Update docs for load balancing - auth providers must be in sync #113928
Assignees
Labels
docs
good first issue
low hanging fruit
Team:Security
Team focused on: Auth, Users, Roles, Spaces, Audit Logging, and more!
Comments
jportner
added
Team:Security
|
Pinging @elastic/kibana-security (Team:Security) |
exalate-issue-sync
bot
added
impact:low
legrego
removed
loe:small
jeramysoucy
added a commit
that referenced
this issue
Feb 2, 2023
…tion (#149961) Closes #113928 ## Summary - Adds 'xpack.security.authc.providers' to the list of settings that must be the same across all Kibana instances behind a load balancer. - Adds a warning block explaining why the authentication providers need to match, and an additional configuration case where this applies (Kibana instances that are backed by the same ES instance and share the same kibana.index).
kibanamachine
pushed a commit
to kibanamachine/kibana
that referenced
this issue
Feb 2, 2023
…tion (elastic#149961) Closes elastic#113928 ## Summary - Adds 'xpack.security.authc.providers' to the list of settings that must be the same across all Kibana instances behind a load balancer. - Adds a warning block explaining why the authentication providers need to match, and an additional configuration case where this applies (Kibana instances that are backed by the same ES instance and share the same kibana.index). (cherry picked from commit 1418d75)
kibanamachine
pushed a commit
to kibanamachine/kibana
that referenced
this issue
Feb 2, 2023
…tion (elastic#149961) Closes elastic#113928 ## Summary - Adds 'xpack.security.authc.providers' to the list of settings that must be the same across all Kibana instances behind a load balancer. - Adds a warning block explaining why the authentication providers need to match, and an additional configuration case where this applies (Kibana instances that are backed by the same ES instance and share the same kibana.index). (cherry picked from commit 1418d75)
kibanamachine
added a commit
that referenced
this issue
Feb 2, 2023
…cumentation (#149961) (#150192) # Backport This will backport the following commits from `main` to `7.17`: - [[Docs] Adds authentication providers sync to load balancing documentation (#149961)](#149961) <!--- Backport version: 8.9.7 --> ### Questions ? Please refer to the [Backport tool documentation](https://github.com/sqren/backport) <!--BACKPORT [{"author":{"name":"Jeramy Soucy","email":"jeramy.soucy@elastic.co"},"sourceCommit":{"committedDate":"2023-02-02T16:11:35Z","message":"[Docs] Adds authentication providers sync to load balancing documentation (#149961)\n\nCloses #113928\r\n\r\n## Summary\r\n\r\n- Adds 'xpack.security.authc.providers' to the list of settings that\r\nmust be the same across all Kibana instances behind a load balancer.\r\n- Adds a warning block explaining why the authentication providers need\r\nto match, and an additional configuration case where this applies\r\n(Kibana instances that are backed by the same ES instance and share the\r\nsame kibana.index).","sha":"1418d753eacd0095cca4f08af5c5b12cc9af0817","branchLabelMapping":{"^v8.7.0$":"main","^v(\\d+).(\\d+).\\d+$":"$1.$2"}},"sourcePullRequest":{"labels":["Team:Security","release_note:skip","docs","Feature:Security/Session Management","backport:all-open","v8.7.0"],"number":149961,"url":"https://github.com/elastic/kibana/pull/149961","mergeCommit":{"message":"[Docs] Adds authentication providers sync to load balancing documentation (#149961)\n\nCloses #113928\r\n\r\n## Summary\r\n\r\n- Adds 'xpack.security.authc.providers' to the list of settings that\r\nmust be the same across all Kibana instances behind a load balancer.\r\n- Adds a warning block explaining why the authentication providers need\r\nto match, and an additional configuration case where this applies\r\n(Kibana instances that are backed by the same ES instance and share the\r\nsame kibana.index).","sha":"1418d753eacd0095cca4f08af5c5b12cc9af0817"}},"sourceBranch":"main","suggestedTargetBranches":[],"targetPullRequestStates":[{"branch":"main","label":"v8.7.0","labelRegex":"^v8.7.0$","isSourceBranch":true,"state":"MERGED","url":"https://github.com/elastic/kibana/pull/149961","number":149961,"mergeCommit":{"message":"[Docs] Adds authentication providers sync to load balancing documentation (#149961)\n\nCloses #113928\r\n\r\n## Summary\r\n\r\n- Adds 'xpack.security.authc.providers' to the list of settings that\r\nmust be the same across all Kibana instances behind a load balancer.\r\n- Adds a warning block explaining why the authentication providers need\r\nto match, and an additional configuration case where this applies\r\n(Kibana instances that are backed by the same ES instance and share the\r\nsame kibana.index).","sha":"1418d753eacd0095cca4f08af5c5b12cc9af0817"}}]}] BACKPORT--> Co-authored-by: Jeramy Soucy <jeramy.soucy@elastic.co>
kibanamachine
added a commit
that referenced
this issue
Feb 2, 2023
…umentation (#149961) (#150193) # Backport This will backport the following commits from `main` to `8.6`: - [[Docs] Adds authentication providers sync to load balancing documentation (#149961)](#149961) <!--- Backport version: 8.9.7 --> ### Questions ? Please refer to the [Backport tool documentation](https://github.com/sqren/backport) <!--BACKPORT [{"author":{"name":"Jeramy Soucy","email":"jeramy.soucy@elastic.co"},"sourceCommit":{"committedDate":"2023-02-02T16:11:35Z","message":"[Docs] Adds authentication providers sync to load balancing documentation (#149961)\n\nCloses #113928\r\n\r\n## Summary\r\n\r\n- Adds 'xpack.security.authc.providers' to the list of settings that\r\nmust be the same across all Kibana instances behind a load balancer.\r\n- Adds a warning block explaining why the authentication providers need\r\nto match, and an additional configuration case where this applies\r\n(Kibana instances that are backed by the same ES instance and share the\r\nsame kibana.index).","sha":"1418d753eacd0095cca4f08af5c5b12cc9af0817","branchLabelMapping":{"^v8.7.0$":"main","^v(\\d+).(\\d+).\\d+$":"$1.$2"}},"sourcePullRequest":{"labels":["Team:Security","release_note:skip","docs","Feature:Security/Session Management","backport:all-open","v8.7.0"],"number":149961,"url":"https://github.com/elastic/kibana/pull/149961","mergeCommit":{"message":"[Docs] Adds authentication providers sync to load balancing documentation (#149961)\n\nCloses #113928\r\n\r\n## Summary\r\n\r\n- Adds 'xpack.security.authc.providers' to the list of settings that\r\nmust be the same across all Kibana instances behind a load balancer.\r\n- Adds a warning block explaining why the authentication providers need\r\nto match, and an additional configuration case where this applies\r\n(Kibana instances that are backed by the same ES instance and share the\r\nsame kibana.index).","sha":"1418d753eacd0095cca4f08af5c5b12cc9af0817"}},"sourceBranch":"main","suggestedTargetBranches":[],"targetPullRequestStates":[{"branch":"main","label":"v8.7.0","labelRegex":"^v8.7.0$","isSourceBranch":true,"state":"MERGED","url":"https://github.com/elastic/kibana/pull/149961","number":149961,"mergeCommit":{"message":"[Docs] Adds authentication providers sync to load balancing documentation (#149961)\n\nCloses #113928\r\n\r\n## Summary\r\n\r\n- Adds 'xpack.security.authc.providers' to the list of settings that\r\nmust be the same across all Kibana instances behind a load balancer.\r\n- Adds a warning block explaining why the authentication providers need\r\nto match, and an additional configuration case where this applies\r\n(Kibana instances that are backed by the same ES instance and share the\r\nsame kibana.index).","sha":"1418d753eacd0095cca4f08af5c5b12cc9af0817"}}]}] BACKPORT--> Co-authored-by: Jeramy Soucy <jeramy.soucy@elastic.co>
ogupte
pushed a commit
to ogupte/kibana
that referenced
this issue
Feb 3, 2023
…tion (elastic#149961) Closes elastic#113928 ## Summary - Adds 'xpack.security.authc.providers' to the list of settings that must be the same across all Kibana instances behind a load balancer. - Adds a warning block explaining why the authentication providers need to match, and an additional configuration case where this applies (Kibana instances that are backed by the same ES instance and share the same kibana.index).
darnautov
pushed a commit
to darnautov/kibana
that referenced
this issue
Feb 7, 2023
…tion (elastic#149961) Closes elastic#113928 ## Summary - Adds 'xpack.security.authc.providers' to the list of settings that must be the same across all Kibana instances behind a load balancer. - Adds a warning block explaining why the authentication providers need to match, and an additional configuration case where this applies (Kibana instances that are backed by the same ES instance and share the same kibana.index).
benakansara
pushed a commit
to benakansara/kibana
that referenced
this issue
Feb 7, 2023
…tion (elastic#149961) Closes elastic#113928 ## Summary - Adds 'xpack.security.authc.providers' to the list of settings that must be the same across all Kibana instances behind a load balancer. - Adds a warning block explaining why the authentication providers need to match, and an additional configuration case where this applies (Kibana instances that are backed by the same ES instance and share the same kibana.index).
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
We currently have a docs page that describes how to set up Kibana in a production environment: https://www.elastic.co/guide/en/kibana/7.15/production.html#load-balancing-kibana
It rightly points out that several settings need to be the same across Kibana instances:
However, since we added server-side sessions in 7.10 (#68117), each Kibana instance also needs to have the same auth providers (
xpack.security.authc.providers). Otherwise, when one Kibana instance goes to clean up sessions, it will delete any sessions from providers that it does not recognize.Also note, this all applies to any Kibana instances that are backed by the same Elasticsearch instance and share the same
kibana.index, even if they are not behind the same load balancer. So we should update the docs to reflect that.The text was updated successfully, but these errors were encountered: