search

elastic / elasticsearch

Free and Open Source, Distributed, RESTful Search Engine
https://www.elastic.co/products/elasticsearch
Other
1.49k stars 24.89k forks source link

OIDC and SAML documentation feedback #60135

Open InbarShimshon opened 4 years ago

InbarShimshon commented 4 years ago

Description

These doc improvements are based on SF00575547 in which these feedbacks were raised.

1) OIDC - the documentation is lacking clarity We do not state that this must be added on all ES nodes including ML nodes - we should be more explicit in stipulating this in our external documentation

xpack: 
  security: 
    authc: 
      realms: 
        oidc: 
          oidc1:
            order: 2
            rp.client_id: "600b406e-1973-4b52-b403-3618b2c697c5"
            rp.response_type: code
            rp.redirect_uri: "https://dd03d9e6718e49549713844c652905f3.westeurope.azure.elastic-cloud.com:9243/api/security/oidc/callback"
            op.issuer: "https://login.microsoftonline.com/f6ef6357-0061-40a6-a292-e2f30e1ef991/v2.0"
            op.authorization_endpoint: "https://login.microsoftonline.com/f6ef6357-0061-40a6-a292-e2f30e1ef991/oauth2/v2.0/authorize"
            op.token_endpoint: "https://login.microsoftonline.com/f6ef6357-0061-40a6-a292-e2f30e1ef991/oauth2/v2.0/token"
            op.jwkset_path: "https://login.microsoftonline.com/f6ef6357-0061-40a6-a292-e2f30e1ef991/discovery/v2.0/keys"
            op.userinfo_endpoint: "https://graph.microsoft.com/oidc/userinfo"
            op.endsession_endpoint: "https://login.microsoftonline.com/f6ef6357-0061-40a6-a292-e2f30e1ef991/oauth2/v2.0/logout"
            rp.post_logout_redirect_uri: "https://dd03d9e6718e49549713844c652905f3.westeurope.azure.elastic-cloud.com:9243/logged_out"
            claims.principal: name
            claims.groups: groups

Acceptance Test Criteria

List all the ATC of each action and its intended result. As a user, when [action (e.g., viewing, clicking, selecting, etc.)] the [insert the expected result]. If the doc issue includes a procedure, number the steps in sequential order.

2) I think it would be very helpful to have a section on "Life examples" for big 3-5 OIDC providers (Google, Microsoft, Amazon) ti cover most common set-ups to strealine the guideliens for users.

Notes

jmikell821 commented 4 years ago

@InbarShimshon hi! We need more clarity on this issue so we know how to best proceed. Which topic does this content exist - can you copy and paste the URL or give the topic name? What needs to be added to all ES nodes?

InbarShimshon commented 4 years ago

Hey @jmikell821 in https://www.elastic.co/guide/en/elasticsearch/reference/master/oidc-guide-authentication.html#oidc-create-realm there is no mentioning that the below code should be set up on all ES (and ML) nodes image