Invalidate user sessions API
editInvalidate user sessions API
edit[preview] This functionality is in technical preview and may be changed or removed in a future release. Elastic will work to fix any issues, but features in technical preview are not subject to the support SLA of official GA features. Invalidates user sessions that match provided query.
Prerequisite
editTo use the invalidate user sessions API, you must be a superuser
.
Request
editPOST <kibana host>:<port>/api/security/session/_invalidate
Request body
edit-
match
-
(Required, string) Specifies how Kibana determines which sessions to invalidate. Can either be
all
to invalidate all existing sessions, orquery
to only invalidate sessions that match the query specified in the additionalquery
parameter. -
query
-
(Optional, object) Specifies the query that Kibana uses to match the sessions to invalidate when the
match
parameter is set toquery
. You cannot use this parameter ifmatch
is set toall
.Properties of
query
-
provider
-
(Required, object) Describes the authentication providers for which to invalidate sessions.
-
type
-
(Required, string) The authentication provider
type
. -
name
-
(Optional, string) The authentication provider
name
.
-
-
username
- (Optional, string) The username for which to invalidate sessions.
-
Response body
edit-
total
- (number) The number of successfully invalidated sessions.
Response codes
edit-
200
- Indicates a successful call.
-
403
- Indicates that the user may not be authorized to invalidate sessions for other users. Refer to prerequisites.
Examples
editInvalidate all existing sessions:
$ curl -X POST api/security/session/_invalidate { "match" : "all" }
Invalidate sessions that were created by any SAML authentication provider:
$ curl -X POST api/security/session/_invalidate { "match" : "query", "query": { "provider" : { "type": "saml" } } }
Invalidate sessions that were created by the SAML authentication provider with the name saml1
:
$ curl -X POST api/security/session/_invalidate { "match" : "query", "query": { "provider" : { "type": "saml", "name": "saml1" } } }
Invalidate sessions that were created by any OpenID Connect authentication provider for the user with the username user@my-oidc-sso.com
:
$ curl -X POST api/security/session/_invalidate { "match" : "query", "query": { "provider" : { "type": "oidc" }, "username": "user@my-oidc-sso.com" } }