mirror of
https://github.com/honeymoose/OpenSearch.git
synced 2025-02-07 21:48:39 +00:00
1ebee5bf9b
This commit introduces PKI realm delegation. This feature supports the PKI authentication feature in Kibana. In essence, this creates a new API endpoint which Kibana must call to authenticate clients that use certificates in their TLS connection to Kibana. The API call passes to Elasticsearch the client's certificate chain. The response contains an access token to be further used to authenticate as the client. The client's certificates are validated by the PKI realms that have been explicitly configured to permit certificates from the proxy (Kibana). The user calling the delegation API must have the delegate_pki privilege. Closes #34396
123 lines
3.9 KiB
Plaintext
123 lines
3.9 KiB
Plaintext
[role="xpack"]
|
|
[[security-api]]
|
|
== Security APIs
|
|
|
|
You can use the following APIs to perform security activities.
|
|
|
|
* <<security-api-authenticate>>
|
|
* <<security-api-clear-cache>>
|
|
* <<security-api-delegate-pki-authentication>>
|
|
* <<security-api-has-privileges>>
|
|
* <<security-api-ssl>>
|
|
* <<security-api-get-builtin-privileges>>
|
|
|
|
[float]
|
|
[[security-api-app-privileges]]
|
|
=== Application privileges
|
|
|
|
You can use the following APIs to add, update, retrieve, and remove application
|
|
privileges:
|
|
|
|
* <<security-api-put-privileges,Create or update privileges>>
|
|
* <<security-api-delete-privilege,Delete privileges>>
|
|
* <<security-api-get-privileges,Get privileges>>
|
|
|
|
[float]
|
|
[[security-role-mapping-apis]]
|
|
=== Role mappings
|
|
|
|
You can use the following APIs to add, remove, update, and retrieve role mappings:
|
|
|
|
* <<security-api-put-role-mapping,Create or update role mappings>>
|
|
* <<security-api-delete-role-mapping,Delete role mappings>>
|
|
* <<security-api-get-role-mapping,Get role mappings>>
|
|
|
|
[float]
|
|
[[security-role-apis]]
|
|
=== Roles
|
|
|
|
You can use the following APIs to add, remove, update, and retrieve roles in the native realm:
|
|
|
|
* <<security-api-put-role,Create or update roles>>
|
|
* <<security-api-clear-role-cache,Clear roles cache>>
|
|
* <<security-api-delete-role,Delete roles>>
|
|
* <<security-api-get-role,Get roles>>
|
|
|
|
[float]
|
|
[[security-token-apis]]
|
|
=== Tokens
|
|
|
|
You can use the following APIs to create and invalidate bearer tokens for access
|
|
without requiring basic authentication:
|
|
|
|
* <<security-api-get-token,Get token>>
|
|
* <<security-api-invalidate-token,Invalidate token>>
|
|
|
|
[float]
|
|
[[security-api-keys]]
|
|
=== API Keys
|
|
|
|
You can use the following APIs to create, retrieve and invalidate API keys for access
|
|
without requiring basic authentication:
|
|
|
|
* <<security-api-create-api-key,Create API Key>>
|
|
* <<security-api-get-api-key,Get API Key>>
|
|
* <<security-api-invalidate-api-key,Invalidate API Key>>
|
|
|
|
[float]
|
|
[[security-user-apis]]
|
|
=== Users
|
|
|
|
You can use the following APIs to add, remove, update, or retrieve users in the
|
|
native realm:
|
|
|
|
* <<security-api-put-user,Create or update users>>
|
|
* <<security-api-change-password,Change passwords>>
|
|
* <<security-api-delete-user,Delete users>>
|
|
* <<security-api-disable-user,Disable users>>
|
|
* <<security-api-enable-user,Enable users>>
|
|
* <<security-api-get-user,Get users>>
|
|
|
|
[float]
|
|
[[security-openid-apis]]
|
|
=== OpenID Connect
|
|
|
|
You can use the following APIs to authenticate users against an OpenID Connect
|
|
authentication realm
|
|
|
|
* <<security-api-oidc-prepare-authentication, Prepare an authentication request>>
|
|
* <<security-api-oidc-authenticate, Submit an authentication response>>
|
|
* <<security-api-oidc-logout, Logout an authenticated user>>
|
|
|
|
|
|
include::security/authenticate.asciidoc[]
|
|
include::security/change-password.asciidoc[]
|
|
include::security/clear-cache.asciidoc[]
|
|
include::security/clear-roles-cache.asciidoc[]
|
|
include::security/create-api-keys.asciidoc[]
|
|
include::security/put-app-privileges.asciidoc[]
|
|
include::security/create-role-mappings.asciidoc[]
|
|
include::security/create-roles.asciidoc[]
|
|
include::security/create-users.asciidoc[]
|
|
include::security/delegate-pki-authentication.asciidoc[]
|
|
include::security/delete-app-privileges.asciidoc[]
|
|
include::security/delete-role-mappings.asciidoc[]
|
|
include::security/delete-roles.asciidoc[]
|
|
include::security/delete-users.asciidoc[]
|
|
include::security/disable-users.asciidoc[]
|
|
include::security/enable-users.asciidoc[]
|
|
include::security/get-api-keys.asciidoc[]
|
|
include::security/get-app-privileges.asciidoc[]
|
|
include::security/get-builtin-privileges.asciidoc[]
|
|
include::security/get-role-mappings.asciidoc[]
|
|
include::security/get-roles.asciidoc[]
|
|
include::security/get-tokens.asciidoc[]
|
|
include::security/get-users.asciidoc[]
|
|
include::security/has-privileges.asciidoc[]
|
|
include::security/invalidate-api-keys.asciidoc[]
|
|
include::security/invalidate-tokens.asciidoc[]
|
|
include::security/oidc-prepare-authentication-api.asciidoc[]
|
|
include::security/oidc-authenticate-api.asciidoc[]
|
|
include::security/oidc-logout-api.asciidoc[]
|
|
include::security/ssl.asciidoc[]
|