[Docs] Adds authentication providers sync to load balancing documenta…

…tion (elastic#149961) Closes elastic#113928 ## Summary - Adds 'xpack.security.authc.providers' to the list of settings that must be the same across all Kibana instances behind a load balancer. - Adds a warning block explaining why the authentication providers need to match, and an additional configuration case where this applies (Kibana instances that are backed by the same ES instance and share the same kibana.index). (cherry picked from commit 1418d75)
kibanamachine · Feb 2, 2023 · 08153e2 · 08153e2
1 parent 21bc268
commit 08153e2
Showing 1 changed file with 7 additions and 0 deletions.
diff --git a/docs/user/production-considerations/production.asciidoc b/docs/user/production-considerations/production.asciidoc
@@ -42,11 +42,18 @@ These settings must be the same:
 [source,js]
 --------
 xpack.security.encryptionKey //decrypting session information
+xpack.security.authc.* // authentication configuration
+xpack.security.session.* // session configuration
 xpack.reporting.encryptionKey //decrypting reports
 xpack.encryptedSavedObjects.encryptionKey // decrypting saved objects
 xpack.encryptedSavedObjects.keyRotation.decryptionOnlyKeys // saved objects encryption key rotation, if any
 --------
 
+[WARNING]
+====
+If the authentication configuration does not match, sessions from unrecognized providers in each {kib} instance will be deleted during that instance's regular session cleanup. Similarly, inconsistencies in session configuration can also lead to undesired session logouts. This also applies to any {kib} instances that are backed by the same {es} instance and share the same kibana.index, even if they are not behind the same load balancer.
+====
+
 Separate configuration files can be used from the command line by using the `-c` flag:
 [source,js]
 --------