SSO Cloud users from Kibana into Enterprise Search

[osmanis]

Today when Cloud users navigate to Kibana, they see an overview page for Enterprise Search. If the Enterprise Search app is running in the user's deployment, they will be presented with a link directly into the app. However once clicked, they are prompted to login, even with an active Cloud and Kibana session. Logged in users should be SSO'd into the Enterprise Search app without having to login.

CC @jowiho @Kushmaro @mriley @jbynum

[richkuz]

Here's what the end to end flow looks like:

I recommend we leave this alone as a known behavior:

1. This issue becomes moot by 7.14. By 7.14, we'll have the entire Enterprise Search UI in Kibana, with no need to load the old UI at all.

2. From my brief investigation, it's not trivial to solve. We'll need to make code changes on Cloud, Kibana, and Enterprise Search. More details at point #3 https://github.com/elastic/enterprise-search-team/issues/304#issuecomment-705847671 . We would have to change the Kibana plugin links to reach Enterprise Search by way of the hosting Cloud provider. Cloud might also need to support forwarding a RelayState parameter to Enterprise Search to preserve deep link redirects. And Enterprise Search might need to implement support for redirecting to the value specified in the RelayState parameter if it's not handled already.

[richkuz]

cc @aznick @zumwalt

[aznick]

++

I'd also recommend we not implement changes here, as it will be a non-issue in a few minors. Having to log in again is a little bumpy, but we've alleviated most of the friction with the click to SSO (rather than needing to dig for credentials).