From 08153e2e8bb1e1e3dee0cb9feb1127a14349c445 Mon Sep 17 00:00:00 2001 From: Jeramy Soucy Date: Thu, 2 Feb 2023 11:11:35 -0500 Subject: [PATCH] [Docs] Adds authentication providers sync to load balancing documentation (#149961) Closes #113928 ## Summary - Adds 'xpack.security.authc.providers' to the list of settings that must be the same across all Kibana instances behind a load balancer. - Adds a warning block explaining why the authentication providers need to match, and an additional configuration case where this applies (Kibana instances that are backed by the same ES instance and share the same kibana.index). (cherry picked from commit 1418d753eacd0095cca4f08af5c5b12cc9af0817) --- docs/user/production-considerations/production.asciidoc | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/docs/user/production-considerations/production.asciidoc b/docs/user/production-considerations/production.asciidoc index f88eb25b191a9f..a7fb5f2135f661 100644 --- a/docs/user/production-considerations/production.asciidoc +++ b/docs/user/production-considerations/production.asciidoc @@ -42,11 +42,18 @@ These settings must be the same: [source,js] -------- xpack.security.encryptionKey //decrypting session information +xpack.security.authc.* // authentication configuration +xpack.security.session.* // session configuration xpack.reporting.encryptionKey //decrypting reports xpack.encryptedSavedObjects.encryptionKey // decrypting saved objects xpack.encryptedSavedObjects.keyRotation.decryptionOnlyKeys // saved objects encryption key rotation, if any -------- +[WARNING] +==== +If the authentication configuration does not match, sessions from unrecognized providers in each {kib} instance will be deleted during that instance's regular session cleanup. Similarly, inconsistencies in session configuration can also lead to undesired session logouts. This also applies to any {kib} instances that are backed by the same {es} instance and share the same kibana.index, even if they are not behind the same load balancer. +==== + Separate configuration files can be used from the command line by using the `-c` flag: [source,js] --------