Commit Graph

21 Commits

Author SHA1 Message Date
John Heraghty ef7cacedec
Add sections for removing OpenSearch Dashboards Security plugin (#5830)
* Add sections for removing Dashboards Security plugin in other installation types

Signed-off-by: John Heraghty <148883955+john-eliatra@users.noreply.github.com>

* Update _security/configuration/disable.md

Co-authored-by: Stephen Crawford <65832608+scrawfor99@users.noreply.github.com>
Signed-off-by: John Heraghty <148883955+john-eliatra@users.noreply.github.com>

* Update _security/configuration/disable.md

Co-authored-by: Stephen Crawford <65832608+scrawfor99@users.noreply.github.com>
Signed-off-by: John Heraghty <148883955+john-eliatra@users.noreply.github.com>

* Update disable.md

Making the changes suggested by reviewer to move the paragraph relating to Dashboards removal down to the Remove OpenSearch Dashboards plugin section. 

Also, changing the headings within that section from 'Binary' to 'Tarball', and from 'Service' to 'RPM and Debian' to reflect the wording used for those types in the OpenSearch Installation sections.

Signed-off-by: John Heraghty <148883955+john-eliatra@users.noreply.github.com>

* Update _security/configuration/disable.md

Co-authored-by: Naarcha-AWS <97990722+Naarcha-AWS@users.noreply.github.com>
Signed-off-by: John Heraghty <148883955+john-eliatra@users.noreply.github.com>

* Update _security/configuration/disable.md

Co-authored-by: Naarcha-AWS <97990722+Naarcha-AWS@users.noreply.github.com>
Signed-off-by: John Heraghty <148883955+john-eliatra@users.noreply.github.com>

* Update _security/configuration/disable.md

Co-authored-by: Naarcha-AWS <97990722+Naarcha-AWS@users.noreply.github.com>
Signed-off-by: John Heraghty <148883955+john-eliatra@users.noreply.github.com>

* Update _security/configuration/disable.md

Co-authored-by: Naarcha-AWS <97990722+Naarcha-AWS@users.noreply.github.com>
Signed-off-by: John Heraghty <148883955+john-eliatra@users.noreply.github.com>

* Update _security/configuration/disable.md

Co-authored-by: Naarcha-AWS <97990722+Naarcha-AWS@users.noreply.github.com>
Signed-off-by: John Heraghty <148883955+john-eliatra@users.noreply.github.com>

* Update _security/configuration/disable.md

Co-authored-by: Naarcha-AWS <97990722+Naarcha-AWS@users.noreply.github.com>
Signed-off-by: John Heraghty <148883955+john-eliatra@users.noreply.github.com>

* Update disable.md

Clarify the location of the running OpenSearch Dashboards instance before stopping it with the Ctrl + C command.

Signed-off-by: John Heraghty <148883955+john-eliatra@users.noreply.github.com>

* Update disable.md

Signed-off-by: John Heraghty <148883955+john-eliatra@users.noreply.github.com>

* Update the HMAC authentication requirements of exchange_key

Signed-off-by: John Heraghty <148883955+john-eliatra@users.noreply.github.com>

* Apply suggestions from code review

Co-authored-by: Nathan Bower <nbower@amazon.com>
Signed-off-by: Naarcha-AWS <97990722+Naarcha-AWS@users.noreply.github.com>

* Apply suggestions from code review

Co-authored-by: Nathan Bower <nbower@amazon.com>
Signed-off-by: Naarcha-AWS <97990722+Naarcha-AWS@users.noreply.github.com>

* Apply suggestions from code review

Co-authored-by: Nathan Bower <nbower@amazon.com>
Signed-off-by: Naarcha-AWS <97990722+Naarcha-AWS@users.noreply.github.com>

* Apply suggestions from code review

Co-authored-by: Nathan Bower <nbower@amazon.com>
Signed-off-by: Naarcha-AWS <97990722+Naarcha-AWS@users.noreply.github.com>

* Update disable.md

Quick fix on couple of typos of opensearch_dashboards.yml

Signed-off-by: John Heraghty <148883955+john-eliatra@users.noreply.github.com>

* Apply suggestions from code review

Co-authored-by: Nathan Bower <nbower@amazon.com>
Signed-off-by: Naarcha-AWS <97990722+Naarcha-AWS@users.noreply.github.com>

---------

Signed-off-by: John Heraghty <148883955+john-eliatra@users.noreply.github.com>
Signed-off-by: Naarcha-AWS <97990722+Naarcha-AWS@users.noreply.github.com>
Co-authored-by: Stephen Crawford <65832608+scrawfor99@users.noreply.github.com>
Co-authored-by: Naarcha-AWS <97990722+Naarcha-AWS@users.noreply.github.com>
Co-authored-by: Nathan Bower <nbower@amazon.com>
2023-12-20 12:26:50 -06:00
Craig Perkins a86d499225
Add custom_return_attributes to LDAP documentation (#5810)
* Add custom_return_attributes to LDAP documentation

Signed-off-by: Craig Perkins <cwperx@amazon.com>

* Address code review comments

Signed-off-by: Craig Perkins <cwperx@amazon.com>

---------

Signed-off-by: Craig Perkins <cwperx@amazon.com>
2023-12-08 15:13:24 -06:00
Simple-Analysis 21f8a61557
Document client certificate options to support mutual TLS for OpenID endpoint (#5697)
* Document client certificate options to support mutual TLS for OpenID
endpoint.

Signed-off-by: Calvin Harrison <74850112+Simple-Analysis@users.noreply.github.com>

* Update _security/authentication-backends/openid-connect.md

Co-authored-by: Naarcha-AWS <97990722+Naarcha-AWS@users.noreply.github.com>
Signed-off-by: Simple-Analysis <74850112+Simple-Analysis@users.noreply.github.com>

* Update _security/authentication-backends/openid-connect.md

Co-authored-by: Naarcha-AWS <97990722+Naarcha-AWS@users.noreply.github.com>
Signed-off-by: Simple-Analysis <74850112+Simple-Analysis@users.noreply.github.com>

* Update _security/authentication-backends/openid-connect.md

Co-authored-by: Naarcha-AWS <97990722+Naarcha-AWS@users.noreply.github.com>
Signed-off-by: Simple-Analysis <74850112+Simple-Analysis@users.noreply.github.com>

---------

Signed-off-by: Calvin Harrison <74850112+Simple-Analysis@users.noreply.github.com>
Signed-off-by: Simple-Analysis <74850112+Simple-Analysis@users.noreply.github.com>
Co-authored-by: Naarcha-AWS <97990722+Naarcha-AWS@users.noreply.github.com>
2023-12-05 13:34:15 -06:00
Craig Perkins cba2dee4c3
Add note about configuring root CA for ldap in both authc and authz (#5727)
* Add note about configuring root CA for ldap in both authc and authz

Signed-off-by: Craig Perkins <cwperx@amazon.com>

* Address review comments

Signed-off-by: Craig Perkins <cwperx@amazon.com>

---------

Signed-off-by: Craig Perkins <cwperx@amazon.com>
2023-12-04 12:28:36 -06:00
Taeik Lim ff1dc0eb36
Fix typo in jwt authentication guide (#5650)
Signed-off-by: Taeik Lim <sibera21@gmail.com>
2023-11-28 13:35:09 -06:00
Naarcha-AWS 3ec0aa4228
Revert "Including info on OpenID Additional Parameters (#5600)" (#5686)
This reverts commit 4af8a0dda5.
2023-11-28 10:09:42 -06:00
Sam 4af8a0dda5
Including info on OpenID Additional Parameters (#5600)
* Including info on OpenID Additional Parameters

Signed-off-by: Sam <samuel.costa@eliatra.com>

* Update _security/authentication-backends/openid-connect.md

Co-authored-by: Naarcha-AWS <97990722+Naarcha-AWS@users.noreply.github.com>
Signed-off-by: Sam <128482925+samuelcostae@users.noreply.github.com>

* Update _security/authentication-backends/openid-connect.md

Co-authored-by: Naarcha-AWS <97990722+Naarcha-AWS@users.noreply.github.com>
Signed-off-by: Sam <128482925+samuelcostae@users.noreply.github.com>

* PR feedback changes

Signed-off-by: Sam <samuel.costa@eliatra.com>

---------

Signed-off-by: Sam <samuel.costa@eliatra.com>
Signed-off-by: Sam <128482925+samuelcostae@users.noreply.github.com>
Co-authored-by: Naarcha-AWS <97990722+Naarcha-AWS@users.noreply.github.com>
2023-11-20 14:34:57 -06:00
Stephen Crawford 5f12318880
Update security documentation around username resolution (#5580)
* readd auth token doc

Signed-off-by: Stephen Crawford <steecraw@amazon.com>

* Add docs

Signed-off-by: Stephen Crawford <steecraw@amazon.com>

* Remove extra file

Signed-off-by: Stephen Crawford <steecraw@amazon.com>

* remove please

Signed-off-by: Stephen Crawford <steecraw@amazon.com>

* Update _security/configuration/tls.md

Signed-off-by: Stephen Crawford <65832608+scrawfor99@users.noreply.github.com>

* Update

Signed-off-by: Stephen Crawford <steecraw@amazon.com>

* split pr

Signed-off-by: Stephen Crawford <steecraw@amazon.com>

---------

Signed-off-by: Stephen Crawford <steecraw@amazon.com>
Signed-off-by: Stephen Crawford <65832608+scrawfor99@users.noreply.github.com>
2023-11-13 17:15:10 -05:00
Chris Moore 834a829b62
Add documentation topic to authentication backends section for HTTP basic authentication (#4638)
* fix#2512 basic for authc backend

Signed-off-by: cwillum <cwmmoore@amazon.com>

* fix#2512 basic for authc backend

Signed-off-by: cwillum <cwmmoore@amazon.com>

* fix#2512 basic for authc backend

Signed-off-by: cwillum <cwmmoore@amazon.com>

* fix#2512 basic for authc backend

Signed-off-by: cwillum <cwmmoore@amazon.com>

* fix#2512 basic for authc backend

Signed-off-by: cwillum <cwmmoore@amazon.com>

* fix#2512 basic for authc backend

Signed-off-by: cwillum <cwmmoore@amazon.com>

* fix#2512 basic for authc backend

Signed-off-by: cwillum <cwmmoore@amazon.com>

* fix#2512 basic for authc backend

Signed-off-by: cwillum <cwmmoore@amazon.com>

* fix#2512 basic for authc backend

Signed-off-by: cwillum <cwmmoore@amazon.com>

* fix#2512 basic for authc backend

Signed-off-by: cwillum <cwmmoore@amazon.com>

* fix#2512 basic for authc backend

Signed-off-by: cwillum <cwmmoore@amazon.com>

* fix#2512 basic for authc backend

Signed-off-by: cwillum <cwmmoore@amazon.com>

* fix#2512 basic for authc backend

Signed-off-by: cwillum <cwmmoore@amazon.com>

* fix#2512 basic for authc backend

Signed-off-by: cwillum <cwmmoore@amazon.com>

* fix#2512 basic for authc backend

Signed-off-by: cwillum <cwmmoore@amazon.com>

* fix#2512 basic for authc backend

Signed-off-by: cwillum <cwmmoore@amazon.com>

* fix#2512 basic for authc backend

Signed-off-by: cwillum <cwmmoore@amazon.com>

* fix#2512 basic for authc backend

Signed-off-by: cwillum <cwmmoore@amazon.com>

* fix#2512 basic for authc backend

Signed-off-by: cwillum <cwmmoore@amazon.com>

* fix#2512 basic for authc backend

Signed-off-by: cwillum <cwmmoore@amazon.com>

* fix#2512 basic for authc backend

Signed-off-by: cwillum <cwmmoore@amazon.com>

* fix#2512 basic for authc backend

Signed-off-by: cwillum <cwmmoore@amazon.com>

* fix#2512 basic for authc backend

Signed-off-by: cwillum <cwmmoore@amazon.com>

* fix#2512 basic for authc backend

Signed-off-by: cwillum <cwmmoore@amazon.com>

* fix#2512 basic for authc backend

Signed-off-by: cwillum <cwmmoore@amazon.com>

* fix#2512 basic for authc backend

Signed-off-by: cwillum <cwmmoore@amazon.com>

* fix#2512 basic for authc backend

Signed-off-by: cwillum <cwmmoore@amazon.com>

---------

Signed-off-by: cwillum <cwmmoore@amazon.com>
2023-08-25 16:26:21 -07:00
Chris Moore 07c4019e33
Add new zip for example SAML configuration files that reflect latest version (#3665)
* Add new zip for example SAML configuration files that reflect latest version

These changes add a new saml-example-custom.zip file containing `customize-docker-compose.yml`, `customize-config.yml`, and `customize-opensearch-dashboards.yml` files for use as the fully functioning SAML example. These changes also include edits to documentation so that steps accord with the new files.

* fix#618 saml example download

Signed-off-by: cwillum <cwmmoore@amazon.com>

* fix#618 saml example download

Signed-off-by: cwillum <cwmmoore@amazon.com>

* fix#618 saml example download

Signed-off-by: cwillum <cwmmoore@amazon.com>

* fix#618 saml example download

Signed-off-by: cwillum <cwmmoore@amazon.com>

* Apply suggestions from code review

Signed-off-by: Naarcha-AWS <97990722+Naarcha-AWS@users.noreply.github.com>

---------

Signed-off-by: cwillum <cwmmoore@amazon.com>
Signed-off-by: Naarcha-AWS <97990722+Naarcha-AWS@users.noreply.github.com>
Co-authored-by: Naarcha-AWS <97990722+Naarcha-AWS@users.noreply.github.com>
2023-07-06 16:59:26 -05:00
Chris Moore 9f4b362dbf
Add documentation for validating JWT with JWKS (#4162)
* fix#4050 jwks for JWT + reorg

Signed-off-by: cwillum <cwmmoore@amazon.com>

* fix#4050 jwks for JWT + reorg

Signed-off-by: cwillum <cwmmoore@amazon.com>

* fix#4050 jwks for JWT + reorg

Signed-off-by: cwillum <cwmmoore@amazon.com>

* fix#4050 jwks for JWT + reorg

Signed-off-by: cwillum <cwmmoore@amazon.com>

* fix#4050 jwks for JWT + reorg

Signed-off-by: cwillum <cwmmoore@amazon.com>

* fix#4050 jwks for JWT + reorg

Signed-off-by: cwillum <cwmmoore@amazon.com>

* fix#4050 jwks for JWT + reorg

Signed-off-by: cwillum <cwmmoore@amazon.com>

* fix#4050 jwks for JWT + reorg

Signed-off-by: cwillum <cwmmoore@amazon.com>

* fix#4050 jwks for JWT + reorg

Signed-off-by: cwillum <cwmmoore@amazon.com>

* fix#4050 jwks for JWT + reorg

Signed-off-by: cwillum <cwmmoore@amazon.com>

* fix#4050 jwks for JWT + reorg

Signed-off-by: cwillum <cwmmoore@amazon.com>

* fix#4050 jwks for JWT + reorg

Signed-off-by: cwillum <cwmmoore@amazon.com>

* fix#4050 jwks for JWT + reorg

Signed-off-by: cwillum <cwmmoore@amazon.com>

---------

Signed-off-by: cwillum <cwmmoore@amazon.com>
2023-06-01 11:51:02 -07:00
Adam Gabryś b52424e67b
Describe SAML supported private key format and encryption algorithm (#1855)
OpenSearch allows signing requests by using a private key in the PKCS#8 format. If a user wants to use an encrypted key, the key must be encrypted with a PKCS#12-compatible algorithm.

The `SAML -> Request signing` documentation is extended with the requirements. It should save time of the customers who use wrong key formats or a good key format, but encrypted with an unsupported algorithm (e.g. PKCS#5 2.0 compatible algorithm).

Signed-off-by: Adam Gabryś <adam.gabrys@live.com>
2023-05-18 12:08:11 -05:00
Heather Halter ee7d1efd02
More redirects and spelling fixes (#4093)
* redirects and spelling

Signed-off-by: Heather Halter <hdhalter@amazon.com>

* Update _observing-your-data/ad/index.md

Co-authored-by: Naarcha-AWS <97990722+Naarcha-AWS@users.noreply.github.com>
Signed-off-by: Heather Halter <HDHALTER@AMAZON.COM>

* Update _observing-your-data/ad/index.md

Co-authored-by: Naarcha-AWS <97990722+Naarcha-AWS@users.noreply.github.com>
Signed-off-by: Heather Halter <HDHALTER@AMAZON.COM>

* Update _search-plugins/knn/index.md

Co-authored-by: Naarcha-AWS <97990722+Naarcha-AWS@users.noreply.github.com>
Signed-off-by: Heather Halter <HDHALTER@AMAZON.COM>

---------

Signed-off-by: Heather Halter <hdhalter@amazon.com>
Signed-off-by: Heather Halter <HDHALTER@AMAZON.COM>
Co-authored-by: Naarcha-AWS <97990722+Naarcha-AWS@users.noreply.github.com>
2023-05-17 09:57:14 -07:00
Heather Halter 2bc05adb72
more redirect changes 5 (#4028)
Signed-off-by: Heather Halter <hdhalter@amazon.com>
2023-05-08 08:07:01 -07:00
kolchfa-aws 8463c8f278
Correct plugin capitalization (#3838)
* Correct plugin capitalization

Signed-off-by: Fanit Kolchina <kolchfa@amazon.com>

* Revert cluster-stats because the name is in response

Signed-off-by: Fanit Kolchina <kolchfa@amazon.com>

* Revert cluster-stats once more

Signed-off-by: Fanit Kolchina <kolchfa@amazon.com>

---------

Signed-off-by: Fanit Kolchina <kolchfa@amazon.com>
2023-05-04 11:11:54 -04:00
Chris Moore 2d20f539ec
Fix cookie-splitting setting example for SAML backend documentation (#3949)
* fix#3947 cookie splitting fix

Signed-off-by: cwillum <cwmmoore@amazon.com>

* fix#3947 cookie splitting fix

Signed-off-by: cwillum <cwmmoore@amazon.com>

---------

Signed-off-by: cwillum <cwmmoore@amazon.com>
2023-05-03 10:05:29 -07:00
Chris Moore 773559ac75
Add new settings for SAML and OIDC that allow for cookie splitting (#3807)
* fix#3691 cookie spitting

Signed-off-by: cwillum <cwmmoore@amazon.com>

* fix#3691 cookie spitting

Signed-off-by: cwillum <cwmmoore@amazon.com>

* fix#3691 cookie spitting

Signed-off-by: cwillum <cwmmoore@amazon.com>

* fix#3691 cookie spitting

Signed-off-by: cwillum <cwmmoore@amazon.com>

* fix#3691 cookie splitting

Signed-off-by: cwillum <cwmmoore@amazon.com>

* fix#3691 cookie spitting

Signed-off-by: cwillum <cwmmoore@amazon.com>

---------

Signed-off-by: cwillum <cwmmoore@amazon.com>
2023-04-24 13:42:44 -07:00
Chris Moore 15d324d30c
Add documentation for jwt_clock_skew_tolerance_seconds setting that resolves authentication errors (#3251)
* fix#3220 auth fail from clock skew

Signed-off-by: cwillum <cwmmoore@amazon.com>

* fix#3220 auth fail from clock skew

Signed-off-by: cwillum <cwmmoore@amazon.com>

* fix#3220 auth fail from clock skew

Signed-off-by: cwillum <cwmmoore@amazon.com>

* fix#3220 auth fail from clock skew

Signed-off-by: cwillum <cwmmoore@amazon.com>

* fix#3220 auth fail from clock skew

Signed-off-by: cwillum <cwmmoore@amazon.com>

* fix#3220 auth fail from clock skew

Signed-off-by: cwillum <cwmmoore@amazon.com>

---------

Signed-off-by: cwillum <cwmmoore@amazon.com>
2023-03-28 13:48:18 -07:00
Luca Nardi 713eac8e67
Change url for opensearch_security.openid.scope configuration setting (#2944)
Signed-off-by: Luca Nardi <luca.nardi@live.it>
2023-03-21 11:52:50 -05:00
kolchfa-aws 3da7598c0c
Change sample to example (#2972)
Signed-off-by: Fanit Kolchina <kolchfa@amazon.com>
2023-02-20 11:34:20 -05:00
Chris Moore d04e88b496
Reorganize Configuration section of the Security TOC (#2212)
* fix#2155-sec-toc-config-reorg

Signed-off-by: cwillum <cwmmoore@amazon.com>

* fix#2155-sec-toc-config-reorg

Signed-off-by: cwillum <cwmmoore@amazon.com>

* fix#2155-sec-toc-config-reorg

Signed-off-by: cwillum <cwmmoore@amazon.com>

* fix#2155-sec-toc-config-reorg

Signed-off-by: cwillum <cwmmoore@amazon.com>

* fix#2155-sec-toc-config-reorg

Signed-off-by: cwillum <cwmmoore@amazon.com>

* fix#2155-sec-toc-config-reorg

Signed-off-by: cwillum <cwmmoore@amazon.com>

* fix#2155-sec-toc-config-reorg

Signed-off-by: cwillum <cwmmoore@amazon.com>

* fix#2155-sec-toc-config-reorg

Signed-off-by: cwillum <cwmmoore@amazon.com>

* fix#2155-sec-toc-config-reorg

Signed-off-by: cwillum <cwmmoore@amazon.com>

* fix#2155-sec-toc-config-reorg

Signed-off-by: cwillum <cwmmoore@amazon.com>

* fix#2155-sec-toc-config-reorg

Signed-off-by: cwillum <cwmmoore@amazon.com>

* Rename security section. Fix links. Add redirects

Signed-off-by: Naarcha-AWS <naarcha@amazon.com>

---------

Signed-off-by: cwillum <cwmmoore@amazon.com>
Signed-off-by: Naarcha-AWS <naarcha@amazon.com>
Co-authored-by: Naarcha-AWS <naarcha@amazon.com>
2023-01-27 10:12:47 -08:00