From f5024c93e5c806d9573a766e4e7cea4d7ec08446 Mon Sep 17 00:00:00 2001 From: Stephen Crawford <65832608+scrawfor99@users.noreply.github.com> Date: Thu, 21 Dec 2023 17:16:23 -0500 Subject: [PATCH 1/2] Update JWT documentation to recommend only using jwt_header or audit logging not both (#5914) * readd auth token doc Signed-off-by: Stephen Crawford * Fix vale Signed-off-by: Stephen Crawford * Update _security/access-control/authentication-tokens.md Co-authored-by: kolchfa-aws <105444904+kolchfa-aws@users.noreply.github.com> Signed-off-by: Stephen Crawford <65832608+scrawfor99@users.noreply.github.com> * Update _security/access-control/authentication-tokens.md Co-authored-by: kolchfa-aws <105444904+kolchfa-aws@users.noreply.github.com> Signed-off-by: Stephen Crawford <65832608+scrawfor99@users.noreply.github.com> * Update _security/access-control/authentication-tokens.md Co-authored-by: kolchfa-aws <105444904+kolchfa-aws@users.noreply.github.com> Signed-off-by: Stephen Crawford <65832608+scrawfor99@users.noreply.github.com> * Update _security/access-control/authentication-tokens.md Co-authored-by: kolchfa-aws <105444904+kolchfa-aws@users.noreply.github.com> Signed-off-by: Stephen Crawford <65832608+scrawfor99@users.noreply.github.com> * Update _security/access-control/authentication-tokens.md Co-authored-by: kolchfa-aws <105444904+kolchfa-aws@users.noreply.github.com> Signed-off-by: Stephen Crawford <65832608+scrawfor99@users.noreply.github.com> * Update _security/access-control/authentication-tokens.md Co-authored-by: kolchfa-aws <105444904+kolchfa-aws@users.noreply.github.com> Signed-off-by: Stephen Crawford <65832608+scrawfor99@users.noreply.github.com> * Update _security/access-control/authentication-tokens.md Co-authored-by: kolchfa-aws <105444904+kolchfa-aws@users.noreply.github.com> Signed-off-by: Stephen Crawford <65832608+scrawfor99@users.noreply.github.com> * Update _security/access-control/authentication-tokens.md Co-authored-by: kolchfa-aws <105444904+kolchfa-aws@users.noreply.github.com> Signed-off-by: Stephen Crawford <65832608+scrawfor99@users.noreply.github.com> * Update _security/access-control/authentication-tokens.md Co-authored-by: kolchfa-aws <105444904+kolchfa-aws@users.noreply.github.com> Signed-off-by: Stephen Crawford <65832608+scrawfor99@users.noreply.github.com> * Update _security/access-control/authentication-tokens.md Co-authored-by: kolchfa-aws <105444904+kolchfa-aws@users.noreply.github.com> Signed-off-by: Stephen Crawford <65832608+scrawfor99@users.noreply.github.com> * Update _security/access-control/authentication-tokens.md Co-authored-by: kolchfa-aws <105444904+kolchfa-aws@users.noreply.github.com> Signed-off-by: Stephen Crawford <65832608+scrawfor99@users.noreply.github.com> * Update _security/access-control/authentication-tokens.md Co-authored-by: kolchfa-aws <105444904+kolchfa-aws@users.noreply.github.com> Signed-off-by: Stephen Crawford <65832608+scrawfor99@users.noreply.github.com> * Update _security/access-control/authentication-tokens.md Co-authored-by: kolchfa-aws <105444904+kolchfa-aws@users.noreply.github.com> Signed-off-by: Stephen Crawford <65832608+scrawfor99@users.noreply.github.com> * Update _security/access-control/authentication-tokens.md Co-authored-by: kolchfa-aws <105444904+kolchfa-aws@users.noreply.github.com> Signed-off-by: Stephen Crawford <65832608+scrawfor99@users.noreply.github.com> * Update _security/access-control/authentication-tokens.md Co-authored-by: kolchfa-aws <105444904+kolchfa-aws@users.noreply.github.com> Signed-off-by: Stephen Crawford <65832608+scrawfor99@users.noreply.github.com> * Update _security/access-control/authentication-tokens.md Co-authored-by: kolchfa-aws <105444904+kolchfa-aws@users.noreply.github.com> Signed-off-by: Stephen Crawford <65832608+scrawfor99@users.noreply.github.com> * Update _security/access-control/authentication-tokens.md Co-authored-by: kolchfa-aws <105444904+kolchfa-aws@users.noreply.github.com> Signed-off-by: Stephen Crawford <65832608+scrawfor99@users.noreply.github.com> * Update _security/access-control/authentication-tokens.md Co-authored-by: kolchfa-aws <105444904+kolchfa-aws@users.noreply.github.com> Signed-off-by: Stephen Crawford <65832608+scrawfor99@users.noreply.github.com> * Update _security/access-control/authentication-tokens.md Co-authored-by: kolchfa-aws <105444904+kolchfa-aws@users.noreply.github.com> Signed-off-by: Stephen Crawford <65832608+scrawfor99@users.noreply.github.com> * Update _security/access-control/authentication-tokens.md Co-authored-by: kolchfa-aws <105444904+kolchfa-aws@users.noreply.github.com> Signed-off-by: Stephen Crawford <65832608+scrawfor99@users.noreply.github.com> * Update _security/access-control/authentication-tokens.md Signed-off-by: Stephen Crawford <65832608+scrawfor99@users.noreply.github.com> * Update _security/access-control/authentication-tokens.md Co-authored-by: kolchfa-aws <105444904+kolchfa-aws@users.noreply.github.com> Signed-off-by: Stephen Crawford <65832608+scrawfor99@users.noreply.github.com> * Update _security/access-control/authentication-tokens.md Signed-off-by: Stephen Crawford <65832608+scrawfor99@users.noreply.github.com> * Update _security/access-control/authentication-tokens.md Signed-off-by: Stephen Crawford <65832608+scrawfor99@users.noreply.github.com> * Update _security/access-control/authentication-tokens.md Signed-off-by: Stephen Crawford <65832608+scrawfor99@users.noreply.github.com> * Update _security/access-control/authentication-tokens.md Signed-off-by: Stephen Crawford <65832608+scrawfor99@users.noreply.github.com> * Apply suggestions from code review Signed-off-by: Stephen Crawford <65832608+scrawfor99@users.noreply.github.com> * Update _security/access-control/authentication-tokens.md Signed-off-by: Stephen Crawford <65832608+scrawfor99@users.noreply.github.com> * Update _security/access-control/authentication-tokens.md Signed-off-by: Stephen Crawford <65832608+scrawfor99@users.noreply.github.com> * Update _security/access-control/authentication-tokens.md Signed-off-by: Stephen Crawford <65832608+scrawfor99@users.noreply.github.com> * Update _security/access-control/authentication-tokens.md Signed-off-by: Stephen Crawford <65832608+scrawfor99@users.noreply.github.com> * Apply suggestions from code review Signed-off-by: Stephen Crawford <65832608+scrawfor99@users.noreply.github.com> * Update _security/access-control/authentication-tokens.md Signed-off-by: Stephen Crawford <65832608+scrawfor99@users.noreply.github.com> * Fix embedded command Signed-off-by: Stephen Crawford * Blank lines after headings Signed-off-by: Stephen Crawford * Update _security/access-control/authentication-tokens.md Co-authored-by: Melissa Vagi Signed-off-by: Stephen Crawford <65832608+scrawfor99@users.noreply.github.com> * Update _security/access-control/authentication-tokens.md Co-authored-by: Melissa Vagi Signed-off-by: Stephen Crawford <65832608+scrawfor99@users.noreply.github.com> * Update _security/access-control/authentication-tokens.md Co-authored-by: Melissa Vagi Signed-off-by: Stephen Crawford <65832608+scrawfor99@users.noreply.github.com> * Update _security/access-control/authentication-tokens.md Co-authored-by: Melissa Vagi Signed-off-by: Stephen Crawford <65832608+scrawfor99@users.noreply.github.com> * change Signed-off-by: Stephen Crawford * Update _security/access-control/authentication-tokens.md Co-authored-by: Melissa Vagi Signed-off-by: Stephen Crawford <65832608+scrawfor99@users.noreply.github.com> * Update _security/access-control/authentication-tokens.md Co-authored-by: Melissa Vagi Signed-off-by: Stephen Crawford <65832608+scrawfor99@users.noreply.github.com> * Update _security/access-control/authentication-tokens.md Co-authored-by: Melissa Vagi Signed-off-by: Stephen Crawford <65832608+scrawfor99@users.noreply.github.com> * Update _security/access-control/authentication-tokens.md Co-authored-by: Melissa Vagi Signed-off-by: Stephen Crawford <65832608+scrawfor99@users.noreply.github.com> * Update _security/access-control/authentication-tokens.md Co-authored-by: Melissa Vagi Signed-off-by: Stephen Crawford <65832608+scrawfor99@users.noreply.github.com> * Update _security/access-control/authentication-tokens.md Co-authored-by: Melissa Vagi Signed-off-by: Stephen Crawford <65832608+scrawfor99@users.noreply.github.com> * Apply suggestions from code review Co-authored-by: Melissa Vagi Signed-off-by: Stephen Crawford <65832608+scrawfor99@users.noreply.github.com> * Style guidelines Signed-off-by: Stephen Crawford * Update _security/access-control/authentication-tokens.md Signed-off-by: Stephen Crawford <65832608+scrawfor99@users.noreply.github.com> * Apply suggestions from code review Signed-off-by: Stephen Crawford <65832608+scrawfor99@users.noreply.github.com> * Update _security/access-control/authentication-tokens.md Co-authored-by: kolchfa-aws <105444904+kolchfa-aws@users.noreply.github.com> Signed-off-by: Stephen Crawford <65832608+scrawfor99@users.noreply.github.com> * Update _security/access-control/authentication-tokens.md Co-authored-by: kolchfa-aws <105444904+kolchfa-aws@users.noreply.github.com> Signed-off-by: Stephen Crawford <65832608+scrawfor99@users.noreply.github.com> * Update _security/access-control/authentication-tokens.md Co-authored-by: kolchfa-aws <105444904+kolchfa-aws@users.noreply.github.com> Signed-off-by: Stephen Crawford <65832608+scrawfor99@users.noreply.github.com> * Update _security/access-control/authentication-tokens.md Co-authored-by: kolchfa-aws <105444904+kolchfa-aws@users.noreply.github.com> Signed-off-by: Stephen Crawford <65832608+scrawfor99@users.noreply.github.com> * warn about audit logging of custom headers Signed-off-by: Stephen Crawford * Update _security/authentication-backends/jwt.md Co-authored-by: Naarcha-AWS <97990722+Naarcha-AWS@users.noreply.github.com> Signed-off-by: Stephen Crawford <65832608+scrawfor99@users.noreply.github.com> --------- Signed-off-by: Stephen Crawford Signed-off-by: Stephen Crawford <65832608+scrawfor99@users.noreply.github.com> Co-authored-by: kolchfa-aws <105444904+kolchfa-aws@users.noreply.github.com> Co-authored-by: Melissa Vagi Co-authored-by: Naarcha-AWS <97990722+Naarcha-AWS@users.noreply.github.com> (cherry picked from commit 7d8a6a379d2307b60f171a3d8e1a59edeb2a6488) --- _security/authentication-backends/jwt.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/_security/authentication-backends/jwt.md b/_security/authentication-backends/jwt.md index 629b6266f8..846004d45c 100644 --- a/_security/authentication-backends/jwt.md +++ b/_security/authentication-backends/jwt.md @@ -116,7 +116,7 @@ The following table lists the configuration parameters. Name | Description :--- | :--- `signing_key` | The signing key to use when verifying the token. If you use a symmetric key algorithm, it is the base64-encoded shared secret. If you use an asymmetric algorithm, it contains the public key. -`jwt_header` | The HTTP header in which the token is transmitted. This is typically the `Authorization` header with the `Bearer` schema: `Authorization: Bearer `. Default is `Authorization`. +`jwt_header` | The HTTP header in which the token is transmitted. This is typically the `Authorization` header with the `Bearer` schema,`Authorization: Bearer `. Default is `Authorization`. Replacing this field with a value other than `Authorization` prevents the audit log from properly redacting the JWT header from audit messages. It is recommended that users only use `Authorization` when using JWTs with audit logging. `jwt_url_parameter` | If the token is not transmitted in the HTTP header but rather as an URL parameter, define the name of the parameter here. `subject_key` | The key in the JSON payload that stores the username. If not set, the [subject](https://tools.ietf.org/html/rfc7519#section-4.1.2) registered claim is used. `roles_key` | The key in the JSON payload that stores the user's roles. The value of this key must be a comma-separated list of roles. From 28952dd39a0d4ef70ce689e872438e3fe1c84a5d Mon Sep 17 00:00:00 2001 From: Carlos Neto Date: Wed, 10 Jan 2024 16:03:31 -0300 Subject: [PATCH 2/2] Add `http.compression` Parameter Reference (#6051) * * [DOC] Added 'Search' nodes description in 'Creating a cluster' page * [DOC] fix the tabulation of searchable snapshots snippet example Signed-off-by: Carlos Neto * [DOC] add `http.compression` parameter reference Signed-off-by: Carlos Neto * Update network-settings.md --------- Signed-off-by: Carlos Neto Co-authored-by: Naarcha-AWS <97990722+Naarcha-AWS@users.noreply.github.com> (cherry picked from commit 7f84859fd5da8f86838a1ba82dc84b57e79d0a0c) --- .../configuring-opensearch/network-settings.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/_install-and-configure/configuring-opensearch/network-settings.md b/_install-and-configure/configuring-opensearch/network-settings.md index 00ae97caa4..4084bd6660 100644 --- a/_install-and-configure/configuring-opensearch/network-settings.md +++ b/_install-and-configure/configuring-opensearch/network-settings.md @@ -37,6 +37,8 @@ OpenSearch supports the following advanced network settings for HTTP communicati - `http.publish_host` (Static, list): Specifies an address or addresses that an OpenSearch node publishes to other nodes for HTTP communication. +- `http.compression` (Static, Boolean): Enables support for compression using `Accept-Encoding` when applicable. When `HTTPS` is enabled, the default is `false`, otherwise, the default is `true`. Disabling compression for HTTPS helps mitigate potential security risks, such as `BREACH` attacks. To enable compression for HTTPS traffic, explicitly set `http.compression` to `true`. + ## Advanced transport settings OpenSearch supports the following advanced network settings for transport communication: