From 5f12318880cb0e327aaad405af37e61b199500f2 Mon Sep 17 00:00:00 2001 From: Stephen Crawford <65832608+scrawfor99@users.noreply.github.com> Date: Mon, 13 Nov 2023 17:15:10 -0500 Subject: [PATCH] Update security documentation around username resolution (#5580) * readd auth token doc Signed-off-by: Stephen Crawford * Add docs Signed-off-by: Stephen Crawford * Remove extra file Signed-off-by: Stephen Crawford * remove please Signed-off-by: Stephen Crawford * Update _security/configuration/tls.md Signed-off-by: Stephen Crawford <65832608+scrawfor99@users.noreply.github.com> * Update Signed-off-by: Stephen Crawford * split pr Signed-off-by: Stephen Crawford --------- Signed-off-by: Stephen Crawford Signed-off-by: Stephen Crawford <65832608+scrawfor99@users.noreply.github.com> --- _security/authentication-backends/authc-index.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/_security/authentication-backends/authc-index.md b/_security/authentication-backends/authc-index.md index fc81f11a00..aee182c88f 100755 --- a/_security/authentication-backends/authc-index.md +++ b/_security/authentication-backends/authc-index.md @@ -17,7 +17,7 @@ Authentication backend configurations determine the method or methods you use fo 1. To identify a user who wants to access the cluster, the Security plugin needs the user's credentials. - These credentials differ depending on how you've configured the plugin. For example, if you use basic authentication, the credentials are a username and password. If you use a JSON web token, the credentials (username and roles) are stored within the token itself. If you use TLS certificates, the credentials are the distinguished name (DN) of the certificate. No matter which backend you use, these credentials are included in the request for authentication. + These credentials differ depending on how you've configured the plugin. For example, if you use basic authentication, the credentials are a username and password. If you use a JSON web token, the credentials (username and roles) are stored within the token itself. If you use TLS certificates, the credentials are the distinguished name (DN) of the certificate. No matter which backend you use, these credentials are included in the request for authentication. Note, the Security plugin does not distinguish between identity providers when handling standard role mappings. As a result, only backend roles will differ between two users with the same name coming from two different identity providers. 2. The Security plugin authenticates a request against a backend configured for an authentication provider. Some examples of authentication providers used with OpenSearch include Basic Auth (which uses the internal user database), LDAP/Active Directory, JSON web tokens, SAML, or another authentication protocol.