mirror of
https://github.com/elastic/kibana.git
synced 2025-04-24 09:48:58 -04:00
Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com>
(cherry picked from commit 66917c913d)
Co-authored-by: gchaps <33642766+gchaps@users.noreply.github.com>
This commit is contained in:
Kibana Machine
GitHub
parent
87cc678673
commit
fc60c7cb95
1 changed files with 11 additions and 6 deletions
|
|
@ -8,6 +8,12 @@
|
|||
You do not need to configure any additional settings to use the
|
||||
{security-features} in {kib}. They are enabled by default.
|
||||
|
||||
IMPORTANT: In high-availability deployments, make sure you use the same
|
||||
security settings for all instances of {kib}. Also consider storing
|
||||
sensitive security settings, such as encryption and decryption keys,
|
||||
securely in the Kibana Keystore, instead of keeping them in clear text in
|
||||
the kibana.yml file.
|
||||
|
||||
[float]
|
||||
[[authentication-security-settings]]
|
||||
==== Authentication security settings
|
||||
|
|
@ -27,11 +33,11 @@ xpack.security.authc:
|
|||
saml.saml1: <3>
|
||||
order: 1
|
||||
...
|
||||
|
||||
|
||||
saml.saml2: <4>
|
||||
order: 2
|
||||
...
|
||||
|
||||
|
||||
pki.realm3:
|
||||
order: 3
|
||||
...
|
||||
|
|
@ -173,7 +179,7 @@ Sets the `secure` flag of the session cookie. The default value is `false`. It
|
|||
is automatically set to `true` if <<server-ssl-enabled, `server.ssl.enabled`>> is set to `true`. Set this to `true` if SSL is configured outside of {kib} (for example, you are routing requests through a load balancer or proxy).
|
||||
|
||||
[[xpack-security-sameSiteCookies]] xpack.security.sameSiteCookies {ess-icon}::
|
||||
Sets the `SameSite` attribute of the session cookie. This allows you to declare whether your cookie should be restricted to a first-party or same-site context.
|
||||
Sets the `SameSite` attribute of the session cookie. This allows you to declare whether your cookie should be restricted to a first-party or same-site context.
|
||||
Valid values are `Strict`, `Lax`, `None`.
|
||||
This is *not set* by default, which modern browsers will treat as `Lax`. If you use Kibana embedded in an iframe in modern browsers, you might need to set it to `None`. Setting this value to `None` requires cookies to be sent over a secure connection by setting <<xpack-security-secureCookies, `xpack.security.secureCookies`>>: `true`.
|
||||
|
||||
|
|
@ -198,7 +204,6 @@ TIP: Use a string of `<count>[ms\|s\|m\|h\|d\|w\|M\|Y]` (e.g. '20m', '24h', '7d'
|
|||
|
||||
These settings control the encryption of saved objects with sensitive data. For more details, refer to <<xpack-security-secure-saved-objects>>.
|
||||
|
||||
IMPORTANT: In high-availability deployments, make sure you use the same encryption and decryption keys for all instances of {kib}. Although the keys can be specified in clear text in `kibana.yml`, it's recommended to store them securely in the <<secure-settings,{kib} Keystore>>.
|
||||
|
||||
[[xpack-encryptedSavedObjects-encryptionKey]] xpack.encryptedSavedObjects.encryptionKey::
|
||||
An arbitrary string of at least 32 characters that is used to encrypt sensitive properties of saved objects before they're stored in {es}. If not set, {kib} will generate a random key on startup, but certain features won't be available until you set the encryption key explicitly.
|
||||
|
|
@ -246,7 +251,7 @@ xpack.security.audit.appender::
|
|||
Optional. Specifies where audit logs should be written to and how they should be formatted. If no appender is specified, a default appender will be used (see above).
|
||||
|
||||
xpack.security.audit.appender.type::
|
||||
Required. Specifies where audit logs should be written to. Allowed values are `console`, `file`, or `rolling-file`.
|
||||
Required. Specifies where audit logs should be written to. Allowed values are `console`, `file`, or `rolling-file`.
|
||||
+
|
||||
Refer to <<audit-logging-file-appender>> and <<audit-logging-rolling-file-appender>> for appender specific settings.
|
||||
|
||||
|
|
@ -359,4 +364,4 @@ xpack.security.audit.ignore_filters[].types[] {ess-icon}::
|
|||
List of values matched against the `event.type` field of an audit event. Refer to https://www.elastic.co/guide/en/ecs/1.5/ecs-allowed-values-event-type.html[ECS type field] for allowed values.
|
||||
|
||||
xpack.security.audit.ignore_filters[].outcomes[] {ess-icon}::
|
||||
List of values matched against the `event.outcome` field of an audit event. Refer to https://www.elastic.co/guide/en/ecs/1.5/ecs-allowed-values-event-outcome.html[ECS outcome field] for allowed values.
|
||||
List of values matched against the `event.outcome` field of an audit event. Refer to https://www.elastic.co/guide/en/ecs/1.5/ecs-allowed-values-event-outcome.html[ECS outcome field] for allowed values.
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue