honeymoose
/
OpenSearch
mirror of https://github.com/honeymoose/OpenSearch.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
OpenSearch/x-pack/docs/en/security/authorization
History
Tim Vernum 273c82d7c9
Add support for "authorization_realms" (#33262) 
Authorization Realms allow an authenticating realm to delegate the task
of constructing a User object (with name, roles, etc) to one or more
other realms.

E.g. A client could authenticate using PKI, but then delegate to an LDAP
realm. The LDAP realm performs a "lookup" by principal, and then does
regular role-mapping from the discovered user.

This commit includes:
- authorization_realm support in the pki, ldap, saml & kerberos realms
- docs for authorization_realms
- checks that there are no "authorization chains"
   (whereby "realm-a" delegates to "realm-b", but "realm-b" delegates to "realm-c")

Authorization realms is a platinum feature.
 		2018-08-31 13:25:27 +10:00
..
alias-privileges.asciidoc [DOCS] Fixes title capitalization in security content 2018-05-14 15:36:03 -07:00
custom-roles-provider.asciidoc [DOCS] Fixes title capitalization in security content 2018-05-14 15:36:03 -07:00
field-and-document-access-control.asciidoc [DOCS] Creates field and document level security overview (#30937) 2018-06-21 10:08:50 -07:00
managing-roles.asciidoc [DOCS] Add docs for Application Privileges (#32635) 2018-08-23 18:04:02 -07:00
mapping-roles.asciidoc Add support for "authorization_realms" (#33262) 2018-08-31 13:25:27 +10:00
role-templates.asciidoc [DOCS] Creates field and document level security overview (#30937) 2018-06-21 10:08:50 -07:00
run-as-privilege.asciidoc Add support for "authorization_realms" (#33262) 2018-08-31 13:25:27 +10:00
set-security-user.asciidoc [DOCS] Creates field and document level security overview (#30937) 2018-06-21 10:08:50 -07:00