mirror of
https://github.com/elastic/kibana.git
synced 2025-04-25 02:09:32 -04:00
114 lines
3.2 KiB
Text
114 lines
3.2 KiB
Text
[[session-management-api-invalidate]]
|
|
=== Invalidate user sessions API
|
|
++++
|
|
<titleabbrev>Invalidate user sessions</titleabbrev>
|
|
++++
|
|
|
|
experimental[] Invalidates user sessions that match provided query.
|
|
|
|
[[session-management-api-invalidate-prereqs]]
|
|
==== Prerequisite
|
|
|
|
To use the invalidate user sessions API, you must be a `superuser`.
|
|
|
|
[[session-management-api-invalidate-request]]
|
|
==== Request
|
|
|
|
`POST <kibana host>:<port>/api/security/session/_invalidate`
|
|
|
|
[role="child_attributes"]
|
|
[[session-management-api-invalidate-request-body]]
|
|
==== Request body
|
|
|
|
`match`::
|
|
(Required, string) Specifies how {kib} determines which sessions to invalidate. Can either be `all` to invalidate all existing sessions, or `query` to only invalidate sessions that match the query specified in the additional `query` parameter.
|
|
|
|
`query`::
|
|
(Optional, object) Specifies the query that {kib} uses to match the sessions to invalidate when the `match` parameter is set to `query`. You cannot use this parameter if `match` is set to `all`.
|
|
+
|
|
.Properties of `query`
|
|
[%collapsible%open]
|
|
=====
|
|
`provider` :::
|
|
(Required, object) Describes the <<authentication-security-settings, authentication providers>> for which to invalidate sessions.
|
|
|
|
`type` ::::
|
|
(Required, string) The authentication provider `type`.
|
|
|
|
`name` ::::
|
|
(Optional, string) The authentication provider `name`.
|
|
|
|
`username` :::
|
|
(Optional, string) The username for which to invalidate sessions.
|
|
=====
|
|
|
|
[[session-management-api-invalidate-response-body]]
|
|
==== Response body
|
|
|
|
`total`::
|
|
(number) The number of successfully invalidated sessions.
|
|
|
|
[[session-management-api-invalidate-response-codes]]
|
|
==== Response codes
|
|
|
|
`200`::
|
|
Indicates a successful call.
|
|
|
|
`403`::
|
|
Indicates that the user may not be authorized to invalidate sessions for other users. Refer to <<session-management-api-invalidate-prereqs, prerequisites>>.
|
|
|
|
==== Examples
|
|
|
|
Invalidate all existing sessions:
|
|
|
|
[source,sh]
|
|
--------------------------------------------------
|
|
$ curl -X POST api/security/session/_invalidate
|
|
{
|
|
"match" : "all"
|
|
}
|
|
--------------------------------------------------
|
|
// KIBANA
|
|
|
|
Invalidate sessions that were created by any <<saml, SAML authentication provider>>:
|
|
|
|
[source,sh]
|
|
--------------------------------------------------
|
|
$ curl -X POST api/security/session/_invalidate
|
|
{
|
|
"match" : "query",
|
|
"query": {
|
|
"provider" : { "type": "saml" }
|
|
}
|
|
}
|
|
--------------------------------------------------
|
|
// KIBANA
|
|
|
|
Invalidate sessions that were created by the <<saml, SAML authentication provider>> with the name `saml1`:
|
|
|
|
[source,sh]
|
|
--------------------------------------------------
|
|
$ curl -X POST api/security/session/_invalidate
|
|
{
|
|
"match" : "query",
|
|
"query": {
|
|
"provider" : { "type": "saml", "name": "saml1" }
|
|
}
|
|
}
|
|
--------------------------------------------------
|
|
// KIBANA
|
|
|
|
Invalidate sessions that were created by any <<oidc, OpenID Connect authentication provider>> for the user with the username `user@my-oidc-sso.com`:
|
|
|
|
[source,sh]
|
|
--------------------------------------------------
|
|
$ curl -X POST api/security/session/_invalidate
|
|
{
|
|
"match" : "query",
|
|
"query": {
|
|
"provider" : { "type": "oidc" },
|
|
"username": "user@my-oidc-sso.com"
|
|
}
|
|
}
|
|
--------------------------------------------------
|
|
// KIBANA
|