From 8869f2b9b2ea8fe159c4511e3f88483d9b32e1cb Mon Sep 17 00:00:00 2001 From: Lisa Cawley Date: Mon, 30 Dec 2019 07:03:38 -0800 Subject: [PATCH] [DOCS] Adds intro for OIDC realm (#50485) --- .../en/security/authentication/index.asciidoc | 1 + .../authentication/oidc-realm.asciidoc | 19 +++++++++++++++++++ 2 files changed, 20 insertions(+) create mode 100644 x-pack/docs/en/security/authentication/oidc-realm.asciidoc diff --git a/x-pack/docs/en/security/authentication/index.asciidoc b/x-pack/docs/en/security/authentication/index.asciidoc index 8e0fdb8f4a9..acf2c328d13 100644 --- a/x-pack/docs/en/security/authentication/index.asciidoc +++ b/x-pack/docs/en/security/authentication/index.asciidoc @@ -8,6 +8,7 @@ include::active-directory-realm.asciidoc[] include::file-realm.asciidoc[] include::ldap-realm.asciidoc[] include::native-realm.asciidoc[] +include::oidc-realm.asciidoc[] include::pki-realm.asciidoc[] include::saml-realm.asciidoc[] include::kerberos-realm.asciidoc[] diff --git a/x-pack/docs/en/security/authentication/oidc-realm.asciidoc b/x-pack/docs/en/security/authentication/oidc-realm.asciidoc new file mode 100644 index 00000000000..7d47e5288eb --- /dev/null +++ b/x-pack/docs/en/security/authentication/oidc-realm.asciidoc @@ -0,0 +1,19 @@ +[role="xpack"] +[[oidc-realm]] +=== OpenID Connect authentication + +The OpenID Connect realm enables {es} to serve as an OpenID Connect Relying +Party (RP) and provides single sign-on (SSO) support in {kib}. + +It is specifically designed to support authentication via an interactive web +browser, so it does not operate as a standard authentication realm. Instead, +there are {kib} and {es} {security-features} that work together to enable +interactive OpenID Connect sessions. + +This means that the OpenID Connect realm is not suitable for use by standard +REST clients. If you configure an OpenID Connect realm for use in {kib}, you +should also configure another realm, such as the <> +in your authentication chain. + +In order to simplify the process of configuring OpenID Connect authentication +within the {stack}, there is a step-by-step guide: <>.