27 lines
1.2 KiB
Plaintext
27 lines
1.2 KiB
Plaintext
|
[role="xpack"]
|
||
|
|
[[setting-up-authentication]]
|
||
|
|
== User authentication
|
||
|
|
|
||
|
|
Authentication identifies an individual. To gain access to restricted resources,
|
||
|
|
a user must prove their identity, via passwords, credentials, or some other
|
||
|
|
means (typically referred to as authentication tokens).
|
||
|
|
|
||
|
|
The {stack} authenticates users by identifying the users behind the requests
|
||
|
|
that hit the cluster and verifying that they are who they claim to be. The
|
||
|
|
authentication process is handled by one or more authentication services called
|
||
|
|
<<realms,_realms_>>.
|
||
|
|
|
||
|
|
You can use the native support for managing and authenticating users, or
|
||
|
|
integrate with external user management systems such as LDAP and Active
|
||
|
|
Directory.
|
||
|
|
|
||
|
|
The {stack-security-features} provide built-in realms such as `native`,`ldap`,
|
||
|
|
`active_directory`, `pki`, `file`, and `saml`. If none of the built-in realms
|
||
|
|
meet your needs, you can also build your own custom realm and plug it into the
|
||
|
|
{stack}.
|
||
|
|
|
||
|
|
When {security-features} are enabled, depending on the realms you've configured,
|
||
|
|
you must attach your user credentials to the requests sent to {es}. For example,
|
||
|
|
when using realms that support usernames and passwords you can simply attach
|
||
|
|
{wikipedia}/Basic_access_authentication[basic auth] header to the requests.
|