51 lines
1.6 KiB
Plaintext
51 lines
1.6 KiB
Plaintext
|
[[setting-up-authentication]]
|
||
|
== User authentication
|
||
|
|
||
|
Authentication identifies an individual. To gain access to restricted resources,
|
||
|
a user must prove their identity, via passwords, credentials, or some other
|
||
|
means (typically referred to as authentication tokens).
|
||
|
|
||
|
The {stack} authenticates users by identifying the users behind the requests
|
||
|
that hit the cluster and verifying that they are who they claim to be. The
|
||
|
authentication process is handled by one or more authentication services called
|
||
|
<<realms,_realms_>>.
|
||
|
|
||
|
You can use the native support for managing and authenticating users, or
|
||
|
integrate with external user management systems such as LDAP and Active
|
||
|
Directory.
|
||
|
|
||
|
{security} provides built-in realms such as `native`,`ldap`, `active_directory`,
|
||
|
`pki`, `file`, and `saml`. If none of the built-in realms meet your needs, you
|
||
|
can also build your own custom realm and plug it into the {stack}.
|
||
|
|
||
|
When {security} is enabled, depending on the realms you've configured, you must
|
||
|
attach your user credentials to the requests sent to {es}. For example, when
|
||
|
using realms that support usernames and passwords you can simply attach
|
||
|
{wikipedia}/Basic_access_authentication[basic auth] header to the requests.
|
||
|
|
||
|
include::built-in-users.asciidoc[]
|
||
|
|
||
|
include::internal-users.asciidoc[]
|
||
|
|
||
|
include::realms.asciidoc[]
|
||
|
|
||
|
include::active-directory-realm.asciidoc[]
|
||
|
|
||
|
include::file-realm.asciidoc[]
|
||
|
|
||
|
include::ldap-realm.asciidoc[]
|
||
|
|
||
|
include::native-realm.asciidoc[]
|
||
|
|
||
|
include::pki-realm.asciidoc[]
|
||
|
|
||
|
include::saml-realm.asciidoc[]
|
||
|
|
||
|
include::custom-realm.asciidoc[]
|
||
|
|
||
|
include::anonymous-access.asciidoc[]
|
||
|
|
||
|
include::user-cache.asciidoc[]
|
||
|
|
||
|
include::saml-guide.asciidoc[]
|