Platform - Configuration - Security Realms

List security realm configurations

Retrieves a list of security realm configurations. NOTE: This is a beta feature.

Request

GET /api/v1/platform/configuration/security/realms

Responses

200
(SecurityRealmInfoList) The security realm configurations were successfully returned
Warning

To perform this operation, you must be authenticated by means of one of the following methods: apiKey, basicAuth.

Request example

curl -XGET {{hostname}}/api/v1/platform/configuration/security/realms \
-u $CLOUD_USER:$CLOUD_KEY

Reorder security realms

Reorder security realms. NOTE: This is a beta feature.

Request

POST /api/v1/platform/configuration/security/realms/_reorder

Request body

(SecurityRealmsReorderRequest) (required) The reorder request

Responses

200
(EmptyResponse) The reorder request was successful
400
(BasicFailedReply) * Invalid ids . (code: security_realm.invalid_ids) * Missing ids . (code: security_realm.missing_ids)
449
(BasicFailedReply) Elevated permissions are required. (code: root.unauthorized.rbac.elevated_permissions_required)
Warning

To perform this operation, you must be authenticated by means of one of the following methods: apiKey, basicAuth.

Request example

curl -XPOST {{hostname}}/api/v1/platform/configuration/security/realms/_reorder \
-u $CLOUD_USER:$CLOUD_KEY \
-H 'Content-Type: application/json' \
-d '
{
   "realms" : [
      "string"
   ]
}
'

Create LDAP configuration

Creates a new LDAP configuration. NOTE: This is a beta feature.

Request

POST /api/v1/platform/configuration/security/realms/ldap

Request body

(LdapSettings) (required) The LDAP configuration

Responses

201

(EmptyResponse) The LDAP configuration was successfully created

Headers

x-cloud-resource-created (string)
The date-time when the resource was created (ISO format relative to UTC)
x-cloud-resource-last-modified (string)
The date-time when the resource was last modified (ISO format relative to UTC)
x-cloud-resource-version (string)
The resource version, which is used to avoid update conflicts with concurrent operations
400
(BasicFailedReply) * The realm id is already in use. (code: security_realm.id_conflict) * The selected id is not valid. (code: security_realm.invalid_id) * Order must be greater than zero. (code: security_realm.invalid_order) * Invalid Elasticsearch Security realm type. (code: security_realm.invalid_type) * The realm order is already in use. (code: security_realm.order_conflict) * Advanced YAML format is invalid. (code: security_realm.invalid_yaml) * The url format is invalid. (code: security_realm.invalid_url) * Invalid LDAP URL. (code: security_realm.ldap.invalid_url) * Invalid certificate bundle URL. (code: security_realm.invalid_bundle_url)
449
(BasicFailedReply) Elevated permissions are required. (code: root.unauthorized.rbac.elevated_permissions_required)
Warning

To perform this operation, you must be authenticated by means of one of the following methods: apiKey, basicAuth.

Request example

curl -XPOST {{hostname}}/api/v1/platform/configuration/security/realms/ldap \
-u $CLOUD_USER:$CLOUD_KEY \
-H 'Content-Type: application/json' \
-d '
{
   "bind_anonymously" : true,
   "bind_dn" : "string",
   "bind_password" : "string",
   "bind_type" : "string",
   "certificate_url" : "string",
   "certificate_url_truststore_password" : "string",
   "certificate_url_truststore_type" : "string",
   "enabled" : true,
   "group_search" : {
      "base_dn" : "string",
      "filter" : "string",
      "scope" : "string",
      "user_attribute" : "string"
   },
   "id" : "string",
   "load_balance" : {
      "cache_ttl" : "string",
      "type" : "string"
   },
   "name" : "string",
   "order" : 0,
   "override_yaml" : "string",
   "role_mappings" : {
      "default_roles" : [
         "string"
      ],
      "rules" : [
         {
            "roles" : [
               "string"
            ],
            "type" : "string",
            "value" : "string"
         }
      ]
   },
   "urls" : [
      "string"
   ],
   "user_dn_templates" : [
      "string"
   ],
   "user_group_attribute" : "string",
   "user_search" : {
      "base_dn" : "string",
      "filter" : "string",
      "scope" : "string"
   }
}
'

Delete LDAP configuration

Deletes a single LDAP configuration. NOTE: This is a beta feature.

Request

DELETE /api/v1/platform/configuration/security/realms/ldap/{realm_id}

Path parameters

Name Type Required Description

realm_id

string

Y

The Elasticsearch Security realm identifier.

Query parameters

Name Type Required Description

version

integer

N

When specified, checks for conflicts against the version stored in the persistent store (returned in 'x-cloud-resource-version' of the GET request)

Responses

200
(EmptyResponse) The LDAP configuration was successfully deleted
404
(BasicFailedReply) The realm specified by {realm_id} cannot be found. (code: security_realm.not_found)
409
(BasicFailedReply) There is a version conflict. (code: security_realm.version_conflict)
449
(BasicFailedReply) Elevated permissions are required. (code: root.unauthorized.rbac.elevated_permissions_required)
Warning

To perform this operation, you must be authenticated by means of one of the following methods: apiKey, basicAuth.

Request example

curl -XDELETE {{hostname}}/api/v1/platform/configuration/security/realms/ldap/{realm_id} \
-u $CLOUD_USER:$CLOUD_KEY

Get LDAP configuration

Retrieves a single LDAP security realm configuration. NOTE: This is a beta feature.

Request

GET /api/v1/platform/configuration/security/realms/ldap/{realm_id}

Path parameters

Name Type Required Description

realm_id

string

Y

The Elasticsearch Security realm identifier.

Responses

200

(LdapSettings) The LDAP configuration was successfully retrieved

Headers

x-cloud-resource-created (string)
The date-time when the resource was created (ISO format relative to UTC)
x-cloud-resource-last-modified (string)
The date-time when the resource was last modified (ISO format relative to UTC)
x-cloud-resource-version (string)
The resource version, which is used to avoid update conflicts with concurrent operations
404
(BasicFailedReply) The realm specified by {realm_id} cannot be found. (code: security_realm.not_found)
Warning

To perform this operation, you must be authenticated by means of one of the following methods: apiKey, basicAuth.

Request example

curl -XGET {{hostname}}/api/v1/platform/configuration/security/realms/ldap/{realm_id} \
-u $CLOUD_USER:$CLOUD_KEY

Update LDAP configuration

Updates an existing LDAP configuration. NOTE: This is a beta feature.

Request

PUT /api/v1/platform/configuration/security/realms/ldap/{realm_id}

Path parameters

Name Type Required Description

realm_id

string

Y

The Elasticsearch Security realm identifier.

Query parameters

Name Type Required Description

version

integer

N

When specified, checks for conflicts against the version stored in the persistent store (returned in 'x-cloud-resource-version' of the GET request)

Request body

(LdapSettings) (required) The LDAP configuration

Responses

200

(EmptyResponse) The LDAP configuration was successfully updated

Headers

x-cloud-resource-created (string)
The date-time when the resource was created (ISO format relative to UTC)
x-cloud-resource-last-modified (string)
The date-time when the resource was last modified (ISO format relative to UTC)
x-cloud-resource-version (string)
The resource version, which is used to avoid update conflicts with concurrent operations
400
(BasicFailedReply) * The realm id is already in use. (code: security_realm.id_conflict) * The selected id is not valid. (code: security_realm.invalid_id) * Order must be greater than zero. (code: security_realm.invalid_order) * Invalid Elasticsearch Security realm type. (code: security_realm.invalid_type) * The realm order is already in use. (code: security_realm.order_conflict) * Advanced YAML format is invalid. (code: security_realm.invalid_yaml) * The url format is invalid. (code: security_realm.invalid_url) * Invalid LDAP URL. (code: security_realm.ldap.invalid_url) * Invalid certificate bundle URL. (code: security_realm.invalid_bundle_url)
404
(BasicFailedReply) The realm specified by {realm_id} cannot be found. (code: security_realm.not_found)
409
(BasicFailedReply) There is a version conflict. (code: security_realm.version_conflict)
449
(BasicFailedReply) Elevated permissions are required. (code: root.unauthorized.rbac.elevated_permissions_required)
Warning

To perform this operation, you must be authenticated by means of one of the following methods: apiKey, basicAuth.

Request example

curl -XPUT {{hostname}}/api/v1/platform/configuration/security/realms/ldap/{realm_id} \
-u $CLOUD_USER:$CLOUD_KEY \
-H 'Content-Type: application/json' \
-d '
{
   "bind_anonymously" : true,
   "bind_dn" : "string",
   "bind_password" : "string",
   "bind_type" : "string",
   "certificate_url" : "string",
   "certificate_url_truststore_password" : "string",
   "certificate_url_truststore_type" : "string",
   "enabled" : true,
   "group_search" : {
      "base_dn" : "string",
      "filter" : "string",
      "scope" : "string",
      "user_attribute" : "string"
   },
   "id" : "string",
   "load_balance" : {
      "cache_ttl" : "string",
      "type" : "string"
   },
   "name" : "string",
   "order" : 0,
   "override_yaml" : "string",
   "role_mappings" : {
      "default_roles" : [
         "string"
      ],
      "rules" : [
         {
            "roles" : [
               "string"
            ],
            "type" : "string",
            "value" : "string"
         }
      ]
   },
   "urls" : [
      "string"
   ],
   "user_dn_templates" : [
      "string"
   ],
   "user_group_attribute" : "string",
   "user_search" : {
      "base_dn" : "string",
      "filter" : "string",
      "scope" : "string"
   }
}
'

Create SAML configuration

Creates a new SAML configuration. NOTE: This is a beta feature.

Request

POST /api/v1/platform/configuration/security/realms/saml

Request body

(SamlSettings) (required) The SAML configuration

Responses

201

(EmptyResponse) The SAML configuration was successfully created

Headers

x-cloud-resource-created (string)
The date-time when the resource was created (ISO format relative to UTC)
x-cloud-resource-last-modified (string)
The date-time when the resource was last modified (ISO format relative to UTC)
x-cloud-resource-version (string)
The resource version, which is used to avoid update conflicts with concurrent operations
400
(BasicFailedReply) * The realm id is already in use. (code: security_realm.id_conflict) * The selected id is not valid. (code: security_realm.invalid_id) * Order must be greater than zero. (code: security_realm.invalid_order) * Invalid Elasticsearch Security realm type. (code: security_realm.invalid_type) * The realm order is already in use. (code: security_realm.order_conflict) * Advanced YAML format is invalid. (code: security_realm.invalid_yaml) * The SAML IDP metadata endpoint returned an error response code 200 OK. (code: security_realm.saml.invalid_idp_metadata_url) * Invalid certificate bundle URL. (code: security_realm.invalid_bundle_url)
449
(BasicFailedReply) Elevated permissions are required. (code: root.unauthorized.rbac.elevated_permissions_required)
Warning

To perform this operation, you must be authenticated by means of one of the following methods: apiKey, basicAuth.

Request example

curl -XPOST {{hostname}}/api/v1/platform/configuration/security/realms/saml \
-u $CLOUD_USER:$CLOUD_KEY \
-H 'Content-Type: application/json' \
-d '
{
   "attributes" : {
      "dn" : "string",
      "groups" : "string",
      "mail" : "string",
      "name" : "string",
      "principal" : "string"
   },
   "enabled" : true,
   "encryption_certificate_url" : "string",
   "encryption_certificate_url_password" : "string",
   "force_authn" : true,
   "id" : "string",
   "idp" : {
      "entity_id" : "string",
      "metadata_path" : "string",
      "use_single_logout" : true
   },
   "name" : "string",
   "order" : 0,
   "override_yaml" : "string",
   "role_mappings" : {
      "default_roles" : [
         "string"
      ],
      "rules" : [
         {
            "roles" : [
               "string"
            ],
            "type" : "string",
            "value" : "string"
         }
      ]
   },
   "signing_certificate_url" : "string",
   "signing_certificate_url_password" : "string",
   "signing_saml_messages" : [
      "string"
   ],
   "sp" : {
      "acs" : "string",
      "entity_id" : "string",
      "logout" : "string"
   },
   "ssl_certificate_url" : "string",
   "ssl_certificate_url_truststore_password" : "string",
   "ssl_certificate_url_truststore_type" : "string"
}
'

Delete SAML configuration

Deletes a single SAML configuration. NOTE: This is a beta feature.

Request

DELETE /api/v1/platform/configuration/security/realms/saml/{realm_id}

Path parameters

Name Type Required Description

realm_id

string

Y

The Elasticsearch Security realm identifier.

Query parameters

Name Type Required Description

version

integer

N

When specified, checks for conflicts against the version stored in the persistent store (returned in 'x-cloud-resource-version' of the GET request)

Responses

200
(EmptyResponse) The SAML configuration was successfully deleted
404
(BasicFailedReply) The realm specified by {realm_id} cannot be found. (code: security_realm.not_found)
409
(BasicFailedReply) There is a version conflict. (code: security_realm.version_conflict)
449
(BasicFailedReply) Elevated permissions are required. (code: root.unauthorized.rbac.elevated_permissions_required)
Warning

To perform this operation, you must be authenticated by means of one of the following methods: apiKey, basicAuth.

Request example

curl -XDELETE {{hostname}}/api/v1/platform/configuration/security/realms/saml/{realm_id} \
-u $CLOUD_USER:$CLOUD_KEY

Get SAML configuration

Retrieves a single SAML security realm configuration. NOTE: This is a beta feature.

Request

GET /api/v1/platform/configuration/security/realms/saml/{realm_id}

Path parameters

Name Type Required Description

realm_id

string

Y

The Elasticsearch Security realm identifier.

Responses

200

(SamlSettings) The SAML configuration was successfully retrieved

Headers

x-cloud-resource-created (string)
The date-time when the resource was created (ISO format relative to UTC)
x-cloud-resource-last-modified (string)
The date-time when the resource was last modified (ISO format relative to UTC)
x-cloud-resource-version (string)
The resource version, which is used to avoid update conflicts with concurrent operations
404
(BasicFailedReply) The realm specified by {realm_id} cannot be found. (code: security_realm.not_found)
Warning

To perform this operation, you must be authenticated by means of one of the following methods: apiKey, basicAuth.

Request example

curl -XGET {{hostname}}/api/v1/platform/configuration/security/realms/saml/{realm_id} \
-u $CLOUD_USER:$CLOUD_KEY

Update SAML configuration

Updates an existing SAML configuration. NOTE: This is a beta feature.

Request

PUT /api/v1/platform/configuration/security/realms/saml/{realm_id}

Path parameters

Name Type Required Description

realm_id

string

Y

The Elasticsearch Security realm identifier.

Query parameters

Name Type Required Description

version

integer

N

When specified, checks for conflicts against the version stored in the persistent store (returned in 'x-cloud-resource-version' of the GET request)

Request body

(SamlSettings) (required) The SAML configuration

Responses

200

(EmptyResponse) The SAML configuration was successfully updated

Headers

x-cloud-resource-created (string)
The date-time when the resource was created (ISO format relative to UTC)
x-cloud-resource-last-modified (string)
The date-time when the resource was last modified (ISO format relative to UTC)
x-cloud-resource-version (string)
The resource version, which is used to avoid update conflicts with concurrent operations
400
(BasicFailedReply) * The realm id is already in use. (code: security_realm.id_conflict) * The selected id is not valid. (code: security_realm.invalid_id) * Order must be greater than zero. (code: security_realm.invalid_order) * Invalid Elasticsearch Security realm type. (code: security_realm.invalid_type) * The realm order is already in use. (code: security_realm.order_conflict) * Advanced YAML format is invalid. (code: security_realm.invalid_yaml) * The SAML IDP metadata endpoint returned an error response code 200 OK. (code: security_realm.saml.invalid_idp_metadata_url) * Invalid certificate bundle URL. (code: security_realm.invalid_bundle_url)
404
(BasicFailedReply) The realm specified by {realm_id} cannot be found. (code: security_realm.not_found)
409
(BasicFailedReply) There is a version conflict. (code: security_realm.version_conflict)
449
(BasicFailedReply) Elevated permissions are required. (code: root.unauthorized.rbac.elevated_permissions_required)
Warning

To perform this operation, you must be authenticated by means of one of the following methods: apiKey, basicAuth.

Request example

curl -XPUT {{hostname}}/api/v1/platform/configuration/security/realms/saml/{realm_id} \
-u $CLOUD_USER:$CLOUD_KEY \
-H 'Content-Type: application/json' \
-d '
{
   "attributes" : {
      "dn" : "string",
      "groups" : "string",
      "mail" : "string",
      "name" : "string",
      "principal" : "string"
   },
   "enabled" : true,
   "encryption_certificate_url" : "string",
   "encryption_certificate_url_password" : "string",
   "force_authn" : true,
   "id" : "string",
   "idp" : {
      "entity_id" : "string",
      "metadata_path" : "string",
      "use_single_logout" : true
   },
   "name" : "string",
   "order" : 0,
   "override_yaml" : "string",
   "role_mappings" : {
      "default_roles" : [
         "string"
      ],
      "rules" : [
         {
            "roles" : [
               "string"
            ],
            "type" : "string",
            "value" : "string"
         }
      ]
   },
   "signing_certificate_url" : "string",
   "signing_certificate_url_password" : "string",
   "signing_saml_messages" : [
      "string"
   ],
   "sp" : {
      "acs" : "string",
      "entity_id" : "string",
      "logout" : "string"
   },
   "ssl_certificate_url" : "string",
   "ssl_certificate_url_truststore_password" : "string",
   "ssl_certificate_url_truststore_type" : "string"
}
'