diff --git a/docs/api/session-management.asciidoc b/docs/api/session-management.asciidoc index e68749b96efde..a17c8d79054a6 100644 --- a/docs/api/session-management.asciidoc +++ b/docs/api/session-management.asciidoc @@ -1,11 +1,11 @@ [role="xpack"] [[session-management-api]] -== {kib} session management APIs +== {kib} user session management APIs Allows managing {kib} <>. -The following {kib} session management APIs are available: +The following {kib} user session management APIs are available: -* <> to invalidate {kib} user sessions +* <> to invalidate {kib} user sessions include::session-management/invalidate.asciidoc[] diff --git a/docs/api/session-management/invalidate.asciidoc b/docs/api/session-management/invalidate.asciidoc index c890d1418deaf..3199402468114 100644 --- a/docs/api/session-management/invalidate.asciidoc +++ b/docs/api/session-management/invalidate.asciidoc @@ -1,7 +1,7 @@ [[session-management-api-invalidate]] -=== Invalidate sessions API +=== Invalidate user sessions API ++++ -Invalidate sessions +Invalidate user sessions ++++ experimental[] Invalidates {kib} user sessions that match provided query. @@ -30,10 +30,16 @@ To use the invalidate sessions API, you must be a `superuser`. [%collapsible%open] ===== `provider` ::: -(Required, object) Contains required `type` and optional `name` string properties to match sessions that were created by the specific <>. +(Required, object) Describes the <> for which to invalidate sessions. + +`type` :::: +(Required, string) The authentication provider `type`. + +`name` :::: +(Optional, string) The authentication provider `name`. `username` ::: -(Optional, string) If specified, {kib} will only invalidate sessions that belong to a specific user. +(Optional, string) The username for which to invalidate sessions. ===== [[session-management-api-invalidate-response-body]] @@ -64,7 +70,7 @@ $ curl -X POST api/security/session/_invalidate -------------------------------------------------- // KIBANA -Invalidate sessions that were created by any <> only: +Invalidate sessions that were created by any <>: [source,sh] -------------------------------------------------- @@ -78,7 +84,7 @@ $ curl -X POST api/security/session/_invalidate -------------------------------------------------- // KIBANA -Invalidate sessions that were created by the <> with the name `saml1` only: +Invalidate sessions that were created by the <> with the name `saml1`: [source,sh] -------------------------------------------------- @@ -92,7 +98,7 @@ $ curl -X POST api/security/session/_invalidate -------------------------------------------------- // KIBANA -Invalidate sessions that were created by any <> for the user with the name `user@my-oidc-sso.com` only: +Invalidate sessions that were created by any <> for the user with the username `user@my-oidc-sso.com`: [source,sh] -------------------------------------------------- diff --git a/docs/user/security/authentication/index.asciidoc b/docs/user/security/authentication/index.asciidoc index ea8e4182a8af0..51bc04fddc029 100644 --- a/docs/user/security/authentication/index.asciidoc +++ b/docs/user/security/authentication/index.asciidoc @@ -401,7 +401,7 @@ For more information, refer to <>. [[anonymous-access-session]] ===== Anonymous access session -{kib} maintains a separate <> for every anonymous user, as it does for any other authentication mechanism. This way {kib} can maintain a personalized experience even for the users who didn't provide any personal credentials. +{kib} maintains a separate <> for every anonymous user, as it does for all other authentication mechanisms. You can configure both <> and <> for the anonymous sessions as you'd do for any other session with the only exception that idle timeout is explicitly disabled for the anonymous sessions by default. That means that the global <> setting won't affect anonymous sessions. If you want to change the idle timeout for the anonymous sessions, you must configure the provider-level <.session.idleTimeout`>> setting instead.