Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[DOCS] Adds the authentication security settings to 7.7 docs #96457

Merged
merged 7 commits into from
Apr 12, 2021
Merged

[DOCS] Adds the authentication security settings to 7.7 docs #96457

Changes from 4 commits
Commits
Show all changes
7 commits
Select commit Hold shift + click to select a range
c2d44be
[DOCS] Adds the authentication security settings to 7.7 docs
KOTungseth Apr 7, 2021
ac8a11f
Update docs/settings/security-settings.asciidoc
KOTungseth Apr 8, 2021
cfa7b15
Update docs/settings/security-settings.asciidoc
KOTungseth Apr 8, 2021
874143c
Adds xpack.security.authc.saml.maxRedirectURLSize deprecation
KOTungseth Apr 8, 2021
aa99821
Update docs/settings/security-settings.asciidoc
KOTungseth Apr 12, 2021
e6e5303
Removes extra space between settings
KOTungseth Apr 12, 2021
91d8a4b
Merge branch 'docs/security-setting' of github.com:KOTungseth/kibana …
KOTungseth Apr 12, 2021
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
119 changes: 119 additions & 0 deletions docs/settings/security-settings.asciidoc
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -30,6 +30,125 @@ You do not need to configure any additional settings to use the

|===

[float]
[[authentication-security-settings]]
==== Authentication security settings

You configure authentication settings in the `xpack.security.authc` namespace in `kibana.yml`.

For example:

[source,yaml]
----------------------------------------
xpack.security.authc:
providers:
basic.basic1: <1>
order: 0 <2>
...

saml.saml1: <3>
order: 1
...

saml.saml2: <4>
order: 2
...

pki.realm3:
order: 3
...
...
----------------------------------------
<1> Specifies the type of authentication provider (for example, `basic`, `token`, `saml`, `oidc`, `kerberos`, `pki`) and the provider name. This setting is mandatory.
<2> Specifies the order of the provider in the authentication chain and on the Login Selector UI. This setting is mandatory.
<3> Specifies the settings for the SAML authentication provider with a `saml1` name.
<4> Specifies the settings for the SAML authentication provider with a `saml2` name.

The valid settings in the `xpack.security.authc.providers` namespace vary depending on the authentication provider type. For more information, refer to <<kibana-authentication>>.

[float]
[[authentication-provider-settings]]
===== Valid settings for all authentication providers

[cols="2*<"]
|===
| `xpack.security.authc.providers.`
`<provider-type>.<provider-name>.enabled`
| Determines if the authentication provider should be enabled. By default, {kib} enables the provider as soon as you configure any of its properties.

| `xpack.security.authc.providers.`
`<provider-type>.<provider-name>.order`
| Order of the provider in the authentication chain and on the Login Selector UI.

| `xpack.security.authc.providers.`
`<provider-type>.<provider-name>.description`
| Custom description of the provider entry displayed on the Login Selector UI.

KOTungseth marked this conversation as resolved.
Show resolved Hide resolved

| `xpack.security.authc.providers.<provider-type>.`
`<provider-name>.showInSelector`
| Flag that indicates if the provider should have an entry on the Login Selector UI. Setting this to `false` doesn't remove the provider from the authentication chain.

2+a|
[TIP]
[NOTE]
============
You are unable to set this setting to `false` for `basic` and `token` authentication providers.
============

|===

[float]
[[saml-authentication-provider-settings]]
===== SAML authentication provider settings

In addition to <<authentication-provider-settings,the settings that are valid for all providers>>, you can specify the following settings:

[cols="2*<"]
|===
| `xpack.security.authc.providers.`
`saml.<provider-name>.realm`
| SAML realm in {es} that provider should use.

| `xpack.security.authc.saml.maxRedirectURLSize`
KOTungseth marked this conversation as resolved.
Show resolved Hide resolved
| Specifies the maximum size of the URL that {kib} is allowed to store during the SAML handshake.

|===

[float]
[[oidc-authentication-provider-settings]]
===== OpenID Connect authentication provider settings

In addition to <<authentication-provider-settings,the settings that are valid for all providers>>, you can specify the following settings:

[cols="2*<"]
|===
| `xpack.security.authc.providers.`
`oidc.<provider-name>.realm`
| OpenID Connect realm in {es} that the provider should use.

|===

[float]
[[http-authentication-settings]]
===== HTTP authentication settings

There is a very limited set of cases when you'd want to change these settings. For more information, refer to <<http-authentication>>.

[cols="2*<"]
|===
| `xpack.security.authc.http.enabled`
| Determines if HTTP authentication should be enabled. By default, this setting is set to `true`.

| `xpack.security.authc.http.autoSchemesEnabled`
| Determines if HTTP authentication schemes used by the enabled authentication providers should be automatically supported during HTTP authentication. By default, this setting is set to `true`.

| `xpack.security.authc.http.schemes[]`
| List of HTTP authentication schemes that {kib} HTTP authentication should support. By default, this setting is set to `['apikey']` to support HTTP authentication with <<api-keys, `ApiKey`>> scheme.

|===


[float]
[[security-ui-settings]]
==== User interface security settings
Expand Down