28 lines
1.1 KiB
Plaintext
28 lines
1.1 KiB
Plaintext
|
[role="xpack"]
|
||
|
|
[[pki-realm]]
|
||
|
|
=== PKI user authentication
|
||
|
|
|
||
|
|
You can configure {stack} {security-features} to use Public Key Infrastructure
|
||
|
|
(PKI) certificates to authenticate users in {es}. This requires clients to
|
||
|
|
present X.509 certificates.
|
||
|
|
|
||
|
|
You can use PKI certificates to authenticate users in {es} as well as {kib}.
|
||
|
|
|
||
|
|
To use PKI in {es}, you configure a PKI realm, enable client authentication on
|
||
|
|
the desired network layers (transport or http), and map the Distinguished Names
|
||
|
|
(DNs) from the user certificates to roles. You create the mappings in a <<pki-role-mapping, role
|
||
|
|
mapping file>> or use the {ref}/security-api-put-role-mapping.html[create role mappings API]. If you want the same users to also be
|
||
|
|
authenticated using certificates when they connect to {kib}, you must configure the {es} PKI
|
||
|
|
realm to
|
||
|
|
{ref}/configuring-pki-realm.html#pki-realm-for-proxied-clients[allow
|
||
|
|
delegation] and to
|
||
|
|
{kibana-ref}/kibana-authentication.html#pki-authentication[enable PKI
|
||
|
|
authentication in {kib}].
|
||
|
|
|
||
|
|
See also {ref}/configuring-pki-realm.html[Configuring a PKI realm].
|
||
|
|
|
||
|
|
[[pki-settings]]
|
||
|
|
==== PKI realm settings
|
||
|
|
|
||
|
|
See {ref}/security-settings.html#ref-pki-settings[PKI realm settings].
|