-
Notifications
You must be signed in to change notification settings - Fork 8.2k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Update docs for load balancing - auth providers must be in sync #113928
Labels
docs
good first issue
low hanging fruit
Team:Security
Team focused on: Auth, Users, Roles, Spaces, Audit Logging, and more!
Comments
jportner
added
Team:Security
Team focused on: Auth, Users, Roles, Spaces, Audit Logging, and more!
docs
labels
Oct 5, 2021
Pinging @elastic/kibana-security (Team:Security) |
exalate-issue-sync
bot
added
impact:low
Addressing this issue will have a low level of impact on the quality/strength of our product.
loe:small
Small Level of Effort
labels
Oct 5, 2021
legrego
removed
loe:small
Small Level of Effort
impact:low
Addressing this issue will have a low level of impact on the quality/strength of our product.
labels
Aug 22, 2022
jeramysoucy
added a commit
that referenced
this issue
Feb 2, 2023
…tion (#149961) Closes #113928 ## Summary - Adds 'xpack.security.authc.providers' to the list of settings that must be the same across all Kibana instances behind a load balancer. - Adds a warning block explaining why the authentication providers need to match, and an additional configuration case where this applies (Kibana instances that are backed by the same ES instance and share the same kibana.index).
kibanamachine
pushed a commit
to kibanamachine/kibana
that referenced
this issue
Feb 2, 2023
…tion (elastic#149961) Closes elastic#113928 ## Summary - Adds 'xpack.security.authc.providers' to the list of settings that must be the same across all Kibana instances behind a load balancer. - Adds a warning block explaining why the authentication providers need to match, and an additional configuration case where this applies (Kibana instances that are backed by the same ES instance and share the same kibana.index). (cherry picked from commit 1418d75)
kibanamachine
pushed a commit
to kibanamachine/kibana
that referenced
this issue
Feb 2, 2023
…tion (elastic#149961) Closes elastic#113928 ## Summary - Adds 'xpack.security.authc.providers' to the list of settings that must be the same across all Kibana instances behind a load balancer. - Adds a warning block explaining why the authentication providers need to match, and an additional configuration case where this applies (Kibana instances that are backed by the same ES instance and share the same kibana.index). (cherry picked from commit 1418d75)
kibanamachine
added a commit
that referenced
this issue
Feb 2, 2023
…cumentation (#149961) (#150192) # Backport This will backport the following commits from `main` to `7.17`: - [[Docs] Adds authentication providers sync to load balancing documentation (#149961)](#149961) <!--- Backport version: 8.9.7 --> ### Questions ? Please refer to the [Backport tool documentation](https://github.com/sqren/backport) <!--BACKPORT [{"author":{"name":"Jeramy Soucy","email":"jeramy.soucy@elastic.co"},"sourceCommit":{"committedDate":"2023-02-02T16:11:35Z","message":"[Docs] Adds authentication providers sync to load balancing documentation (#149961)\n\nCloses #113928\r\n\r\n## Summary\r\n\r\n- Adds 'xpack.security.authc.providers' to the list of settings that\r\nmust be the same across all Kibana instances behind a load balancer.\r\n- Adds a warning block explaining why the authentication providers need\r\nto match, and an additional configuration case where this applies\r\n(Kibana instances that are backed by the same ES instance and share the\r\nsame kibana.index).","sha":"1418d753eacd0095cca4f08af5c5b12cc9af0817","branchLabelMapping":{"^v8.7.0$":"main","^v(\\d+).(\\d+).\\d+$":"$1.$2"}},"sourcePullRequest":{"labels":["Team:Security","release_note:skip","docs","Feature:Security/Session Management","backport:all-open","v8.7.0"],"number":149961,"url":"https://github.com/elastic/kibana/pull/149961","mergeCommit":{"message":"[Docs] Adds authentication providers sync to load balancing documentation (#149961)\n\nCloses #113928\r\n\r\n## Summary\r\n\r\n- Adds 'xpack.security.authc.providers' to the list of settings that\r\nmust be the same across all Kibana instances behind a load balancer.\r\n- Adds a warning block explaining why the authentication providers need\r\nto match, and an additional configuration case where this applies\r\n(Kibana instances that are backed by the same ES instance and share the\r\nsame kibana.index).","sha":"1418d753eacd0095cca4f08af5c5b12cc9af0817"}},"sourceBranch":"main","suggestedTargetBranches":[],"targetPullRequestStates":[{"branch":"main","label":"v8.7.0","labelRegex":"^v8.7.0$","isSourceBranch":true,"state":"MERGED","url":"https://github.com/elastic/kibana/pull/149961","number":149961,"mergeCommit":{"message":"[Docs] Adds authentication providers sync to load balancing documentation (#149961)\n\nCloses #113928\r\n\r\n## Summary\r\n\r\n- Adds 'xpack.security.authc.providers' to the list of settings that\r\nmust be the same across all Kibana instances behind a load balancer.\r\n- Adds a warning block explaining why the authentication providers need\r\nto match, and an additional configuration case where this applies\r\n(Kibana instances that are backed by the same ES instance and share the\r\nsame kibana.index).","sha":"1418d753eacd0095cca4f08af5c5b12cc9af0817"}}]}] BACKPORT--> Co-authored-by: Jeramy Soucy <jeramy.soucy@elastic.co>
kibanamachine
added a commit
that referenced
this issue
Feb 2, 2023
…umentation (#149961) (#150193) # Backport This will backport the following commits from `main` to `8.6`: - [[Docs] Adds authentication providers sync to load balancing documentation (#149961)](#149961) <!--- Backport version: 8.9.7 --> ### Questions ? Please refer to the [Backport tool documentation](https://github.com/sqren/backport) <!--BACKPORT [{"author":{"name":"Jeramy Soucy","email":"jeramy.soucy@elastic.co"},"sourceCommit":{"committedDate":"2023-02-02T16:11:35Z","message":"[Docs] Adds authentication providers sync to load balancing documentation (#149961)\n\nCloses #113928\r\n\r\n## Summary\r\n\r\n- Adds 'xpack.security.authc.providers' to the list of settings that\r\nmust be the same across all Kibana instances behind a load balancer.\r\n- Adds a warning block explaining why the authentication providers need\r\nto match, and an additional configuration case where this applies\r\n(Kibana instances that are backed by the same ES instance and share the\r\nsame kibana.index).","sha":"1418d753eacd0095cca4f08af5c5b12cc9af0817","branchLabelMapping":{"^v8.7.0$":"main","^v(\\d+).(\\d+).\\d+$":"$1.$2"}},"sourcePullRequest":{"labels":["Team:Security","release_note:skip","docs","Feature:Security/Session Management","backport:all-open","v8.7.0"],"number":149961,"url":"https://github.com/elastic/kibana/pull/149961","mergeCommit":{"message":"[Docs] Adds authentication providers sync to load balancing documentation (#149961)\n\nCloses #113928\r\n\r\n## Summary\r\n\r\n- Adds 'xpack.security.authc.providers' to the list of settings that\r\nmust be the same across all Kibana instances behind a load balancer.\r\n- Adds a warning block explaining why the authentication providers need\r\nto match, and an additional configuration case where this applies\r\n(Kibana instances that are backed by the same ES instance and share the\r\nsame kibana.index).","sha":"1418d753eacd0095cca4f08af5c5b12cc9af0817"}},"sourceBranch":"main","suggestedTargetBranches":[],"targetPullRequestStates":[{"branch":"main","label":"v8.7.0","labelRegex":"^v8.7.0$","isSourceBranch":true,"state":"MERGED","url":"https://github.com/elastic/kibana/pull/149961","number":149961,"mergeCommit":{"message":"[Docs] Adds authentication providers sync to load balancing documentation (#149961)\n\nCloses #113928\r\n\r\n## Summary\r\n\r\n- Adds 'xpack.security.authc.providers' to the list of settings that\r\nmust be the same across all Kibana instances behind a load balancer.\r\n- Adds a warning block explaining why the authentication providers need\r\nto match, and an additional configuration case where this applies\r\n(Kibana instances that are backed by the same ES instance and share the\r\nsame kibana.index).","sha":"1418d753eacd0095cca4f08af5c5b12cc9af0817"}}]}] BACKPORT--> Co-authored-by: Jeramy Soucy <jeramy.soucy@elastic.co>
ogupte
pushed a commit
to ogupte/kibana
that referenced
this issue
Feb 3, 2023
…tion (elastic#149961) Closes elastic#113928 ## Summary - Adds 'xpack.security.authc.providers' to the list of settings that must be the same across all Kibana instances behind a load balancer. - Adds a warning block explaining why the authentication providers need to match, and an additional configuration case where this applies (Kibana instances that are backed by the same ES instance and share the same kibana.index).
darnautov
pushed a commit
to darnautov/kibana
that referenced
this issue
Feb 7, 2023
…tion (elastic#149961) Closes elastic#113928 ## Summary - Adds 'xpack.security.authc.providers' to the list of settings that must be the same across all Kibana instances behind a load balancer. - Adds a warning block explaining why the authentication providers need to match, and an additional configuration case where this applies (Kibana instances that are backed by the same ES instance and share the same kibana.index).
benakansara
pushed a commit
to benakansara/kibana
that referenced
this issue
Feb 7, 2023
…tion (elastic#149961) Closes elastic#113928 ## Summary - Adds 'xpack.security.authc.providers' to the list of settings that must be the same across all Kibana instances behind a load balancer. - Adds a warning block explaining why the authentication providers need to match, and an additional configuration case where this applies (Kibana instances that are backed by the same ES instance and share the same kibana.index).
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Labels
docs
good first issue
low hanging fruit
Team:Security
Team focused on: Auth, Users, Roles, Spaces, Audit Logging, and more!
We currently have a docs page that describes how to set up Kibana in a production environment: https://www.elastic.co/guide/en/kibana/7.15/production.html#load-balancing-kibana
It rightly points out that several settings need to be the same across Kibana instances:
However, since we added server-side sessions in 7.10 (#68117), each Kibana instance also needs to have the same auth providers (
xpack.security.authc.providers
). Otherwise, when one Kibana instance goes to clean up sessions, it will delete any sessions from providers that it does not recognize.Also note, this all applies to any Kibana instances that are backed by the same Elasticsearch instance and share the same
kibana.index
, even if they are not behind the same load balancer. So we should update the docs to reflect that.The text was updated successfully, but these errors were encountered: