiddleware(req, res, next) {constrorRequest=req.rorRequest;constmetadata=req.rorRequest &&req.rorRequest.getIdentitySession() &&req.rorRequest.getIdentitySession().metadata;constdefaultGroup='infosec';constX_FORWARDED_USER='x-forwarded-user';if (rorRequest.getPath() ==='/login'&&rorRequest.getMethod() ==='post') {// For the login formif (rorRequest.getBody().username ==='admin') {rorRequest.setQuery('defaultGroup', defaultGroup); }// For the SAML/OIDC loginconsttoken=rorRequest.getBody().conn_svc_transient_jwt;if (token) {constparsedJWT=JSON.parse(Buffer.from(token.split('.')[1],'base64').toString());if (parsedJWT.user ==='admin') {rorRequest.setQuery('defaultGroup', defaultGroup); } } }// For the Proxy authorizationif (!metadata &&req.headers[X_FORWARDED_USER]) {if (req.headers[X_FORWARDED_USER] ==='admin') {rorRequest.setQuery('defaultGroup', defaultGroup); } }if (metadata &&rorRequest.getPath() ==='/pkp/api/info') {constavailableGroups=metadata.availableGroups;if (availableGroups.some(availableGroup => availableGroup === defaultGroup)) {constindex=availableGroups.indexOf(defaultGroup);constgroupAvailable= index !==-1;if (groupAvailable) {availableGroups.splice(index,1);availableGroups.unshift(defaultGroup); }rorRequest.enrichIdentitySessionMetadata({ availableGroups }); } }returnnext();}
In this example, before the login to the Kibana, when the username is equal 'admin', we add default tenant rorRequest.setQuery('defaultGroup', defaultGroup); which means, that it will be the first tenant opened after the login. During the active Kibana session, we will also change the order of tenants displayed in the ROR menu and our default tenant will be the first on the list.
⚠️IMPORTANT Custom middleware must return next() function, to not block the request