OpenSearch

History

Tim Vernum 273c82d7c9 Add support for "authorization_realms" (#33262 ) Authorization Realms allow an authenticating realm to delegate the task of constructing a User object (with name, roles, etc) to one or more other realms. E.g. A client could authenticate using PKI, but then delegate to an LDAP realm. The LDAP realm performs a "lookup" by principal, and then does regular role-mapping from the discovered user. This commit includes: - authorization_realm support in the pki, ldap, saml & kerberos realms - docs for authorization_realms - checks that there are no "authorization chains" (whereby "realm-a" delegates to "realm-b", but "realm-b" delegates to "realm-c") Authorization realms is a platinum feature.	2018-08-31 13:25:27 +10:00
..
src/test/java/org/elasticsearch/xpack/security/authc/saml	Add support for "authorization_realms" (#33262 )	2018-08-31 13:25:27 +10:00
build.gradle	Add support for "authorization_realms" (#33262 )	2018-08-31 13:25:27 +10:00

Add support for "authorization_realms" (#33262 )

Authorization Realms allow an authenticating realm to delegate the task
of constructing a User object (with name, roles, etc) to one or more
other realms.

E.g. A client could authenticate using PKI, but then delegate to an LDAP
realm. The LDAP realm performs a "lookup" by principal, and then does
regular role-mapping from the discovered user.

This commit includes:
- authorization_realm support in the pki, ldap, saml & kerberos realms
- docs for authorization_realms
- checks that there are no "authorization chains"
   (whereby "realm-a" delegates to "realm-b", but "realm-b" delegates to "realm-c")

Authorization realms is a platinum feature.

2018-08-31 13:25:27 +10:00

src/test/java/org/elasticsearch/xpack/security/authc/saml

Add support for "authorization_realms" (#33262 )

2018-08-31 13:25:27 +10:00

build.gradle

Add support for "authorization_realms" (#33262 )

2018-08-31 13:25:27 +10:00