2018-05-14 18:35:02 -04:00
|
|
|
[role="xpack"]
|
2017-04-06 21:29:29 -04:00
|
|
|
[[pki-realm]]
|
2018-05-01 16:47:24 -04:00
|
|
|
=== PKI user authentication
|
2017-04-06 21:29:29 -04:00
|
|
|
|
|
|
|
You can configure {security} to use Public Key Infrastructure (PKI) certificates
|
2018-01-24 11:32:23 -05:00
|
|
|
to authenticate users in {es}. This requires clients to present X.509
|
|
|
|
certificates.
|
|
|
|
|
|
|
|
NOTE: You cannot use PKI certificates to authenticate users in {kib}.
|
|
|
|
|
|
|
|
To use PKI in {es}, you configure a PKI realm, enable client authentication on
|
|
|
|
the desired network layers (transport or http), and map the Distinguished Names
|
|
|
|
(DNs) from the user certificates to {security} roles in the
|
|
|
|
<<mapping-roles, role mapping file>>.
|
2017-04-06 21:29:29 -04:00
|
|
|
|
2018-05-01 16:47:24 -04:00
|
|
|
See {ref}/configuring-pki-realm.html[Configuring a PKI realm].
|
2017-04-06 21:29:29 -04:00
|
|
|
|
|
|
|
[[pki-settings]]
|
2018-05-02 15:08:02 -04:00
|
|
|
==== PKI realm settings
|
2017-07-06 23:33:35 -04:00
|
|
|
|
2018-05-01 16:47:24 -04:00
|
|
|
See {ref}/security-settings.html#ref-pki-settings[PKI realm settings].
|