github-mirrors/elasticsearch
1
0
Fork 0
mirror of https://github.com/elastic/elasticsearch.git synced 2025-04-24 23:27:25 -04:00
Code Issues Projects Releases Packages Wiki Activity
elasticsearch/docs/reference/security/authentication/overview.asciidoc
James Rodewig 255c9a7f95
[DOCS] Move x-pack docs to docs/reference dir (#99209) 
**Problem:**
For historical reasons, source files for the Elasticsearch Guide's security, watcher, and Logstash API docs are housed in the `x-pack/docs` directory. This can confuse new contributors who expect Elasticsearch Guide docs to be located in `docs/reference`. 

**Solution:**
- Move the security, watcher, and Logstash API doc source files to the `docs/reference` directory
- Update doc snippet tests to use security

Rel: https://github.com/elastic/platform-docs-team/issues/208
2023-09-12 14:53:41 -04:00

57 lines
2.4 KiB
Text
Raw Permalink Blame History

[role="xpack"]
[[setting-up-authentication]]
== User authentication
Authentication identifies an individual. To gain access to restricted resources,
a user must prove their identity, via passwords, credentials, or some other
means (typically referred to as authentication tokens).
The {stack} authenticates users by identifying the users behind the requests
that hit the cluster and verifying that they are who they claim to be. The
authentication process is handled by one or more authentication services called
<<realms,_realms_>>.
You can use the native support for managing and authenticating users, or
integrate with external user management systems such as LDAP and Active
Directory.
The {stack-security-features} provide built-in realms such as `native`,`ldap`,
`active_directory`, `pki`, `file`, `saml`, `kerberos`, `oidc`, and `jwt`. If
none of the built-in realms meet your needs, you can also build your own
custom realm and plug it into the {stack}.
When {security-features} are enabled, depending on the realms you've configured,
you must attach your user credentials to the requests sent to {es}. For example,
when using realms that support usernames and passwords you can simply attach
{wikipedia}/Basic_access_authentication[basic auth] header to the requests.
The {security-features} provide two services: the token service and the API key
service. You can use these services to exchange the current authentication for
a token or key. This token or key can then be used as credentials for authenticating
new requests.
The API key service is enabled by default.
The token service is enabled by default when TLS/SSL is enabled for HTTP.
include::built-in-users.asciidoc[][]
include::service-accounts.asciidoc[]
include::internal-users.asciidoc[]
include::token-authentication-services.asciidoc[]
include::user-profile.asciidoc[]
include::realms.asciidoc[]
include::realm-chains.asciidoc[]
include::security-domain.asciidoc[]
include::active-directory-realm.asciidoc[]
include::file-realm.asciidoc[]
include::ldap-realm.asciidoc[]
include::native-realm.asciidoc[]
include::oidc-realm.asciidoc[]
include::pki-realm.asciidoc[]
include::saml-realm.asciidoc[]
include::kerberos-realm.asciidoc[]
include::jwt-realm.asciidoc[]
include::custom-realm.asciidoc[]
include::anonymous-access.asciidoc[]
include::user-lookup.asciidoc[]
include::user-cache.asciidoc[]
include::saml-guide.asciidoc[leveloffset=+1]
include::oidc-guide.asciidoc[leveloffset=+1]
Reference in a new issue View git blame Copy permalink