Home Explore Help
Sign In
lqb
/
elasticsearch
mirror of https://gitee.com/mirrors/elasticsearch.git
1
0
Fork 0
Files Issues 0 Wiki
Tree: 8dd563134c
Branches Tags
elasticsearch
/
x-pack
/
docs
/
en
/
security
/
authentication
/
overview.asciidoc

overview.asciidoc 2.2 KB
History Raw

1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950 
  1. [role="xpack"]
    2. 

  2. [[setting-up-authentication]]
    3. 

  3. == User authentication
    4. 

  4. 

  5. Authentication identifies an individual. To gain access to restricted resources,
    6. 

  6. a user must prove their identity, via passwords, credentials, or some other
    7. 

  7. means (typically referred to as authentication tokens).
    8. 

  8. 

  9. The {stack} authenticates users by identifying the users behind the requests
    10. 

  10. that hit the cluster and verifying that they are who they claim to be. The
    11. 

  11. authentication process is handled by one or more authentication services called
    12. 

  12. <<realms,_realms_>>.
    13. 

  13. 

  14. You can use the native support for managing and authenticating users, or
    15. 

  15. integrate with external user management systems such as LDAP and Active
    16. 

  16. Directory.
    17. 

  17. 

  18. The {stack-security-features} provide built-in realms such as `native`,`ldap`,
    19. 

  19. `active_directory`, `pki`, `file`, `saml`, and `oidc`. If none of the built-in
    20. 

  20. realms meet your needs, you can also build your own custom realm and plug it
    21. 

  21. into the {stack}.
    22. 

  22. 

  23. When {security-features} are enabled, depending on the realms you've configured,
    24. 

  24. you must attach your user credentials to the requests sent to {es}. For example,
    25. 

  25. when using realms that support usernames and passwords you can simply attach
    26. 

  26. {wikipedia}/Basic_access_authentication[basic auth] header to the requests.
    27. 

  27. 

  28. The {security-features} provide two services: the token service and the api key
    29. 

  29. service. You can use these services to exchange the current authentication for
    30. 

  30. a token or key. This token or key can then be used as credentials for authenticating
    31. 

  31. new requests. These services are enabled by default when TLS/SSL is enabled for HTTP.
    32. 

  32. 

  33. include::built-in-users.asciidoc[][]
    34. 

  34. include::internal-users.asciidoc[]
    35. 

  35. include::token-authentication-services.asciidoc[]
    36. 

  36. include::realms.asciidoc[]
    37. 

  37. include::realm-chains.asciidoc[]
    38. 

  38. include::active-directory-realm.asciidoc[]
    39. 

  39. include::file-realm.asciidoc[]
    40. 

  40. include::ldap-realm.asciidoc[]
    41. 

  41. include::native-realm.asciidoc[]
    42. 

  42. include::oidc-realm.asciidoc[]
    43. 

  43. include::pki-realm.asciidoc[]
    44. 

  44. include::saml-realm.asciidoc[]
    45. 

  45. include::kerberos-realm.asciidoc[]
    46. 

  46. include::custom-realm.asciidoc[]
    47. 

  47. include::anonymous-access.asciidoc[]
    48. 

  48. include::user-cache.asciidoc[]
    49. 

  49. include::saml-guide.asciidoc[leveloffset=+1]
    50. 

  50. include::oidc-guide.asciidoc[leveloffset=+1]
    51.