Craig Perkins
a86d499225
Add custom_return_attributes to LDAP documentation ( #5810 )
...
* Add custom_return_attributes to LDAP documentation
Signed-off-by: Craig Perkins <cwperx@amazon.com>
* Address code review comments
Signed-off-by: Craig Perkins <cwperx@amazon.com>
---------
Signed-off-by: Craig Perkins <cwperx@amazon.com>
2023-12-08 15:13:24 -06:00
Simple-Analysis
21f8a61557
Document client certificate options to support mutual TLS for OpenID endpoint ( #5697 )
...
* Document client certificate options to support mutual TLS for OpenID
endpoint.
Signed-off-by: Calvin Harrison <74850112+Simple-Analysis@users.noreply.github.com>
* Update _security/authentication-backends/openid-connect.md
Co-authored-by: Naarcha-AWS <97990722+Naarcha-AWS@users.noreply.github.com>
Signed-off-by: Simple-Analysis <74850112+Simple-Analysis@users.noreply.github.com>
* Update _security/authentication-backends/openid-connect.md
Co-authored-by: Naarcha-AWS <97990722+Naarcha-AWS@users.noreply.github.com>
Signed-off-by: Simple-Analysis <74850112+Simple-Analysis@users.noreply.github.com>
* Update _security/authentication-backends/openid-connect.md
Co-authored-by: Naarcha-AWS <97990722+Naarcha-AWS@users.noreply.github.com>
Signed-off-by: Simple-Analysis <74850112+Simple-Analysis@users.noreply.github.com>
---------
Signed-off-by: Calvin Harrison <74850112+Simple-Analysis@users.noreply.github.com>
Signed-off-by: Simple-Analysis <74850112+Simple-Analysis@users.noreply.github.com>
Co-authored-by: Naarcha-AWS <97990722+Naarcha-AWS@users.noreply.github.com>
2023-12-05 13:34:15 -06:00
Craig Perkins
cba2dee4c3
Add note about configuring root CA for ldap in both authc and authz ( #5727 )
...
* Add note about configuring root CA for ldap in both authc and authz
Signed-off-by: Craig Perkins <cwperx@amazon.com>
* Address review comments
Signed-off-by: Craig Perkins <cwperx@amazon.com>
---------
Signed-off-by: Craig Perkins <cwperx@amazon.com>
2023-12-04 12:28:36 -06:00
Taeik Lim
ff1dc0eb36
Fix typo in jwt authentication guide ( #5650 )
...
Signed-off-by: Taeik Lim <sibera21@gmail.com>
2023-11-28 13:35:09 -06:00
Naarcha-AWS
3ec0aa4228
Revert "Including info on OpenID Additional Parameters ( #5600 )" ( #5686 )
...
This reverts commit 4af8a0dda5
.
2023-11-28 10:09:42 -06:00
Sam
4af8a0dda5
Including info on OpenID Additional Parameters ( #5600 )
...
* Including info on OpenID Additional Parameters
Signed-off-by: Sam <samuel.costa@eliatra.com>
* Update _security/authentication-backends/openid-connect.md
Co-authored-by: Naarcha-AWS <97990722+Naarcha-AWS@users.noreply.github.com>
Signed-off-by: Sam <128482925+samuelcostae@users.noreply.github.com>
* Update _security/authentication-backends/openid-connect.md
Co-authored-by: Naarcha-AWS <97990722+Naarcha-AWS@users.noreply.github.com>
Signed-off-by: Sam <128482925+samuelcostae@users.noreply.github.com>
* PR feedback changes
Signed-off-by: Sam <samuel.costa@eliatra.com>
---------
Signed-off-by: Sam <samuel.costa@eliatra.com>
Signed-off-by: Sam <128482925+samuelcostae@users.noreply.github.com>
Co-authored-by: Naarcha-AWS <97990722+Naarcha-AWS@users.noreply.github.com>
2023-11-20 14:34:57 -06:00
Stephen Crawford
5f12318880
Update security documentation around username resolution ( #5580 )
...
* readd auth token doc
Signed-off-by: Stephen Crawford <steecraw@amazon.com>
* Add docs
Signed-off-by: Stephen Crawford <steecraw@amazon.com>
* Remove extra file
Signed-off-by: Stephen Crawford <steecraw@amazon.com>
* remove please
Signed-off-by: Stephen Crawford <steecraw@amazon.com>
* Update _security/configuration/tls.md
Signed-off-by: Stephen Crawford <65832608+scrawfor99@users.noreply.github.com>
* Update
Signed-off-by: Stephen Crawford <steecraw@amazon.com>
* split pr
Signed-off-by: Stephen Crawford <steecraw@amazon.com>
---------
Signed-off-by: Stephen Crawford <steecraw@amazon.com>
Signed-off-by: Stephen Crawford <65832608+scrawfor99@users.noreply.github.com>
2023-11-13 17:15:10 -05:00
Chris Moore
834a829b62
Add documentation topic to authentication backends section for HTTP basic authentication ( #4638 )
...
* fix#2512 basic for authc backend
Signed-off-by: cwillum <cwmmoore@amazon.com>
* fix#2512 basic for authc backend
Signed-off-by: cwillum <cwmmoore@amazon.com>
* fix#2512 basic for authc backend
Signed-off-by: cwillum <cwmmoore@amazon.com>
* fix#2512 basic for authc backend
Signed-off-by: cwillum <cwmmoore@amazon.com>
* fix#2512 basic for authc backend
Signed-off-by: cwillum <cwmmoore@amazon.com>
* fix#2512 basic for authc backend
Signed-off-by: cwillum <cwmmoore@amazon.com>
* fix#2512 basic for authc backend
Signed-off-by: cwillum <cwmmoore@amazon.com>
* fix#2512 basic for authc backend
Signed-off-by: cwillum <cwmmoore@amazon.com>
* fix#2512 basic for authc backend
Signed-off-by: cwillum <cwmmoore@amazon.com>
* fix#2512 basic for authc backend
Signed-off-by: cwillum <cwmmoore@amazon.com>
* fix#2512 basic for authc backend
Signed-off-by: cwillum <cwmmoore@amazon.com>
* fix#2512 basic for authc backend
Signed-off-by: cwillum <cwmmoore@amazon.com>
* fix#2512 basic for authc backend
Signed-off-by: cwillum <cwmmoore@amazon.com>
* fix#2512 basic for authc backend
Signed-off-by: cwillum <cwmmoore@amazon.com>
* fix#2512 basic for authc backend
Signed-off-by: cwillum <cwmmoore@amazon.com>
* fix#2512 basic for authc backend
Signed-off-by: cwillum <cwmmoore@amazon.com>
* fix#2512 basic for authc backend
Signed-off-by: cwillum <cwmmoore@amazon.com>
* fix#2512 basic for authc backend
Signed-off-by: cwillum <cwmmoore@amazon.com>
* fix#2512 basic for authc backend
Signed-off-by: cwillum <cwmmoore@amazon.com>
* fix#2512 basic for authc backend
Signed-off-by: cwillum <cwmmoore@amazon.com>
* fix#2512 basic for authc backend
Signed-off-by: cwillum <cwmmoore@amazon.com>
* fix#2512 basic for authc backend
Signed-off-by: cwillum <cwmmoore@amazon.com>
* fix#2512 basic for authc backend
Signed-off-by: cwillum <cwmmoore@amazon.com>
* fix#2512 basic for authc backend
Signed-off-by: cwillum <cwmmoore@amazon.com>
* fix#2512 basic for authc backend
Signed-off-by: cwillum <cwmmoore@amazon.com>
* fix#2512 basic for authc backend
Signed-off-by: cwillum <cwmmoore@amazon.com>
* fix#2512 basic for authc backend
Signed-off-by: cwillum <cwmmoore@amazon.com>
---------
Signed-off-by: cwillum <cwmmoore@amazon.com>
2023-08-25 16:26:21 -07:00
Chris Moore
07c4019e33
Add new zip for example SAML configuration files that reflect latest version ( #3665 )
...
* Add new zip for example SAML configuration files that reflect latest version
These changes add a new saml-example-custom.zip file containing `customize-docker-compose.yml`, `customize-config.yml`, and `customize-opensearch-dashboards.yml` files for use as the fully functioning SAML example. These changes also include edits to documentation so that steps accord with the new files.
* fix#618 saml example download
Signed-off-by: cwillum <cwmmoore@amazon.com>
* fix#618 saml example download
Signed-off-by: cwillum <cwmmoore@amazon.com>
* fix#618 saml example download
Signed-off-by: cwillum <cwmmoore@amazon.com>
* fix#618 saml example download
Signed-off-by: cwillum <cwmmoore@amazon.com>
* Apply suggestions from code review
Signed-off-by: Naarcha-AWS <97990722+Naarcha-AWS@users.noreply.github.com>
---------
Signed-off-by: cwillum <cwmmoore@amazon.com>
Signed-off-by: Naarcha-AWS <97990722+Naarcha-AWS@users.noreply.github.com>
Co-authored-by: Naarcha-AWS <97990722+Naarcha-AWS@users.noreply.github.com>
2023-07-06 16:59:26 -05:00
Chris Moore
9f4b362dbf
Add documentation for validating JWT with JWKS ( #4162 )
...
* fix#4050 jwks for JWT + reorg
Signed-off-by: cwillum <cwmmoore@amazon.com>
* fix#4050 jwks for JWT + reorg
Signed-off-by: cwillum <cwmmoore@amazon.com>
* fix#4050 jwks for JWT + reorg
Signed-off-by: cwillum <cwmmoore@amazon.com>
* fix#4050 jwks for JWT + reorg
Signed-off-by: cwillum <cwmmoore@amazon.com>
* fix#4050 jwks for JWT + reorg
Signed-off-by: cwillum <cwmmoore@amazon.com>
* fix#4050 jwks for JWT + reorg
Signed-off-by: cwillum <cwmmoore@amazon.com>
* fix#4050 jwks for JWT + reorg
Signed-off-by: cwillum <cwmmoore@amazon.com>
* fix#4050 jwks for JWT + reorg
Signed-off-by: cwillum <cwmmoore@amazon.com>
* fix#4050 jwks for JWT + reorg
Signed-off-by: cwillum <cwmmoore@amazon.com>
* fix#4050 jwks for JWT + reorg
Signed-off-by: cwillum <cwmmoore@amazon.com>
* fix#4050 jwks for JWT + reorg
Signed-off-by: cwillum <cwmmoore@amazon.com>
* fix#4050 jwks for JWT + reorg
Signed-off-by: cwillum <cwmmoore@amazon.com>
* fix#4050 jwks for JWT + reorg
Signed-off-by: cwillum <cwmmoore@amazon.com>
---------
Signed-off-by: cwillum <cwmmoore@amazon.com>
2023-06-01 11:51:02 -07:00
Adam Gabryś
b52424e67b
Describe SAML supported private key format and encryption algorithm ( #1855 )
...
OpenSearch allows signing requests by using a private key in the PKCS#8 format. If a user wants to use an encrypted key, the key must be encrypted with a PKCS#12-compatible algorithm.
The `SAML -> Request signing` documentation is extended with the requirements. It should save time of the customers who use wrong key formats or a good key format, but encrypted with an unsupported algorithm (e.g. PKCS#5 2.0 compatible algorithm).
Signed-off-by: Adam Gabryś <adam.gabrys@live.com>
2023-05-18 12:08:11 -05:00
Heather Halter
ee7d1efd02
More redirects and spelling fixes ( #4093 )
...
* redirects and spelling
Signed-off-by: Heather Halter <hdhalter@amazon.com>
* Update _observing-your-data/ad/index.md
Co-authored-by: Naarcha-AWS <97990722+Naarcha-AWS@users.noreply.github.com>
Signed-off-by: Heather Halter <HDHALTER@AMAZON.COM>
* Update _observing-your-data/ad/index.md
Co-authored-by: Naarcha-AWS <97990722+Naarcha-AWS@users.noreply.github.com>
Signed-off-by: Heather Halter <HDHALTER@AMAZON.COM>
* Update _search-plugins/knn/index.md
Co-authored-by: Naarcha-AWS <97990722+Naarcha-AWS@users.noreply.github.com>
Signed-off-by: Heather Halter <HDHALTER@AMAZON.COM>
---------
Signed-off-by: Heather Halter <hdhalter@amazon.com>
Signed-off-by: Heather Halter <HDHALTER@AMAZON.COM>
Co-authored-by: Naarcha-AWS <97990722+Naarcha-AWS@users.noreply.github.com>
2023-05-17 09:57:14 -07:00
Heather Halter
2bc05adb72
more redirect changes 5 ( #4028 )
...
Signed-off-by: Heather Halter <hdhalter@amazon.com>
2023-05-08 08:07:01 -07:00
kolchfa-aws
8463c8f278
Correct plugin capitalization ( #3838 )
...
* Correct plugin capitalization
Signed-off-by: Fanit Kolchina <kolchfa@amazon.com>
* Revert cluster-stats because the name is in response
Signed-off-by: Fanit Kolchina <kolchfa@amazon.com>
* Revert cluster-stats once more
Signed-off-by: Fanit Kolchina <kolchfa@amazon.com>
---------
Signed-off-by: Fanit Kolchina <kolchfa@amazon.com>
2023-05-04 11:11:54 -04:00
Chris Moore
2d20f539ec
Fix cookie-splitting setting example for SAML backend documentation ( #3949 )
...
* fix#3947 cookie splitting fix
Signed-off-by: cwillum <cwmmoore@amazon.com>
* fix#3947 cookie splitting fix
Signed-off-by: cwillum <cwmmoore@amazon.com>
---------
Signed-off-by: cwillum <cwmmoore@amazon.com>
2023-05-03 10:05:29 -07:00
Chris Moore
773559ac75
Add new settings for SAML and OIDC that allow for cookie splitting ( #3807 )
...
* fix#3691 cookie spitting
Signed-off-by: cwillum <cwmmoore@amazon.com>
* fix#3691 cookie spitting
Signed-off-by: cwillum <cwmmoore@amazon.com>
* fix#3691 cookie spitting
Signed-off-by: cwillum <cwmmoore@amazon.com>
* fix#3691 cookie spitting
Signed-off-by: cwillum <cwmmoore@amazon.com>
* fix#3691 cookie splitting
Signed-off-by: cwillum <cwmmoore@amazon.com>
* fix#3691 cookie spitting
Signed-off-by: cwillum <cwmmoore@amazon.com>
---------
Signed-off-by: cwillum <cwmmoore@amazon.com>
2023-04-24 13:42:44 -07:00
Chris Moore
15d324d30c
Add documentation for jwt_clock_skew_tolerance_seconds setting that resolves authentication errors ( #3251 )
...
* fix#3220 auth fail from clock skew
Signed-off-by: cwillum <cwmmoore@amazon.com>
* fix#3220 auth fail from clock skew
Signed-off-by: cwillum <cwmmoore@amazon.com>
* fix#3220 auth fail from clock skew
Signed-off-by: cwillum <cwmmoore@amazon.com>
* fix#3220 auth fail from clock skew
Signed-off-by: cwillum <cwmmoore@amazon.com>
* fix#3220 auth fail from clock skew
Signed-off-by: cwillum <cwmmoore@amazon.com>
* fix#3220 auth fail from clock skew
Signed-off-by: cwillum <cwmmoore@amazon.com>
---------
Signed-off-by: cwillum <cwmmoore@amazon.com>
2023-03-28 13:48:18 -07:00
Luca Nardi
713eac8e67
Change url for opensearch_security.openid.scope configuration setting ( #2944 )
...
Signed-off-by: Luca Nardi <luca.nardi@live.it>
2023-03-21 11:52:50 -05:00
kolchfa-aws
3da7598c0c
Change sample to example ( #2972 )
...
Signed-off-by: Fanit Kolchina <kolchfa@amazon.com>
2023-02-20 11:34:20 -05:00
Chris Moore
d04e88b496
Reorganize Configuration section of the Security TOC ( #2212 )
...
* fix#2155-sec-toc-config-reorg
Signed-off-by: cwillum <cwmmoore@amazon.com>
* fix#2155-sec-toc-config-reorg
Signed-off-by: cwillum <cwmmoore@amazon.com>
* fix#2155-sec-toc-config-reorg
Signed-off-by: cwillum <cwmmoore@amazon.com>
* fix#2155-sec-toc-config-reorg
Signed-off-by: cwillum <cwmmoore@amazon.com>
* fix#2155-sec-toc-config-reorg
Signed-off-by: cwillum <cwmmoore@amazon.com>
* fix#2155-sec-toc-config-reorg
Signed-off-by: cwillum <cwmmoore@amazon.com>
* fix#2155-sec-toc-config-reorg
Signed-off-by: cwillum <cwmmoore@amazon.com>
* fix#2155-sec-toc-config-reorg
Signed-off-by: cwillum <cwmmoore@amazon.com>
* fix#2155-sec-toc-config-reorg
Signed-off-by: cwillum <cwmmoore@amazon.com>
* fix#2155-sec-toc-config-reorg
Signed-off-by: cwillum <cwmmoore@amazon.com>
* fix#2155-sec-toc-config-reorg
Signed-off-by: cwillum <cwmmoore@amazon.com>
* Rename security section. Fix links. Add redirects
Signed-off-by: Naarcha-AWS <naarcha@amazon.com>
---------
Signed-off-by: cwillum <cwmmoore@amazon.com>
Signed-off-by: Naarcha-AWS <naarcha@amazon.com>
Co-authored-by: Naarcha-AWS <naarcha@amazon.com>
2023-01-27 10:12:47 -08:00