Skip to content

DOCS-71:Update authentication.adoc #1317

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
Feediver1 merged 4 commits into from
Aug 15, 2025
Merged

DOCS-71:Update authentication.adoc #1317

Changes from 2 commits
Commits
Show all changes
4 commits
Select commit Hold shift + click to select a range
af2533e
DOCS-71:Update authentication.adoc
Feediver1 Aug 15, 2025
222b959
Update modules/manage/partials/authentication.adoc
Feediver1 Aug 15, 2025
f28d7a4
Update modules/manage/partials/authentication.adoc
Feediver1 Aug 15, 2025
71251ab
Apply suggestions from code review
Feediver1 Aug 15, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
6 changes: 6 additions & 0 deletions modules/manage/partials/authentication.adoc
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -1379,6 +1379,8 @@ Before enabling authentication for the HTTP APIs, you must <<sasl,enable SASL au

==== Basic authentication

NOTE: Redpanda Data recommends that you use TLS when enabling HTTP Basic Auth.

Basic authentication provides a method for securing HTTP endpoints. With basic authentication enabled, HTTP user agents, such as web browsers, must provide a username and password when making a request.

To add users to the Redpanda credential store that HTTP basic authentication uses, create users with xref:reference:rpk/rpk-acl/rpk-acl-user-create.adoc[`rpk security user create`].
Expand Down Expand Up @@ -1480,6 +1482,8 @@ rpk cluster config set admin_api_require_auth true
rpk cluster config set http_authentication '["BASIC"]'
----

NOTE: Valid values for the cluster configuration property xref:reference/properties/cluster-properties.adoc#http_authentication[`http_authentication`] (cluster-wide) are `BASIC` and `OIDC`. The value `BASIC` here is different from the per-listener setting `http_basic`, which enables authentication on a listener using the broker property `authentication_method` (see xref:reference/properties/broker-properties.adoc#schema_registry_auth_method[`authentication_method`] for the Schema Registry listener and xref:reference/properties/broker-properties.adoc#http_proxy_auth_method[`authentication_method`] for the HTTP Proxy listener).
Comment thread
Feediver1 marked this conversation as resolved.
Outdated

To enable basic authentication for specific listeners, set xref:reference:properties/broker-properties.adoc#schema_registry_auth_method[`authentication_method`] broker property to `http_basic`. For example, in `redpanda.yaml`, enter:

[,yaml,lines=5+10]
Expand Down Expand Up @@ -1588,6 +1592,8 @@ NOTE: If you enable OIDC authentication for the Admin API, you must also <<creat

To enable OIDC for the HTTP API listeners as well as basic authentication, include OIDC in the `http_authentication` cluster property list:

NOTE: Valid values for the cluster configuration property xref:reference/properties/cluster-properties.adoc#http_authentication[`http_authentication`] are `BASIC` and `OIDC`. Note that the value `BASIC` is different from the `http_basic` value, which enables authentication for the listener using the broker configuration property `authentication_method`.
Comment thread
Feediver1 marked this conversation as resolved.
Outdated

ifdef::env-kubernetes[]
[tabs]
======
Expand Down