63413c047d
* Beginning to work on the role management APIs. Added docs for GET
* Adding PUT docs
* Adding PUT details
* Adding delete docs
* Fixing linking
* Adding Kibana privileges section
* Fixing dashboard only mode docs
* Fixing a few more references to managing roles
* Beginning to work on authorization docs, might be moving some to
stack-docs
* Collapsing authorization description in the kibana privileges page
* Adding audit logging section
* Revising the language on the Kibana role management section
* Splitting back out the auth/privileges and adding legacy fallback
details
* Revising language around impact of disabling security
* Changing Kibana to {kib} and Elasticsearch to {es}
* Beginning to work on developer centric docs
* Fixing some formatting, adding some diagrams
* Adding note about the role management APIs
* Adding overview, fixing small syntax issues
* Fixing chunk name for transitioning to application privileges
* Adjusting tone for the authorization introduction
* Changing the tone and structure of the RBAC docs
* Deleting blog stuff after refactoring
* Addressing first round of peer review comments
* Fixing endpoints links
* Peer review suggested edits
* Addressing other PR feedback
55 lines
2 KiB
Plaintext
55 lines
2 KiB
Plaintext
[role="xpack"]
|
|
[[security-settings-kb]]
|
|
=== Security Settings in Kibana
|
|
++++
|
|
<titleabbrev>Security Settings</titleabbrev>
|
|
++++
|
|
|
|
You do not need to configure any additional settings to use {security} in {kib}.
|
|
It is enabled by default.
|
|
|
|
[float]
|
|
[[general-security-settings]]
|
|
==== General Security Settings
|
|
`xpack.security.enabled`::
|
|
Set to `true` (default) to enable {security}. +
|
|
+
|
|
Do not set this to `false`. To disable {security} entirely, see
|
|
{ref}/security-settings.html[{es} Security Settings]. +
|
|
+
|
|
If set to `false` in `kibana.yml`, the login form, user and role management screens, and
|
|
authorization using <<kibana-privileges>> are disabled. +
|
|
+
|
|
`xpack.security.audit.enabled`::
|
|
Set to `true` to enable audit logging for security events. This is set to `false` by default.
|
|
For more details see <<xpack-security-audit-logging>>.
|
|
|
|
`xpack.security.authorization.legacyFallback`::
|
|
Set to `true` (default) to enable the legacy fallback. See <<xpack-security-authorization>>
|
|
for more details.
|
|
|
|
[float]
|
|
[[security-ui-settings]]
|
|
==== User Interface Security Settings
|
|
|
|
You can configure the following settings in the `kibana.yml` file:
|
|
|
|
`xpack.security.cookieName`::
|
|
Sets the name of the cookie used for the session. The default value is `"sid"`
|
|
|
|
`xpack.security.encryptionKey`::
|
|
An arbitrary string of 32 characters or more that is used to encrypt credentials
|
|
in a cookie. It is crucial that this key is not exposed to users of {kib}. By
|
|
default, a value is automatically generated in memory. If you use that default
|
|
behavior, all sessions are invalidated when {kib} restarts.
|
|
|
|
`xpack.security.secureCookies`::
|
|
Sets the `secure` flag of the session cookie. The default value is `false`. It
|
|
is set to `true` if `server.ssl.certificate` and `server.ssl.key` are set. Set
|
|
this to `true` if SSL is configured outside of {kib} (for example, you are
|
|
routing requests through a load balancer or proxy).
|
|
|
|
`xpack.security.sessionTimeout`::
|
|
Sets the session duration (in milliseconds). By default, sessions stay active
|
|
until the browser is closed.
|