Security settings in Kibana
editSecurity settings in Kibana
editYou do not need to configure any additional settings to use the security features in Kibana. They are enabled by default.
General security settings
edit
|
By default, Kibana automatically detects whether to enable the
security features based on the license and whether Elasticsearch security features
are enabled. |
|
Set to |
Authentication security settings
editYou configure the authentication settings in the xpack.security.authc.providers
namespace. For more information, refer to Authentication.
|
Specifies the types of authentication providers. |
For example:
xpack.security.authc.providers: [saml, basic, oidc]
SAML authentication provider settings
edit
|
When specified in |
|
Specifies the maximum size of the URL that Kibana is allowed to store during the SAML handshake. |
OpenID Connect authentication provider setting
edit
|
When specified in |
User interface security settings
editYou can configure the following settings in the kibana.yml
file.
|
Sets the name of the cookie used for the session. The default value is |
|
An arbitrary string of 32 characters or more that is used to encrypt credentials in a cookie. It is crucial that this key is not exposed to users of Kibana. By default, a value is automatically generated in memory. If you use that default behavior, all sessions are invalidated when Kibana restarts. In addition, high-availability deployments of Kibana will behave unexpectedly if this setting isn’t the same for all instances of Kibana. |
|
Sets the |
|
Sets the session duration. By default, sessions stay active until the browser is closed. When this is set to an explicit idle timeout, closing the browser still requires the user to log back in to Kibana. |
The format is a string of <count>[ms|s|m|h|d|w|M|Y]
(e.g. 70ms, 5s, 3d, 1Y).
|
Sets the maximum duration, also known as "absolute timeout". By default,
a session can be renewed indefinitely. When this value is set, a session will end
once its lifespan is exceeded, even if the user is not idle. NOTE: if |
The format is a
string of <count>[ms|s|m|h|d|w|M|Y]
(e.g. 70ms, 5s, 3d, 1Y).
|
Adds a message to the login screen. Useful for displaying information about maintenance windows, links to corporate sign up pages etc. |