From 7edec762ca6eba39ebfc6cea1d22513bec8af32d Mon Sep 17 00:00:00 2001 From: Aleh Zasypkin Date: Fri, 5 Feb 2021 10:39:22 +0100 Subject: [PATCH 1/5] Simply anonymous access & embedding docs. --- docs/user/security/authentication/index.asciidoc | 16 +++------------- 1 file changed, 3 insertions(+), 13 deletions(-) diff --git a/docs/user/security/authentication/index.asciidoc b/docs/user/security/authentication/index.asciidoc index c28f5fd1d923b..dbe53421f46c1 100644 --- a/docs/user/security/authentication/index.asciidoc +++ b/docs/user/security/authentication/index.asciidoc @@ -383,21 +383,11 @@ xpack.security.authc.providers: One of the most popular use cases for anonymous access is when you embed {kib} into other applications and don't want to force your users to log in to view it. If you configured {kib} to use anonymous access as the sole authentication mechanism, you don't need to do anything special while embedding {kib}. -If you have multiple authentication providers enabled, and you want to automatically log in anonymous users when embedding, then you will need to add the `auth_provider_hint=` query string parameter to the {kib} URL that you're embedding. +If you have multiple authentication providers enabled, and you want to automatically log in anonymous users when embedding dashboards or visualizations, then toggle `Public URL` switch presented in the embedding menu. -For example, if you generate the iframe code to embed {kib}, it will look like this: +You can also use `Public URL` switch when you're generating permanent links to dashboards, visualizations or saved searches. -```html - -``` - -To make this iframe leverage anonymous access automatically, you will need to modify a link to {kib} in the `src` iframe attribute to look like this: - -```html - -``` - -Note that `auth_provider_hint` query string parameter goes *before* the hash URL fragment. +NOTE: `Public URL` switch is only available if anonymous access is properly configured and anonymous service account has enough privileges to access what you want to embed or share. [[http-authentication]] ==== HTTP authentication From e2ed50b70c01fb872b59e101de54822acfed74d1 Mon Sep 17 00:00:00 2001 From: Aleh Zasypkin Date: Tue, 16 Feb 2021 14:59:28 +0100 Subject: [PATCH 2/5] Review#1: handle review feedback and add dedicated section for embedding. --- docs/settings/security-settings.asciidoc | 2 +- docs/setup/embedding.asciidoc | 49 ++++++++++++++++++ docs/setup/images/embed-kibana.png | Bin 0 -> 37243 bytes .../security/authentication/index.asciidoc | 8 +-- docs/user/setup.asciidoc | 2 + 5 files changed, 57 insertions(+), 4 deletions(-) create mode 100644 docs/setup/embedding.asciidoc create mode 100644 docs/setup/images/embed-kibana.png diff --git a/docs/settings/security-settings.asciidoc b/docs/settings/security-settings.asciidoc index afcb7bc21b66b..4b64c35a35e5e 100644 --- a/docs/settings/security-settings.asciidoc +++ b/docs/settings/security-settings.asciidoc @@ -264,7 +264,7 @@ You can configure the following settings in the `kibana.yml` file. this to `true` if SSL is configured outside of {kib} (for example, you are routing requests through a load balancer or proxy). -| `xpack.security.sameSiteCookies` {ess-icon} +| [[xpack-security-sameSiteCookies]] `xpack.security.sameSiteCookies` {ess-icon} | Sets the `SameSite` attribute of the session cookie. This allows you to declare whether your cookie should be restricted to a first-party or same-site context. Valid values are `Strict`, `Lax`, `None`. This is *not set* by default, which modern browsers will treat as `Lax`. If you use Kibana embedded in an iframe in modern browsers, you might need to set it to `None`. Setting this value to `None` requires cookies to be sent over a secure connection by setting <>: `true`. diff --git a/docs/setup/embedding.asciidoc b/docs/setup/embedding.asciidoc new file mode 100644 index 0000000000000..2ceed81f13c51 --- /dev/null +++ b/docs/setup/embedding.asciidoc @@ -0,0 +1,49 @@ +[[embedding]] +== Embedding {kib} + +You can embed a {kib} dashboard or visualization using an HTML code snippet generated with the *Copy iFrame code* button in *Share > Embed code* menu in *Dashboard* or *Visualize*. + +NOTE: Embedding of any other part of {kib} is also generally possible, but you may need to craft the proper HTML code manually. + +[role="screenshot"] +image::images/embed-kibana.png[Generate an HTML snippet to embed {kib}, align=center] + +[float] +[[embedding-security]] +=== Configure security + +Embedding through iframes, if used properly, does not directly pose a security risk, but still requires a careful consideration. + +[float] +==== Authentication +If you're embedding {kib} to the website that supports Single Sign-On with SAML, OpenID Connect, Kerberos or PKI it's highly advisable to configure {kib} as a part of this Single Sign-On setup as well. Operating within a single and properly configured security domain would provide you with the most secure and seamless user experience. You can read more at <>. + +If you want anyone to access embedded {kib} skipping the login step, but the Single Sign-On isn't an option for you, consider configuring the <> instead. It is already natively integrated into the embedding workflow for the dashboards and visualizations. + +If you have multiple authentication providers enabled, and you want to automatically log in anonymous users when embedding anything other than dashboards and visualizations, then you will need to add the `auth_provider_hint=` query string parameter to the {kib} URL that you're embedding. + +For example, if you craft the iframe code to embed {kib}, it may look like this: + +```html + +``` + +To make this iframe leverage anonymous access automatically, you will need to modify a link to {kib} in the `src` iframe attribute to look like this: + +```html + +``` + +Note that `auth_provider_hint` query string parameter goes *before* the hash URL fragment. + +[float] +==== Cookies + +Irrespective to the authentication type you're going to use for the embedded {kib} you need to make sure that browsers can transmit session cookies to a {kib} server. The setting you need to be aware of is <>, and to support modern browsers, you might need to set it to `None`: + +[source,yaml] +-- +xpack.security.sameSiteCookies: "None" +-- + +You can find more information about possible values and implications <>. \ No newline at end of file diff --git a/docs/setup/images/embed-kibana.png b/docs/setup/images/embed-kibana.png new file mode 100644 index 0000000000000000000000000000000000000000..f3b0f542361fd31c59eb4d5fcaab03584a2937b8 GIT binary patch literal 37243 zcmagG1yGzpw=D{R5G1$-4U8Wy{ zB=V@ z`H9noMS|Y+LL4=UnHy6P@k{S0W2S{)7J)(Tc|<@xPFI;Fsb63g1A|zP1TO-cfRz7> zM~^bG@5Gce(WwvPO}%8-H+Hub zFFFLK*fh{YBR66%FcH=UN)7B*Fm`X^Fz%g>-|*6OQSS3Oc6~uLOyK4wAn<8kpw`|N zOjx#BrenWxcjwxwWUDEif8(zdq%{6#l5vkf{#8&>VL?$~QQ`YSCPAfR^ZDapY>EvJ zFjYHaqoyx)z&~O};x!A4DMf~K%lQ*wcKap9ccW|zmY`ZTwYzqS(g{KbZh_3%{qcPW zPqsFJ)jx8*K}!6LcWAs;ol?^Z>}S)qRJ z<)*O6C4Z9n=a+)Bwj&MnK^w=1zx47)uU!Pvu;^dCO4cZpcl-K&7pyxv?ywz@izBHb z<|m53>f`Tht&Rh^Mg5c?Sz$MfPS^H;f{6I|Qn!_*vAOx;A^Ih9nn)K+o@nj(INh!h z+?MX2)miZ6PIJeddiWNY$cLgS5&1Ad>?Zkdpwhu&U6hTDHH#z4ezdf#?w-yljpo-m zpy?+51@+sOpA1HHif@!p^n^8AE??EzEqCs7nIjhHl`>HX)R_LQ=)7++qoDG-u|%BZ zHjbhDwd-MzDj)yYQC!|45z~uFB5>~>&#L?Hx8dk~tfIHOkXSCV{FuJ|FFCyo-h{q8 zU|)8Vco~m(9#uNil8Xuhq@~XeT&c{Pv30t%gWs7fFT^3=+)Y-)5PtZ7o?yktSsQKo z$c%=Cm1lnP9j?UMo|E~QUNnCQYai@<|MsLB zq}QYv!0_&QF8c_+LPASPyyiqli?xQwsaoW7%_&Hpu3WtC^DX?FM$kbMN;o%&=f% zg@`uGb^dE>I6&iElkF?vbW$;U8ONkG93u9I@3`G4#E`2}fg122RlhSO=OMq;Ybpi6 z07{_8%gudD{MB=n!xJx*CvQjSYX{YRwtS8+_XsF}mm_-fI-*TD?^ZurP6U@~yCRG= zYhdU3o}#I$s#*?6N=kA(_$!xuZ*YcUC39QGmOBssr`u5)CZ^D+>|RdGF1I3$V!27W z@YB;%gT?E#OE)XA?=zFL)qDcFJGz{><1jbpW6!To?O0PDfAA+0Mu#2S1=4<$OIO-V ze`1Ry&O!wYv&i|YEYO9Ub=TJG!E_O)_`Lq_-nTs53*{o+&o|iyInM*O zOae?0+TTBk4M`!0b))_|KH@c#YV!)eiLaiCH3X_n5GYe_19uOwm8 zT=LtBc(6Ei?%?~LrdsAwu-v4%S6548hE|^^yLQuuL5{VTM{()h^V|=DFIv1g_AuQV z8XV4gr*#(FpEpJ9far3?`&9`m^zv)DdR*%rmS#IUOX>WSE*-+N^Hk+x6apS*JyT|W z7EPrYPd+m#dK17j4Xp$}ecJKnXI_PRY+qx3RUEDvO2@ymeA+QcZk-9U6!rQP&5u@{ z4Cg7zbKJfT2Ug|TiwsuVkRW>oaK1LPBM&;IHyL(eQ_IU~A^5%3Km&pR#A2{*>n*#? zzH?HER&)A3m&kfI$x}D*7Fv1VwafXpz#|851G#nw%Pkjj9NK1K>Jo2?lHs(R_-zjX zO5xv}AdhA~9(m_Z<{I#9Am9r? zqvdKDCUmAO2jZ9nGz4PT{`$gbQP`~DVzX!>9MS}g?D|O1U~)r=Vx~I?(`@ze-uHsv z=gKRd73|kM9;JiX+PSf+;Y3ZQO9#yM{s8`8vwh3Q7x2+~w%Tr34$60oZRRDOu_CP1 z?m`QlEz40pN%#7&i4WyF1wts`epe)VAxRm@d8Djdj#HW<$!DU^76_O~zETGD+qZrc z+Psxci*$LTH-DRSuMR-&?o)GK`X zYvA*~WdS^!f&1Y?z892I6)HRsh52 zVV(QIV}3kKzEqzwY0g3|Y<}#el)Ll9*NXD+z?>ZB7wA5Mx5^Q9aY+Ck*uYI~cTOv=2dk8OfyggW zAoDGTARq__&sm7*w#OdPJBb)c0j`4@g>m1~LNd`*ysch2pX7Hlg$Ru8att3w-VK9V zg6;g`JP(LwQ*7EK`t0C=IEI&+WdkjQxV>k^yKuq1xz9l^=>HqAB_12diTdU;lpVKj zh1r7o2qDfAbOXe$d3u)EB2cxM^OceP_$UBO-CzT6lzzZ=J=2?I5(4$HcZ=ct?B1^6 zBYN@-A9dB+I9)8Ad~gTmrTW)0xmWE1d#tVq+jv2pVecTAJh6%+xO?^;e7i@AA@m4S zEN2w(dxc5vuZqUAKkcQsnRUmearwEkv`8X;O8l`R#jdLc02jl?R}jrRHZ*o~<4+or zTPp5gb6|*niYx_X00_y@#f>>s^lfY!C-PrOkpH6hZXR`hO=##V-}q<$cHpGz ze9VP$#r{9*!JvZcKzA@Yr}#k991_e0O!rXgPg9p8G)YkCYduN(Oj;c$qT+~s!r9`Il?h~k(npCxGTtZHhs*jgC0iPF&JW=l3*y_H?Zd%?~o?~ zei%8}C7qxfYxc8F=Hmm!;m z{~-Q4Q!$g**6gVpcto`@=gv+mvYg^l^09z2JrZt)%K+r=mdjf&k|RYqaP=5F*VI>-%)Z;x<9$637ACkf`p3DV$k4^kGH!lSJE91VE)5lFYyPae7!79d%}6d+%{unP&tOq0XHi~+WYB4raV_3d z@*}+{C90uCjNgm0+y{B~hK$=Cg!Y!PV4B&JakFbt@}x0=#k*qt1^GfJF%!`3Lia^2P{^tBzi z0p>A*h#l4t)mQrNnWgrGcW%Z=zJ1+y8o?ZKg)d73GDazR)clKlF32d+mXOtmHxh;lK#*<#!0K0 zRcTh8U#*F&CB%$f9YL$PRB<4aL7o-e;gOdAIFxmzYL zRL|yb!OS*E)7A&x6Izpo(a94Lr8}k-NU7Ej;HBQ)F^1aSw-q#5CM9E@MHcN-NSe+= z0Vz3dr2i-B*<{)?2+xNWOUv77_Mc(?>A`&X`X_B&qTrewLoH>5Huol;)qCf-LMj`NAnPWuyBcZfHaQWm{BDtb+<8SLHQYnbqlD!Ig7udcZbH#vZOf!7S~#??A7ixX zyKCh}PUx+3Qv$}!!avrJcsST3yzv+XW#JDs@PE7Js8llr;=v0R-!Y8Grh(k2+V0Wr z^JJg-cA^yJpH){ww&^8DDd5p3yORC|(vh;pX12+?P+oii5K3lNBu2({*~m?8zI$o- zHn!gMT6TVswy$|_O|bzctn2dr;)~J`!Tf}C*weL2vT62Wthvi-GJ=ARZ#?d>+=Zm* zpmCA*ZT%$K+o-JMax%LJl+<4WK)0uZ;bYYixr^HpG6WGQX&)O9b;vI*SDe)zQ9CETVKfo?&ys1|3=|}9hrcVn zVr(xk4PEw4Un#@#qg6QPYC-%4Vp1xW>j{zNz8D-&X}N%EjjV)L?qiqiIX!K*Bvj){ z`$wE=;u9ji{7;1T??Ocn-?6CJHnwls_i?-PSn_>P3Xq8Uo%7|$SJ3tVH|_V|>1Md+ z>b?=1)N${QO~b-C6gB~2t}W3_{rwMFJo}{nkn$cLNKcjjLHMa9I-wKuRCUyx+D_D2}KcnZPTh9=E?XR+~p!xwkdZuI9inq7p;fqoTyV*N0-cQ z<1ZBE3I48}m5y;!9{kvdj|;t6{$1m3@z~!krd7)RONZhTh*M(zoas|;Ps-xic#QjY z?rN%>{86Hieq1b_@HKe6sij6OIj|<&cbDY~k=rIyxt>3Y+(e!nrrD4Bk1^I?TPI&* zc|jvryE4@#AZZrAcU;o=L7M5ldjFtnDDun#+c8W2U0JN)Xdg<;rx~wFEi?ARqS3{{ zc?%~_){z{?3q7w07=D_;&QPfZWwB1G<#Ms(-ccWF7{^&(lHk<2D?PQW=~EnP%I5Qd z518csak-M;D|)bmYS;32013syTzV(x#q4u(J?VCIc+Ji#+B@r6rpZ3$rjkHPdv;-OvQ{6& z2gF}`@vJvZTd13}=>s#jU0r>{-|IkLd-bPpi?Np1)~03R4_lQ+;dky$s$z9bU;rAh zt#@JH`8T@J$NRD^n;wqRb1mmJ6h}Q->jnOikEpmBqF`GIG2OW3y3}?1T@aA74E0gE6u|ERCgwn}DG?KRo2Vm%9zf(X2fX|!J< z%Nuh}F)`DeoH%U9`*Z@vT01r|kczaz{#a7rSsL9knaer)g?;e!*(C;Rq5yX zwmpq7+4gipU`-l`Gb9$7R%|>=wE}&ErCPhF%6UvLmFX?-;G%xC$V8Zyv87i(`zH*q zZdP~RuH0^OQ%9Y}on!WDg~B`sA^b4ki; z2Hcsm%O@;AE|Z1I{CZs%+{>0y7Sn`y?7jl}5^F-R;xcXfE}%k`zi~*{Btti?f&k!_ zsn=Q0B`h=v{urui5fg|D5$y9YZlG_(_8y&DKtV!4b1Z}24IArY`55=`x!~{fb~lDd z4_tM<-=}pn*Qb36cuTY~NP^r#$&2gbcxzo{!b7Widav35_C=hrH1}0Idh;uPvI?(q zhIr?!4mUm$lh8`9crxFO9GF;*a*_tme-V2s~X7utdCE;N?+w39EJPpGLM^$ z_z3JTw;Lq_-Iw)RwSM@6$Gp+GU>ew(eLHIyUO4 z24sA+5W4809r0;YHwb**YNR+OA-T5XQ+Z$iIHI{U%}4~+8%z&K=(}}YoT@v{e71x~ zp7}f4VJHk->p?<712hfG1~vip=)M_16p1%a^YX4{)U%l(jG?oY{|O^lNXeXy%9{ zSYrJ0VyRhky-`hDHE!aC21x#Q_V;U*$%tTx@QpcKjF~_CgEISHLIM@B^6G#FCDpP0 zi3rxH(~-~f?v|jBM-nd!d8>~|cjL&@Ku77!?HtR&a9SiCnJ zt@lQY6v6LH!$=x|)V!@}z7OG~O?Iws`ih-eP<0kVrq+Pz%(sNo5gM)5l0xlqGtjn@ zCUT|2*?yqAq2bJ>8!>F4c1;PFlu}XC4cUYCAt^L~!3vllvAKCmn5WU0Hl2Ha0d0En zrTcE>klw_rW)VC*e6&VfISzK^Pt9)T70w5z!>_3olBt`T2h#+To`YDam`@WbhS*9Uz{_{pi zCv1f994qjLCmYF6*uz?#P#rRFL6MZv53Fe&H)R!c>hqvtf2>#16ar~%?y2>;pYj-d3)`-~LYgTQ}NKf!ZTz5RT#s5bUt?!}g zP-Z`rEkH)HdTH`~uC;{u{-M&eNKI;MO?nMWfyYAgp-!R|>qSSRBB=I6%P9b-k(m~o zg&4Y|9~keESjmcZq7!@jE_LcDH~m@$1RA`{&-?SP8~GZG*7D8C#v8;rtm|@)cX)2%E*T1L7fMThkVT)w-FK9X7oivBMVrXI1)^QwNzCY2>*<*(X{4*h@w{e@!-2Jrs4uJKptJ%|_ofrOgh?x#;Y^Ucc(I8xo;QWwrR5j2D$b zjbpi7l8Phu$l}vRcxLw;w_i5Qxe$obCCGXuf)7SONnWLnqVR5MS*+p_K z38m*w$vi@h#dNQk`%zQ)8<7qE>*M8wZ6^$LfxbZ+{amHi-mmB-N_|SpnpF_3Eh%63}Xt`4i z624nS?scwzxAgq{<;uC3vGlmb)+K|_J+yMOmutJ#mC9ZJ`}a88K>9dVH9Ey4!eaHw z1_zoHQ)Z3Q5&H~Uxtq1!U1<}O_r&bF8@`hw9sT_w>)nBxgM9q_U+QeMQjS_$TWu*l zJv=gJ$xyMe&7pNiHmj8}Nf|y8Pd?rg!pDzDuiQOO?Tw6$O9z$G1&061#_+q`BXfzu z$C~bcCP-DfUl2hzZ*Gv)pIYKY>+Cl3L4$=_*|(pkb2TfCVj0$rtA~2#`MYQ3?q@9+ zEUP4BV@Q(evK7xIJ-nCqUp-_CI-CQ~(Eh6BkJ@ki?SBoMF9%ckEY_s^KHkQ3DrGFB%@6_?_XDDsz|%n=W7Xkg|w` zDuH^5W>1^<9iryd4mq_xc^<14!ccTWbR<(h{((^mUN+6F zW(j?8|}Q`$zAPL0u`H^ca3*Fi z`p<+@tJ%+sa?kkHsqAq%mhy_e67+n{33hR@z4qwKxtwsrF2hd731*RV6a8^mlgD*H z*MG!@ujuayb9@r{NXY#4?Uk;-u+Y+E?EYjkF`%FQ28ovL{6&+Oul8+UVR?A$gTUq+ zR6kRCme8J^p#jG8^Cd?6HXw0&iFoGK{>siq%0+r%Q|I)7l&jQQB7jzDJdHlZXY*cionL1eamw#f7YjH;(eZIaB*>O z;P8nm)39IN%?>oZts*FX=IJC-n{=#N4;SC`s00_jS{V2uv}v~lOpBJ& ziio6R5VLbQPFcUFrBy993xC}$DCms)&U*kUTj^iTcY4;7rRd`uJJ#vN-3Qos3+Zke z-kSFv=8J!EL~grf$_u|P%5;l~^u0v56dQfKJu5w7>02kB=1rs9%<7fSi!KTwbY(iN z=wi8YgoWz0=;kA-h-;TgTs5|<{btR7KBw=@n+IxBMS3{bINN;G+_}CpxP3akVolmf z^k_|IHybrM9W%dyp7>gf7ljYs0?~Sm&wWe2y{#4g5LxwjN93De_*8IxK*k-w0 zI-JeUvhK%)-nach+%_tro5TwD(zydT(9Ju*$5qYp-<(^|q%L8dI_-`u3SD2yJP~#2 z3b=OlZ0j;RsW5yX6-f~eYJY+!%+0-F0+sx$F#P<6)9rU{ zY8Hdn#g$ImgB=Q|Hat$BR!+ZbnItO5UorInG#FRLHk?_*}}iH&QW%#Fdw}ftp=0q)#S4DygbR&M-0{|_W&BNdSC1$0C z<;Y8*Mp2oNas#DRYX4_xm8_d+j?EQ#@GU;Igq;k%{QoYv`v24%hYYn)Q~6x8GmGB_ zFvJo-NVqF$TQI(V`<{#5gf1TZ!tqk#YcKQ1@Go`|3~~#VKb{|@y7zw6qOc?D`^V^n zIh2NVv%OZY@_69^$j(h{BV#F7pS9nQqC$%zbWO8p4G<6vIaf?Z{l>t zXIZ#4zkxUTDq7t(XV31tRh-#=Ahk{S=Y2K-TYDJ?qhfwxaAHSdx&<82zn@bP!Unu|C zQRh7Z+Q!v8A1snzDDb&-3T)yPnD$Ch(fgo!Q?k~)EZ#jCxuHIKYGB2dQYjo99sYJ2 z{52Q@@ID9WW&bMken!O<)U?3WMM%MoIe9w(ssD*NG%(B3f^-i=(e$eq0gd`m?Uz(* z?X)fT!T2BPa*Z)4gk)t+DR~)K-3~}7R_n-lu3GHZ<@ZT8G0M*PfGi#Mf7!_YLp=U} zmD>GJJKv0|b${Y~;8lUK%aOu(F~ZYZF02Uo(U@6mnrrpJ)EH;czss@Z=sNR5p3Q5y zHYx$~2GWr80V$qTRPVjpoI~TQb+W`E(zyJ?wKV-vvqoK5`L&w$Z3ect4z;6yfGaK_ z!pI9%A2Jl>aa1|;C&$5zcIv`};8%~_Y7K-0pvlB0IQin}O8;3M@ZIoW$Em>m(&SR$ z=eOJ?MvWzYj@YS6q zU-o5Mf$^b#Gu!sudnzA;gSj{w91zI#>=a&t&EIWC?_F-|MSl&alA6i~#C;ETzJEUj zD`y_O?nXb-Iiu&8Q-~7XdxryaMmW9P=stXnZhY+b?U$8qIvRB3wENKj>H;kJSgsk` z4tCLSX#sK|tFZXPM0$yDA;+;2$}Ou2^Jb*5&)}jLPKUg_T zZF)95w;Q^M>?&j866Cn(QU>0Hr?NpuX|1_Y30n)kVS!<))HMLv6f5hI3&{J!9zj_^pBD7~+<4oq z62w14xja<4<~hFtR&SbR>IZ0Aq|=M26yW()WnsL9mw@msYZmUz&eJt-v50jJgAANH z%P3Sq9ukL`a)l`7pUjvq_lL09B+TBogdtGzzCtLI{)?nim&gT(_nVsb1lbxHe}`2^ zr?)DsANTcVjsU4yr=1M!tuxev>X(vD=@;-mZf(oE4L)c|S0ZYxt2aD5+@u?_wTUFr zLw~lQOt0n6fb1&m@0=mKQ{z27KkuskCF00t%5Vx=rMr75Qz)pZ7jyG|`u3(PO_OaY zBv(#WBean(XP&2e_K(&}b~;xyljE{MmYX}$$MlGn)mElaZuXe$+mI(7w3Bz4TJG$C zAmr7$i>}Oj-q-UeH#sAmI;@7I07@6DC0TC8+>AKAAz+p&7v%P66qGun)5?=Z$y>Inkm zhs;jtW|I0H0%f1pjCnz}=Sqg6+op+Db=el(aD_#$2%1?M_)aMuEc;}?CYn8YgzByz|>RS^8)W*owx2TqXMv4fMsN6SUxNy;}E92TD5K4XhtYM@m z1@2g^_UN**&hEFT?W%tjFPniI-gxkF*2p4^)-rSh)h3ltuZH2ULJizjH2xH+C|*m!VxPx*E^Q4cMjNFCar8$P;($L@5R< za&rM{TRau&`ol43U#pLI(7W8N4iR&}jniryjjmKwKI1kwaiP?z$yAz~S#fls?U$B! zH1AAm9{Ax457hjstaG~AVdiXVei;^=XKI1JHyqTSF?xB)ad zy+)xBkc?Ey&z#&BLri~u>9G@K$EE9a&K9BV@>BJs^v6)0iS4K4I0{Iig89qhhUs*sjkJ5 zo|K^g2|66}0r)R|Lk>D4e9*lxg~LG4oewJYdAgTfo$(nR7a$W*GBv3Er9Gi}#JvV; zxP2$i>(q+!aPgA-_|q&qBlIJ8{6$9`*tmN=$kgclBRZnX6ujR3UdXithg&JFXaF@( z`{KA=N-}PXg<}Pm&2lK-uECp~<1pg)<_;~g+ivy*{zOz+E`EZ88HM0#-PC>si?1(y zD3#o`Y=P3XC_8*X6B1DL^_EF?#)N(3aaYAn^N`N5s8u+#DI?V_^kg>n$%Qvj;oMT>|uXT9@ zOT>_!E5Eg5Wp5Lz%PgjrXnTGp0U>x%*YV!t@`1=TuQM$)%R%UU^5$%|?QKW)#_)}M z4r`mqzN31{w{EDh6s~6Dy974<_3F`GToU)l*}e#m0CP1rpp;uU#dmR_3*7dvVkj_N zTeHpR^|Oz4@OjyoZGIz3hX8zCVnc`@;?@+R(l z`-&smVs4DHzo*k*`o>|~D!yEEc=kf1ds*20!UX-SB4;rNmCsd>XSizK+v-D;?aKjA zZ8N=$iBfd6ro6OE>Q>uH<1w<};NTjqnH&eCwq!wkKMZ2FGtHDTfEo*<&mjG~dDL_^ z698*)J$d{E?WE>Sycv1g8#`lMsPT>NR}*a}^Nts1Iv1 z>36+oaA8d>-|@9x7UAHC0-kybH>avHogDpIjQ6iVW3>Y1GQYa*J>M3}Dtpo>_Ns4p z9P{jrU4P`vk^e~A?o8<-%eN0fg(r#z7hr9zdLMiQSy|Z@&Ra!@0L7}eU;@9s*AN_o z*xmdbg3#M?&AHjvDwnqKasFZ#EHvL5=G-n?rWvl!sGokgLQ;VYZ!KWpRx~~x+eLI+ zhvNdt<{30_wd%?P{j4BoaZ7YdHPGJmWF}-H_W{1%m+?mU+LoMx0^oFBJ;8=>Qd3#F zF+M78)@tZ=G`n#ipkN*jhQ^7~Q)wHn-?Q68ARQJp3Uo`g^3pTlIUC`?qM~13@TUTm zHgbgWUmoeJ^~VOY$G$)%J(=B7i{!FEErS{zf?xU0$luP+&ZgGlV&=`>2=V+$)iN8B zCRga+abxm2Cc53FS%a) zWRP^n?FpYRvbd1rAGMKW6(}%yn!brrYia0tASP5x*#tdm76|Bm9e8Z<<8*}z^CtWu z{8>r4#U{XXN(U*Ic=A)z()K1Ak*14YPWY~I1q7K3r+6yZuyjkeDD+2*)PP}p$`Fh0 zTzL(E)@%5Zfojg_=0&g>b5XmQ#G7z zdT{>z*3mw4Js@^iEndPfad2^E7qOJ{EJ3|JJ=qMQinEeZBdJ&$>U*|3UXL6A#g(br zeJdd$mB;9MbIJjQ0mh#yj4!b*M~K(}fujQ~?&aZloTVE5*}%VDxaAeQ7A0AxoPp^` zs<5=e;RAjR5PcdPHi^ixb~D+BcJyDuVwP2;^^gA1MS}ts+xWtmA{2br+~&7^4(Zp4NK9wQUw3&6_%# z?Z>}dQ}GSO70)K}Jm9CMrdd8{Vj$2dCw0o!S1NON#DqFEVBlWwsO7X1>Mb! z8^8jR=rno#EBxLyh(knOrTTSD>UCUdjUWz`Mr&JSfIbFq{Cg^H#NQOUue#Zkn&wq7I z`+h5LSSA|jRV0q%rjHvt5Xn7ZS=%PLZVZg>nME+CPm>k!$4>)inZJW<5gzk}-qZlp zOZ*98NqL27+K<5PWdg-dYM`%*pQncshe`9^)tg1TRa&xW;+;4JQZ^Y%c zP$BmF929Xr+|{$xOgwyFzV(hG$_ZfF9H2_Cu||N(0jW!mm)RqJVPUwURLT$!3XfLG zv@B^=ZfGOL=hBWZFLj*nPCu-dS~0HMlAz=l#h)t4eUar(3Jwe3)q`BKMZ2rWx=I`2 z4O#YDvisJ3-;S?nf8}uOa`>R#Me2+kZ*OSS$7I<0 zYgyRU><49`j8;-bJ$2l0)YM7#^q6HkinkjSpt;@h?r&|WzBYl4;7z?7CAk!k^8lzX zC|YFjpMd)9z|V!!U;7E;U55G#@>}Y;lmdgEI0Q%_@!kZd+!k?6Ach)UI&p$nqja{v zf9V%4gYvx&5>D%!l%#|Sy>w1pKAP#?Ag+{2G2Ju}xY=V+PneHEKhP#|STluY&80TP z+QqyR%V)T8=UYEI5Ytq6r+T*Y`UGn)b9VhWr*Cl@(OAH^=_k(5NUIr@D<*;E2Q76V zRN`do1!V-OHNiHC#OHVwUrM?@QA+-Y0Q^^2l)SS+0bgPX!1)Q#vX(plp6@dRi?eMn z;6j~gWuC7%=>88^99|Q$`~bA}MrY<&z!HPQ!;m_9=1H)zUA?^JHxk49@qzwQ00Jq? zl2oJor4#)jmQP#T*Af*QV535jC5$_;t8_FI@-FC2EOIlzc+@>HO|R@UNCWsIj#0Mm0m~H_;h9U*C3} z`PuD3jeTBw{B)u3}-Ds?%4RSKWsB!Q%lnBVK*8l)?1HUy} z*zozSSKc=|n*c~^YIO=?@!PWxO(7amBBS^e3kZO+rKO{*3%5JN#@0R(FV|m9hdZVM z$G;vaKT-RawiXdH0!*?QB$n#&rv}H50N1_)b?59!uAp6}b5WXn3*3n_($nK#sY^^C z21Jzk0|DR~nS_MI0*m!T1ET(Lnx(hb-k7SMo8{}s+I_iM`nzg_bv$TO8&Y8P?XEM= zqH@|b?ulX=qL|x_?n*je9M4hHWTQ2eNZJ)GM&nKN_plCAXHP!)?dqCkl~z{(yAqis16t803Q_jWAZSjo)&&0!cXnRv`X6 z((Q+fO&H_$N#Bp3@|qR)Xu02|(qg!o4Cu%tVvL=Dd2o#(4Ro$XbIE z($dwJcZ6Qt#^~~GDM3HF_A0^oi;=#Yy{vj94|GS1q9a9wt7pB?@+vnV5i5P{Y4X`B z29GtUBKh3-Ac9*SnYcvnqDvQDCT=T9GHM$DpUAwHTtdQW~t$NnQL;<+1)ojrxgKfDM zUN|dIto9n(44Fqye`+_Zv0h9@c=~d=zwBS8E3lBdrl7!mHj`pppj(VW$Q*0FFeR(g zN;Cv4@x&o``k)qaJoWt(((Ri5Kx8~?^7(n#Xw~EF@XQtF!R&SqP)7^kaKLMSM4Bn| zbT3l?bi}wp(*D2B&fre__IgKPv4w;)%dgHl5WU~Xu_$cyd&x8;X z5^{gKsf?V~+;Ii%Ocn5s*Hd;z%2Y@~C<0+VW1{ED*)G;x;UfQcEx_Ye2$t;_^eR=@ zGlE&8d_3H8?c1%Yyq$rI9;SK!ce01+#`ieR^`9!{fcARl91pnLCh# z09UQ0p~gToX3Aa2udc=ij;6J)9{CxcU4myLojZ%Md9*EdPMWvr9Ut#(YLmRk<5}dk z`zl(UfbW;-L~Ijrb=lE2BXVk|EBGye*G6;Hg z)b73!%5LU!+vcp>+EkmES|ms0OtIetbq`z+r_%8xWBs_2clmGxF!NFL+KkgwUOSVZd)Nf;@r_misw4?B2_mf$5 zQcArzq&5#_k;e#b~%v#3P z{SX&&5y#Zkr@8N8#azx-v&e5N9BJ8fS`;|g+3)4y>-q!Oyc!yIK`WIt4a~9hjQvCX zYWbyip&=pbOYlqWtk5i#Mn_sKN+F}_`;N};ucdevYEOVfZkxW_Bd<}Q!)O~O0`xeN z)^1Un0i;ZTdJLSlhy`DAIbUH@)Xwh!$oEjxe(oFnTSZ?F1A(i^&595fXeY#;Z)D|17Jpl^mD|FQ8+0AAV@bsjyr1hGk}T{%je#JGu+)*RJXyzxKY)l494+LFo*85-kq(!0}e+8Rk29| zf;90EJlY1xJ|0jf^+#uZf+XU9vG&$cRd#K^D1v|j0!sHor!*p6QqtYs-JQ}BqS7sm zq;z*nmvonOFJb}fOrCe|bG|e7IAeTg?CoC;Slnx^`=0ZPUtII{UD}9li)%_x$Org) z1jX;cd?kzNvVIQmsCaM9Mwf1v+DO7;W4RUF4~Ag^eAs~?2{;M7Pv&0r#|ZpFvN)OT zm&OU*TWUmrVh|U&^h5rbAq9VGbP+V$DdlN-f9?jC%4OHne9~g|mSerFa`?`c8I&Yg z8S?#6W3e4S#%^Y>!KRmzk}^DQ30-P&i$cNqeQ|5S0W9f}wX&7Qy`JtjhBUJ2AGccR zQaSBA4z)PO52os@J|;nS4;ndA9(rf*8;rT^?aN&c7QQ9vdm=pz4cPI!rLPu(MN+S_ z6oN{iqV+t-O}C{m92skca7g2#eY@k6nD6PMX~$%Lt5G+u|MF>?ThHL9V96I~r60Pt zO#VkZQg#pur&u%0hb~@)Y)}A=jVq*9mLh1j$f%N<0Sy@92>Yj^V(X&Rlsu}04{@Ji z7AI}FxkY!ZUji)5tJ7>zLa4rm$p8IOq`KD{sf>t?N~f0Rf%?MTTj^^~;Kw)yz31O% zMZYn;cn%+e`_D^J_`T+f$I8L3?{Ggm`c`+-iQN}6_+%i1hoE;dHra@1A`r`u%pYXZ ztG{|L{jmx&D_IH%-e$|iHw=Ejt$1A&5GL=RCzNarC1H?}k;yVM^jz5R&7Ax>MIrir>OpVgC^}McB_$(M4 z_U0PVPZwb*HiqgJ7yq94%8CN@*|g@&wu*eXV6a$e3@m1_OpSbv&?YG8>Ag*U*Y^sz zs1I1FN}HRJ#iMZgw~RY_djku84$9GN*wY3nIQ>0+oyu*Kz6m|Qyfi%XZ~-_N2NvyE zP5pKf1Hp%+(WC8XojmET#XoI8b_1 z3&_#H#Kpo|Wv;B%Ea!fViY;0k?54^nM!5pb0wOlzxSho+Amy!i)uV8tW-2X$3yO|W0 z?uF)9c^E_`a@dhOqXK2bZ`{f6)1q7I&T+s-{r=w>GLE88&BuDkzfAbce~E3Ze|rqt ze{IzA|Jtb2|Fu#7AN_+-L;#S;baqiE^PL@rtisumNoxO=CZp1y!9Rc8d+!R*PYnHLOdnWO^H zHv|MJ<^&#@p+d7wZ;$xgk^W(3{_+eVToJrUYQ1kJhs7wbtoW!tM-l58~d)ySVs ztc~{3(;~)yoFz8P8}9=A)qaPB>FCUl@hQVje)^e#;J5mgV4(g-1jr zqdB*Yb|U%0$>GfkjP2RuvyhPVIt5sb8xbChZk|rP2FV|el<1`vuPH&l?cZvV*l*DS zD=K2e2*}CFA+xs^yU2zUUANDl-yj%DSFIgoa6>U9B4Dgm7mu+Z*i!mH4$X$=&X_cB z-ukWXkCiX`D3@t~#P-g1X_$MJ$#~$`w+~BBO4VvZxc9XVLMLrPiH#R+=0KNwG(^a4 z9pSOkBAdY*oGS@ihn^%Uwi~HD-r2y!cm&BG8L3)eCIB6jhSjecU!{@}z}9J}%XHFW zh3@{D@!k}~7hCTNy#b{iTT_E#nKcfyiaZ#3yxfi`k@?}1TFLBWy@CR?s>SQ#bh&;N z6Wj^dvtX@ia}uCe&DN@>!PveDxv5Ze)te=AqfYN!c9=S{>V;@O`@TD$NU!O}s9u8O zs)Hv`qSjxmBlWTB``2VCTUlZyZj&O_%1bc;T=JgH&GB!BE&Rg`DSF@|7_t@>MTQkK z0HeWw2~a4-#XsmG)1SyTj{np9@SG|`mqL*I6Ofs?Fw!K3goHrLZGf-`}lY&p$a~J;XVE;i zMtQv*v?7`~<4(znp2qjx7f`%dc!I4y9Czw&9GPQSsa>gAYMGk2ek3PB`SRsUO*ay` z*6XBS+FT{o?pMZe<@&D*!N43Kv!xLfyoDQ}RS3h|$bS0crt(~!>c<(M~;*lZ4vI5YM4zUaR0;zJV9c-~P4K3->YgX!;=NYV$Lbey{PPR(4R1UXeV3zRa)t~^o8oDQ<{DA%qHBp|K@0_p1 z49FrU96B6T)wa_r+70_I$9Qm@Q$1E;14gZT9OhHi{Wi8xtGCPgJ}K*z{g`i@cQUuj zADk#z+NZzC9cWAWSjBN+|Xjc8YWHdH#eIk_Ot4<`(MVd76Wb#aAWl&BsVKxo$PZFxjf$Yx|S{G z&cd}l_^0@JAK#0AkX#-9S-d=(*$UmeRKDg+8iC&Ftav&2)*Z8;(hkk5_mKr0lY>x% z(HEWLS(y{hsFNBiT&)!h1BGg>)e99Wj_(`n z<62vMS5^SPgX2-1@-cy7@|TDnI>{Yhlq5?}?l;C%Iq#M;hEJcKLH4{Z@Ft4QRQLr1 zNR7&rZI+5i)rwWUr)LJ-!Fp3HaHWryz=O8j`?o!Rj=lEbls*#oEt+tnvl($6qedO4 zki(+WnDdFP3O7C)(7SRTL2knaEvW4J$4g<*8B9DrGqawT(Q^`(-0aco6aA%7FT!*f$VHE zlkCl{Bf^#IHvYa$F{rdS@&Eq)J19a?awX6x6i8XnN$=7ygi@tOEJ`Y^hQ?~F=i@&; zKu@Rs91Ul*NBsK5h|PfCahi?bxs$TE4w-F3K*Q(%9uXmxS)`c>64AFE@hZe9+^HIA zG5%J5&q^0=kZvp5R?>KDv&@ElD375?R8&;wGfNJ0Ew>i-y*gd~Ed(KHvV$3VHYjo*KO4>G&$>Nf0eW$COGfjr1*-H!`6MjTacAV_CVr zjn2dmyYHt8M$PZTPlW!${#F*|7M8T~)6)+c@shKV`?T>=9W4D6I9jN4PcAgiCl?~B zpnvggnK)Gr9p)E5@6u*;H?1(=;zSKzVLq}D19uNSaa-9JipG7LdO9?Akj%bE*#`9| zAbR)syyG0l=JfpBcsZ5&zQzitshq>&7~W?-dv{c&)KkfSp(gT~!?pR?%7d?<6EC=@ z#=9&;`244Dk>!8BV?nnDRbJg6fgqE^e6;bTbL;Hfc&IM{g!UZ7YBDep zul=DdYO_BW6s|1um3AaCL^CFb4GJWGc)Tz1SKp>~$Cf00jgRkXsla>Y$i*K73i^q* z<%|0!KLL{!lF_Q|60(LdY$J{GJfG!$tvzLG9{&xhdSm0m3ub*3N~S{;vyVwNV|Zs;XrGA# zL&HFnYw+eGb~tGPq?0uZUu+WI(E@)sm@ydH^;=EoTzMCr|H748RV`n;_IIgn+lwsU z6^Na_Up|MvekRzfHD1{`U?Z7AiN=44khCSUy%sVc>*}Tiv%nmSxI3aq7HI0l`Y^84B9e_GrlPM9+fhg;1;DqJy`Ac)K z*4GaXx|1uj9CvK#`eTtf?noA6_~_+m;B@LAyPB@j8a>b6tg<|QTJ>KQ??<<*YVb(= zLbC8H07l-H&XqMjegQiAh)-e?mHyp{u672M#yq28nVaD_HZM_|yEI&I9Vu>9>!#%* z($~gql?z;@R|o{+L!%N;SCV6kG_#3Yz1?#~Z>w}0eG>q*Hc@Kk1HHqI3hfF-fj{jh zYfj+^cnv^aP$cE*lxdc!Lz^VxHtiMx$@>)N&@b-qeMt%gmX?ny^yCU$v&7AMZZGgs z_^(jqL(@Ckh5gTWuWMJGlDiIf%meH=o8}H)zb2K=-r7`njsJI!?9N|zSyrp4F$Uh# z+uQl}w;IaI#BmlWz*N9(*RpS9#YY=Xhwx-6q>mmfLpO{avz2na0Yltx)LIX{GM(AK z^1a_P1>tOX>oeJF)f`RSYkQR<#eb^XlY6H3sKy$tglp++B&G<%m zXH;hZuX<-)PP%OpXP(S)XdIuo|9iHXSss0F-6I&z2VxL($hA(y?`n=tG^O_ z@RThUWx{35T_qW7z>rX>mzRS}WY+0r;X7V_#Tei(G@2=}%gVyf4-be=*@Dt=ZEv|$ z_Bi9-NLH^6NwCxgRmksau995s4i0v^h5Ca@cJvy)wvn>WljrkrcdTZu#nIZionJ{` zcc>;+=w`eAR7N)wkOC>e$HPv6Yqg)2EX$7_(zbYack})-w=HW-(5Z!_9W2?yxw=uK zl`3ijK3R<-#V?Hpax&E|czktoS7pGg&@aRcR=Z^LyRrNde^GvG^br~m@kQ#nS2iS6 zv6-2f(aFafoDd*KLIa6ebw-t%fQRT?%Rc$#+e^5JY@h@R#2*K|-t`9f+w=NJ1`o_y=G=DR#R4lc84Qe!W zai!D2-I2?mS!`zeNl)uT7mXRfdEx4B({g}!OOU8PkDh~o`;p^gB7;aSk{gfb-vI#+ z-CS>+Fm$i9SizJYz`2~VCO{=`H!9btr!4A!*&LQ}@)tXPZH$Kd-$8B zZ}BI^X5Cc90ktYCK?&LxDlI0>vL>;q*c>|aV1=K>K_XME_?(<-;&S@TpoG0pylf`& zbjco6Y5T`vg&!0ITvKLC5AT*U<_cjmrkeB{PvT#U?Xvsi?K2rDUnz z(R?XNV^b~Ghe=cTcd6{6&~9#FPJj=?LP$OP@e z4c0iVBgpe;DyZQ?rUt~^jD z(QAZtm)k}lCRs1-}a?5oW+oYBH1!hWUd`w{oclffpQ19zuYR-5~gfy9@` zz`Ivjxn4t%r%FwSjSUVo(b@73iKW`DUkctXoSicY+*lp3a5~Jdtbh7rWTa7~olB0# zqW^n88+AP%d}Uqtt?S_54gL>E8r_thJA1TKx{sGC3eNW*98-sm%_}wk3OPPMJ~qc? zPVU{3CUe>7k?xCuEw#x5&ZpTO)_c#xk<8-<4}?TiH184-kkJ=s=bMi3o{G94M1-kY z19E2~t9MS$^K7=@eIg>iAazU)ag1z(+`JSKDL>oxxKx|e(?hl5W0CB)f@~r=QLqd+ zuhr+a7I&Z@?xD@9_sc-KIyk+682r?|rH8AtgC?k#rRLjYiEc@}S=sp1!f%&NLV^?1 zJfCju<$5UxGzwE{e?DW;z61;9E=HSgcoxhKTz?JO;|nJGp*1Dp%lgOxN{_T5jdEv- z8*CNYfbSDxuPJ7MKL;b8+kx~Pdh5KlwpwGU4;N@Qq@e@|*Qc-Jhm5XNC;QU}&rzd! zSS5ks{LzO}xol_mpu5opZ;~m;yY@E-h@TL`dAtwbgGr2?i+m0RvC=OrXzjqK1Op|^ zh6;cjFS()NJsha@3Etfc_%Gk`HM<|xUSB~@PuK3Qh|m`eT3n$y#-N}INf(R)7{qg= z8!Y^_*zjh)bqz{KC#OaW5>B~X>D;@gQL9-2D01z7k!B^ah1eKq4r@a~ z_0~&xP~X4y{jD!Qk~(vGHrW5yqu&WUa#7LI)5p2kly@c&goE)?Ey{OxE5GN*U8YNP z7`yu!KiE^OA8ldVT6BWcH*#9{p9)~F>F?go&hMr9DbHeM@dDY0?`;oZ8^*4kV`E7j z9dJ-@aTGk`p3_ght!sQuu6}WI4Vr|1Dr^kwS@Ca-`#vl!>F&*VusU2G#sawfu$7&zJAy#1s za6xRw)A+zP$@T0RBD)*$o>{H7SKEO>~l%eM8;RY4bR_QK(44 zk;RrpAe0spzj~SbtDU=C0xPxPM=`KJ4Is)`6wskW78`OBzC=OU0EXcZvRK*KufIV1 z4bmp?1;=k0gbf!dwW74!uYUb$$FZ@|D`WfMg$*y^1?yqbj>%lDr^Q=IeTCj*F5 za4K&a1oy39oM{4I8=|V3xRNWjT4gM{rHz}1 z>n^{znqoq~P(vuD6#$f}!Jn#NyHaoG?6v-BZf(Qt@&e(Uoj#jsp6SCe&BN2|@c$m} zJ2}Re6rmusw$yk5DhavS4%K6G?nrF<`;ONyLNQ}$pR9KPU80nXRbplRNAFWQJJsR0 zT$o~|sMkwJ^7OBqXXT|`f5QBPEP);qbKd`3K8iv>qkAVdXn|#5A^O$YLXhq53EQU8XE8j_ar;pV<(cI z?)}j(?%J0bhuowqh`4j$ESHN@9)4b6xWGUK`Sd}nF7|TgmDD#2?B?oE{xP(vOXl(s zd_ey4Lw(u2<^ChaX!#32AE(onYNwVKX38*T{!`llFv|o zeZepwf2MXJ8h#|gGskbua0b2K}$HMBcYGnn#J%j*z;#Y*)!1#BcB8** z^;$qk2!u104n$;R067j|3m8Q+m(Ti|;ShtV1@8V)*TKhbT1>sMnn6dxA+GT>RB;qbp;F>Q>waX zbp>y7ClG_zAIk!0;>wV}bQ%I_v0c4yuQlL-WRv8N0Ipc5KC%yn`eu*~=2ETvPc6W# zU6n)O0WV0Bd5-Hro<6%HiPs+@4k_$bDEgP?X+RWZO_8-+IJ!WLn|M-aG?iodvWJ|J z$vxG(^GUQ+REmX=Y98hK{|Xajg7ksxhXPt?o~i)ys*hbd{4}n8F(h(7l||59K$A$k zXtFDRWHnn?+s&^=DngYW!kHE!DX)b65h>vbs0EAgNC?FLqU*h`#kVJpd-r zDrC6N8TPpl^g0p?bj1<^aeW^}+3g8SXy@uZ1L5O}= zZg$Qqx5X+5`p=&|wQ9)1pqZX)hhZ9wrYcze^#U5xo(}R{&2}T1y2Ga}GD0IS{|r3r zM&E4)L<9u(8oLi4sLZQ%zUciLjwp~L{0=}6An3gqv`~40c4~1sAo2vb*2N2XZyEMQ zL*p~}0xT~260jMt2M$?i*xc@Haar^}g@^M2t#H1_nEiZ}5V><|&gw~?k$Y3NE{&ucf1u#Y%07ESWFQ3-Pm?}HRF zd)kGc`TBwB8mu$hj2d)$#n|@c<(8@5V`*UQG0*OQAI9h75LZ%EMa-R$QdGp$sL-dr z_cUz^3*kyzeu07lgdsUpF!mSZ>ER*uSW|8!YD(j(IAB=>2Ea+jQ-_pHy;oCFrlA2Ut|1dFRQVjtEh+Ng*kmZQN<7uIrqv>{x>@d-YLmI&Lxu&P!cf)J}Lfzk4Y1S7>aS*xe)xew3vh56W{YS{$q%$R~sJp!xa zDV_OnIzmT;l1Va$he*MGoIZeFKy@z*J-(^7hYR!zP}U&+kUz2*%vxm`IZCay9lNQ_1p;B`rhU*E zvHmCN-ytx|uk8H{(!Xc_g_J#O?6n^UTW0PDBm{;(esEzS@~3ByR?If5$G4ojsN~LJ zoN4bXYqWXKoAMv7-%|tkuD*dQot~N52W>g(i3x6y>d0ryABJ=u!Y8V(q9A6Hv80DIo+AP+8tom%0?;HWj zj6S4Mp*0qj(X3Qr&%xV1odM#qYtcmwLG|9lAH$~?vhY26c$|sy*MYWUX*s3YWUZPQ zU#p+I=LGHeP6f8L)>{Nk{HFK66QLc){AAPE(zu)3yUwXs6#?+G;_ZW<#A5Kw5X!=r zB6z_FXuHt`wJ5KjGLkEPFiJo-9W7P>&VppIy<%tq zsVX^(Kfx)J*D@Lg+HuYAh9m&|7MN$4L$V+w27YVrXyT5fAxOc`KpYSJ|D*%_`1EE8 z*nIy9MaAn`3PBRq&{FNGzxAiy<68IoURB4o$FY={io(; zK-mT#Epl5e1xma+Sl`{XsmQ_{6<%m@NkMF8fjb>xOt>-YsK&lSgeEQbus^omltp$`ns@E9f4qNb+)E8kQ4rd79O{JP&zD`*jPJyx=JZziy zF7M*2vv;4mLBNI)EQDjmQi5XZ?$Lc{ov+q1xG{PoaR!}v;4=7X3qdkNznGTg zf80H$AuE}&4rsL=@irg6k3>H*_yGV$Y)18vPO;SyS+`Kn!zZQ~)!kt2uvT+aqR$bc zeMngr1+RJhVn&%d80dd%#KsZ;9=hky-q`&qI2`cJoQ5{mJdSIufK)*?97?onx%+6* z)CysT0}vHZteQRwhj>OyrGZ2;<(XjIKR5tIu18NT-kL)k!UlZZjafhJkbBzoa6Ie* zigC7Gdiw-x!9Izh5wk~L5!IPC9M;-!S3M-boYuRj3&!pvrz}R#eGhQqu<4Z}gdXR_ zqy`8;CA8hjMrJf3Jo}NH)Z(ehdUh`$_rv1&bGQF--*Eb=`M}?A!SjH&0>>@D|4_^p zHVAsQ$0?F!E zp>~!Ew-XuIC(55nt-l2vsNQtV)7=FhN8!T#v?ps9D4Ww~oa2*Od?J8L%3i70*Y;|c z@v1M2Dt}K1>G|;gh+jDLXrp?6kFH4(`ZZod2CsuBZ@ygBU6p-Yo)ol9z3X_&EAuD+ zfAdPHHg)UmPY<(uff&n$U1OuYkKVceBeUrKa($vj8BkJ-m7DXpJ5T;l z3>tS@yAfM{RKkYVtJ{>)__Wh~mKS-&Y1-(K+utolcO_L&Z3oYyTPtOTphEc8dn9-(fn8 zlD3;v?^TABx&7pXbfdJSNWFIDeqEX?6K+ON-iJ5FSafR#kBYHkFV1dwyxtM#roF}s zMoleP%OP}h;n;}lA8{uOOLcY`Jt|NNF4XernQ=!?Y3^1Qsb5&JEK!p_4zRQ7|0p{d zk)+N@{(SAYz{q*V(MidP%@UszPnMYhB&)l5-8RF z4nDA7Z8=F{lZYehX^fYutI8oViblZRgOMRcb>xg_NH{n+!36-c<@HY03wX6hFd&uJ zwzmzb3CeUn$noE;s_7yEilSK@CUr!)glqj5&r%Dr2{<`N{*3zVs^lNLiDl@rf$15v zre7yorgm2>RyV_$9^n1E%MyPCjaMH?!T+51)S+Ww+# zvsNsP8#3`=yIxj!3#toxFT>jXqQTkm%dI6TFTZOkmoSyxE;4DejF_kDV}O2_Sx><& z?#ujPP`d-EPJh@|wNp4B6JsKZrzws*4bLq;CwWhR&QD{1^jMKn~ z=8iF^SPAr4n+7V9Fy}k1Cn~Mgr?+&rMY{MjA|qP*LZgzvW4pP%F@&%L&L1KP%gQpb zv9X0nO1vS<3e3tPlQ4nAIK;)9lG6{0>gs}{xi;+Gdre&j>&`=ODkjT*6xI8rgE&pm zRPI7^$O8pzzwPKV=;#%gOcOFxMBukDz3 zbu%ISc==6By@YFKgs(AY#0Q*dRI1+!QPSA_HtBZQsaI~h#~BQ@2N!%|;FFW_b8_vM zF0y;IaEOS;Mv@!S>2)JuaNceU&D!3&p~+=h(&3rF>)maeaWNfP|s&f6^HwbpB)9|kayd!L6pziTW! zJO!Ww`#arelR6YjCe)cXs4`z|;n1}I&@k?n5n=NUvNk#(^)0mkxH7H4m^&%i=#k21 zK@*eB&k9n*TLP2V82<(5gwn*50!uU$MY-AiEgay_ zoL4jastw6^S#(X;0{ykhZ%|ok`bI`Z1npSghfN`ytZdu<2l>wW>WGh&??qEnoaxb(6EDb+x0(6k%3yXtL&8618|TlC?KGbub> zuzO2->UJZF-io;$2P^3qass%>U#_-(U=p5*q2HdeiTL(u5L! z)2W>-a4eR0UHmnGmf78hrQkr_mBQyh{(ywG3l(>pTC<~ z{mJ2K_BfH=)q$SszQX7?WjEgwJJ{R%G-ygizqc|%1a7s((v89k9zU9yDo~jLe7UWs5xUw(xo5gWg(x77~jUH~7Rif)?NjCKV)v zk?xM_t({Oxa;VCmv<3eKLWVd&*w;YefF}lZ$qV)6i%W~iT{7hg`?ucLB=KUBv+wPBwiV$?8%JbEhcFP>pxFfID(uR$ zOy)^b{wde%m(23bEcf%fnJ7dfc=w&WTjG5ATIRU7eTB!4T78v$we=7eX3XpW%WPbPbKqM1Q$`wS!Z4VHj z%$|N))6?bOJnDM8V2C4#b*7C>LS$sd_PvI!l2g)(pEp`yD@Cf$GT$tnv~%xgT5Qu# z60IPO0FMPX@s3)_9a?o;@)oPZ>~Xv0Vm9Lw0@bmmgg){b5H-U$#^@tDb%pl9iD>wo z-vRzGpA-ueSXMyn1TE{FE}e=taKDe0Rxv-{+g0Ily?Ft)xar8ktG!|e2_QH5zB-m9 zlf+!;lLiF+Yh;Rnf5y0wZAD0NNMgzlo^UldZ-^%e1_s8Tveon>H{94P+3;&1`+{e+ z+9-_17Yy-OC6EUEHKTfY0f4T~M$?exrv3s;I+%v%dp_~r9d;|^edQYm;3arWUyAp7 zQ0-=S67Y@|dz0Juk5IB}J&$gQMV8~O&si7iHCY0H=T)Th_|>Z-o9^fQweL^-=PxlvYiKH#jv?c;t)sL z2v9$D`$_P(@O5y!Sqf|&xf6NPSWH>?_ujKp|O-(edHW4No#G*Ep#sP)h^^wMgI{gSsy+G5cv}z< z5a#M(aE0<2eY3MkYin_E&zD|T(OWox9uRDUc+j3{*1J<5ACtycBtIG~MGwSrW58u+ zXM+d1cHekGz)ZOv`_XiZtH~oELy0on zC6;9IQOzvAe6FD89W*!h{t0KVZu=L*6NFtNKzR{SS04Q?0QD48WC;hv@==|JKV0{| zL$)JxPJ6Jnd7L)3j_l68c5j>x7as6tY~CT+w(HzJ_}<=EW3Z-FxrZMBO)JoteMBRO zzmk8}b!*DoVz57%;s)eymIJKXb(W)5W+(}oTfd8; z^M^ht_&<92)RA;7110c4ft(ILyDJq-%PDaQ`#5Z|fA)`ki|s863JyaAV5S7TAwYRl z%xO0np~LNvO&9r))@>qEzkE)L6?avAlANqLY;TX@+cTCSM=czdDtCNLA5RM07&VqF z$yH`DXU4nsy3OuT(d*X7j;+gJW?=689HsE^ij{fPz4Lk$7WGj<-E{iJVrUPL$6*nA zXBK98vx`9))z~9I7s;FMCp25^RU9=9&UnjH9sGfo@HSngfXLzCPuWP#&p1{~q_#(M za&U|%(~UPXbzFdx1Ui}M=Z)U^8Y@&#$DN&pZ%WC^{#z+o&;0iEE?DlSF3~@n%M@(& z!F)|HIB6zyx=>Q$WA>cG0OBMON zv1dc!si~_c*VAL_r+b>5oQ$0LYGt|4uOce>`g`U9;%vq050TA3KieMr`}(r!P$V{k z(>OlH(@7{RzmbIT*k>gHXg0fB5)=~Ce)VeDh*8^*BYbAR6+wyXn@VlkPRuIkaK58Ig5C+cMf)fN0;DBo?e}TEoPa*Y&Adbf0JnI-l zZ7|cp)0a%EAh3Bp<8(mE*RT4|CKW&X8xM>z)mWX6P8Csc9!NLAqa9OIV|+jxqWbfm z6OdZ@3KiURs&rpLS?SAWLpqYi1qR<{FlrndNRYCyEP!Q577dNQULgsq_t3{>(v=kz zr5H(Ff$fk2PAQ!S>-XbBIGq{;-3W8C9&fEhcVE^Mho8Y)*F7~9ECgE`s$XTuBG$PB$VP%sLn?-;F>>X#~md`v4-&0+DufLxg@?dcqZK1 zNsya4JgDY*)is?QWy@UY`KyDiT1_O8)(Nt*58we0WOXd?qQ* zDL{BEeW5lp-|M0ejgU9Besy0u9Kw>P-9I}U?y%$634~*8$K7L}qhfPa2mb-GFf<@t zXmYrHQXLj^9o#~i&7OiU9B}^*quLobYgWJ(TRpe8jDwI2dgJh%ZDB|8dsIW=r-H6V97-yMrhn;!;L4A5uzuGIkm`Ka^A*jY@)&P>`7_3S3@ zti|OSBBIt9~r&!7b&oUa@fb{Hn7SDlCE?!Ne9wrK0G>%!T#M$#};U&&1=s>Mtr zD41vRM~g(HQvxU+oH4kOPu}>mXJ`tmIxQu64*yBd3nrs4kOlAT>;PeN&&UWuTuD$) zv1MvlLGg8K341FV(ulv2vZ&5~E|JHdtO^)xon&BaVn7O}JvR4X@^~c%$nw<0`#9ni z`msKr9&R-h@=57`d5Ogs$-MA(rIi7T0l{H~ajan^mcTZRBBYtbaWn%~ur{3EzTKAX$m+?oj#HV=&sQ z+{IJ&HE|8Mt5I4AoPYhl>46%YqiO6}87JZw^1)c=#`-m&A{{!wmI{W1N&JBnOVk>B zk!lHS4fEl>cO_3H#0uDSc7?~)LrQ-`L968&I;3>Q&$q{ot{>rVdiC|x-5JONydk8e zkZL=gBU}oLy&rU%WxQi!D{?eQDF96ud6* zpUsmxL5geuCi3lzc)cGI8REYTMV@!VFK|DqG|OVQo`YjHKJQJoz3nksSMtTB2B?2- zlO{O%1sDuOUyx7AJsq5x{&mTSo|FL5v)bIq`w#QSd3aJP?b3U%9RtBd!md%3SyH#F zL;d1619%w>la_bPkgV7omu=xhS0COHxAs+^Z{?^Mf?I@wD+M(y3JDZmMI75>l6ncc z;()n)Qw%@UB-D+na94d(5#@WOLsyOz15tohn{-sW!j3Tk8tpkf^ZcI;b9mbFB??~V zK_mZgFK7dfgHy7H^xaZa_=l&fILy42Nc;F$bMK6y6Dv8lJGSJNNPjeRAzm1H@5-Mp z!@WUf^w!Rwm$XyCW16kE4(qjUtlUQvz`tbHctuGXD|T;y_bw81EcD#%-@JFZrQwS7 zTHH-IWvf0P`K=3Wp`WGYG_k8-h#x$$H?UX4xlAdu)MFF6F!2AL7MF%~rlr#6e=B|7 zG(W1;qWh{x)=H$ksh1eC3r<7Mm<+1l$Caxtj~Tkj8M8HGp%qZBvr=6Mr#zXawzo#j z49J0l8^eYetE^gw1T2IUeIA(`FJwqS@h$+0bteb(FU4X@)3}Eu`e~8RGWlU2o_%Rk ziA|<|JI7UntAKOqJm>KBv1 zYK?wyS*8+iaxz2d{t-23wPNfCQg5RVRR%4B!2Ci5FE=gs?xbYQo>H}ADs;$Jpw|v) zx3U?xEeaZ9Q_P@Ule(mFmiha;?UnoEW^gE;gtsP^a`*hvPtU1>nKz%;QR@rZ@ z(5 zUle`L$>=)51l7C>wWL>ceIpj)0%*wxf1h(_Rw7$IQ=kk$`x)Av^qIR&NESx+MY$jl znGboUXDTnhSSPa2%y)jWg4d#=cl`F?AzIrf{b}9hK{+69eRWJDdG6a<4F~XJ0kugy z?O7(i2kgEp1?hen6f5P2#Hv^%f6uS{!%FYM1>GViO4GBtAK7&j)}>PAdc-tXD~R9< zDUBy+5`(( zHl0f~f$Z&CoNNy_gw_1q8v7lbq}2e0PrFmk)fD6&)sI44%P&UM^4MaSHGae4N(`Ru zcWeE1k9w!|yCe6LPDYrKk7J%6@4Y#^U*hA)`9qSF6lwFdt0`Kckfqd2j@RwOWjn-8 zvRt6gVQ|WX8>zb7L#+u+ITRYxMK+v{?Z35il!L!$a6XeDrc8~e;uZWXG37D8T9_3p ziFq!9pkJmR!QviP;6}WYF4+T=sEu^BBJ4uQ~M|toyY&%pE)h7-y_YBg=T<3x{q4Y5zb0b>kZng%XzQugShcH;E?e=_IpX2XtOSsyLqR-)Kv( zNre`VP~vg3DeMOVm9`u1N$ZEH=F$B>4}QHyynrZPwy2mYie`ZmBEz6%V)!ze04%Z~ zyb>mynRS+55R_}g5j14a-bxv-3oz&yu!(u#>t@{i^Tm3Xwa)bhI z%gx0}^ZK-Ru{%az;j!D9`4$7+5aWXZ#-h92&~26HiFo++p0+GSduEG7#t&aB(%`J{ zZ-uBnY$vfU=obM(4=gbjhcxHv6t85UISi-EnNjEmOsfH(L#P;I;#L=t^8Id%0+Iz9 zR3Po!nho9VDL)IPfETV;%;T)-ZQ#e7)W+m5D+K+ecdd8F!5H*~SBm7DKOVyD14dBkOP!*D`HP zIkgv`Bi2vFbvhV-Kh(G4Q8%vljCJ?$jmWSyX-S7~7w7yEcz;!kxcIK_dVBK9#{eI4 z!Rk!;?sMA9F9J4in0PgEH_t9=64p2Ex13e?oy$M;Z=RSn<+eo6s^rnEza?#oTW3p; ziOyHqhI_>O-Xv5%FTOo1!gXspM6XWLBIe1^J9-(|1akFKJf~Q+od@d zNRyxU`Y|e+!Du>+h!mx$fWTh_*Vah zF1ZgHa1GNl-=|lOGsilUl3jEP)31%1EUHl`Hrvc(6bpq@aL=f%y|x!1l`s7L3?1*e zo@!`PF}CbX=m~gd5^rJE7pH3}U0%eae;*rt>9wYGtS05`J(ikOe6@($ z-QKM)0h^@jOWe1=!n4+)#DDf~qK{x(yIZhelFo0gzBF)CBrt`xW9FaCn&t(W6kI$P zxUoH#Bo;+j@v$*}C1*#OQTMpcui`}VyQiLUGHlAk_J$w%wFuqrVS{yID$~9%JMT|e zg6=TOC?QOWwaJah7k^;S`KwsctZm-yQ;R*4pru-v-)?y|P2=vz$k1jM)>acl^z_(` z6B H3~qXjAQQ6f|4Kbc9_8MZu1^`U9My#44c`=SZ>KgQ|Q3x3;?@Vs2wBE1kit zOmJUa`-1dIhMQ4DOuM4uoEO7)3);ug z#sHGVu6}#80{x%9zSj#XnywjS7zRdbkpapA@m{x&GO{O{pAefl{Il5^pT54^r%>%r<~nvW7@_I;D_drDA#962Lc84U5&8KXy333@-lqzLgrJ&)(E-4blexsB{0)BejH%37yXk36;!2 zqD%DV%2?6NNSs_QW#i#ro^Ng&^^F`xPV^!Mi-@ans;Y^oseK6xQJPyN(#U-&r=qBa zD6X_MtaD$FedeAo8b}+rkg(e zSjdf{-_<1d>eoLV#Ay1YzxJrvMp-Wf7ka8NpQh`BnF1%eYsW@B;4FsVpaQ`rg)E>z zQ^5`uW{GP}%fZ|rpD26onW_jtt{rk9cFl8r2;X+hEI^a0`C)^oD&Fai&b+%Wy2Z4( zE31Z$+Yb3~o=*I@^w8c~9rLZac;g0^?vs@=+QyilR<}@VFs)3~jckdQR~Ce-UDrY= zM922y=Z9%J5jiUIK9;Z#!N8OCaq?Yuw&63>e5cn;Kl5V7wY$pIYP7Xc^F!+r>uNG~ z^@Wz8EhEDmd{Y@2cJ;eSw(gnrd>)xeFo7|i-4z`%nGY>vMiFqm(K5()r^Dw_6RS9Z z(oBvb$x_Ko=B|iyr&m#DgY(OZ!)lbGbqLZp{QX8W*zhr-EdwNiF$fY_C z&C#elrwF2ek8=y&RJ;<_4*DmWi~=5vB$iW8ln#mT(6NmD`bO!^`;;vr8O#DEJHMLq zTCplQ!aTLIL(}>{LI0#La~8j*Sius$+ltae4Pqrdzx>eCj2Iz|8Z>VIp{0Lh?$P$O zhY03qi1z~d#xl~z%PHSH!aXza6CZYM!?_ZFfS8ZCM%C1EnJn(9J3b`UPyV=P%uTOB5Px7Xyu6o`)Utgju!}F5(5#do%q-?KK zDL7Bw#QNd6xrC)G5d$5VYu)#As_^x5-rScjZwcWeJnKVc?P;o;k^Wp&9?{7?DOzYM zoP++6B|IU$BZ~|T!U)mo@Qyi^s*@%f^qG;aPdP;XPGSDb_|V^kOv2;1t8$ZeK~qHp zlO_sGY%p})Wj^$MST%Il#%%p8sS3`fw~mUoV@IFNebHoDS+;=wPc4RUBAg~&zOXJ* zw1|QNEtoSD6majtEuS=G_wXv{pPDRT8`*X+7`Pw+^A~Q9JQf@(yjiupBA-6Z#_}7c zKEkrT3}2$c=WJ})FU-s>)sy{2SiHUYjKqS+2{p0c4Lh_oH8pMGBsvtjO-p0i>zuJW zNh-b=ZWnXC=w_{#&!6O6s=HT5L-W0f4)A(Qs#}RdNf}VmSXNk%?6G6%w1ySC-?fyK1ibPppGjshb=JIBtbdwRd%hY zsRI?VtG)%Z&x!|);avERaP8$U2U$0hevuHjHXlt4~3HRY_QZ{Dw#8J}0OE*`%ALV9KKe+7vJcKV?<-CbQM7J`P#>gn#T zTh_6o?=@VOFxAPwPtu|tEnB}L+Q!T&v(AFJ00PD1fNRCjT0sXIS}QP-x4x4ylesaI zx2$1(h^5nJE{>u1YJ z3+3>0f5MtaAFoqEprfONJHPV{3=GU^@d*GnZXEWFQ8nG&UHHu6%TWlLyX}~eTP6S; zK60qxGT+{Rq;6SSbJO(`rZ!bB3tMZ^f`}1`ckG{zT_6*RKEInGM5rU0)04&pV?!3R9a( zcW9+xSB*`=jA+W8D2s#u_m<5BX63R>{Dj6t6brYDiPd(Qq`yz@(pF;uTQNRC+JzEX z-_`<(6+#mt2sFabzy&k__I~gvuxWixxD#-ObD6jn-57&k|7Hb-pL-!&iHc7a!1Xr{ z;n?xxcx|+HFfosL^FE3~p-^|9H{W~#o7HX<5rT3=KBDxET+vSdI5joy;v`_UxJX#Da^YC#(=N*1b@B zK&jXf?lMW@z$HMeT-F&FO1VG4X+d;I#_F#44hw+1PesIgf~ZO(v^HaXGZTz)7tL4$ zr3gd{*0>85dOw*3ockp0J2xh}%DC@=hcWzz=f_HR0RdRG@{u$8Ee}2L3-r&pugjr5YptjN22xQpLfm%9YK)|Z4;4ZhV!IE7Pkvz zTG))$U2kF+5$`6cpK+47PHg5FAmhr2TV%JM!LURC8ITHK!Vt`yWS68eRjdWz1%?3Z zeq)a>y5h!aq4B7+h7R&GFy7k#HeT4YIoCJ0Z0Pgo`#|5g>M(2eEZp(k+wqfo?ybAu z@e}W3>&x4!H;iFHec{Gyv2fufK42?FG~Lf5A=Y!ENYmpEIII*bj1z4{-QrzY z>GZ_o zzu9EVcu~Yqly5aZzV=C&a&4=-SS;eE>zCC%zEM8C=yH@#m2vOS?`!FJFgM+>3}3tD zW^tDYb;zdV0+C>6<4f606Tja3wypPpgDlua!j1S3Q4h;F)g;L|$)qOwk0Ra^K)v3U zfD_+Hz?p!^3u24~c>%ZH#X>F?>fJ6rNrj?M{=x%Q- Embed code* menu in *Dashboard* or *Visualize*. -You can also use `Public URL` switch when you're generating permanent links to dashboards, visualizations or saved searches. +You can also use the *Public URL* toggle when you're generating permanent links to dashboards, visualizations, and saved searches. -NOTE: `Public URL` switch is only available if anonymous access is properly configured and anonymous service account has enough privileges to access what you want to embed or share. +NOTE: The *Public URL* toggle is only available if anonymous access is properly configured and your anonymous service account has privileges to access what you want to embed or share. + +For more information, refer to <>. [[http-authentication]] ==== HTTP authentication diff --git a/docs/user/setup.asciidoc b/docs/user/setup.asciidoc index 54bdfff8e0bbb..ba848681689b6 100644 --- a/docs/user/setup.asciidoc +++ b/docs/user/setup.asciidoc @@ -59,3 +59,5 @@ include::{kib-repo-dir}/setup/connect-to-elasticsearch.asciidoc[] include::{kib-repo-dir}/setup/production.asciidoc[] include::{kib-repo-dir}/setup/upgrade.asciidoc[] + +include::{kib-repo-dir}/setup/embedding.asciidoc[] From 60d7ca066ac21193e3724e97af0d6e0c789a28b7 Mon Sep 17 00:00:00 2001 From: Aleh Zasypkin Date: Fri, 19 Feb 2021 10:08:14 +0100 Subject: [PATCH 3/5] Review#2: handle review feedback. --- docs/setup/embedding.asciidoc | 23 ++++++++++++++--------- 1 file changed, 14 insertions(+), 9 deletions(-) diff --git a/docs/setup/embedding.asciidoc b/docs/setup/embedding.asciidoc index 2ceed81f13c51..6e5b802088564 100644 --- a/docs/setup/embedding.asciidoc +++ b/docs/setup/embedding.asciidoc @@ -1,28 +1,33 @@ [[embedding]] == Embedding {kib} -You can embed a {kib} dashboard or visualization using an HTML code snippet generated with the *Copy iFrame code* button in *Share > Embed code* menu in *Dashboard* or *Visualize*. +Once you create a dashboard, or a visualization you surely might want to share it with your colleagues or friends at some point. The easiest way to do that is to share a direct link to your dashboard or visualization, but not everyone might have access to your {kib} or even know what {kib} is. Moreover, sometimes you might want to give more context to the thing you're sharing, for example, attach analysis, or images, or links, and {kib} isn't always the best tool for this type of job. + +If you have an internal company website or just a personal webpage where it'd make more sense to display the content you created in {kib}, then try out the {kib} embedding functionality. You can embed a {kib} dashboard or visualization using an HTML code snippet generated with the *Copy iFrame code* button in the *Share > Embed code* menu in *Dashboard* or *Visualize*. NOTE: Embedding of any other part of {kib} is also generally possible, but you may need to craft the proper HTML code manually. -[role="screenshot"] image::images/embed-kibana.png[Generate an HTML snippet to embed {kib}, align=center] [float] [[embedding-security]] === Configure security -Embedding through iframes, if used properly, does not directly pose a security risk, but still requires a careful consideration. +Embedding content through iframes requires careful consideration to minimize security risks. By default, modern web browsers enforce the +https://developer.mozilla.org/en-US/docs/Web/Security/Same-origin_policy[same-origin policy] to restrict the behavior of framed pages. When +{stack-security-features} are enabled on your cluster, you must relax this constraint for cookies as described below for {kib} to function +in an iframe. See https://developer.mozilla.org/en-US/docs/Web/HTML/Element/iframe[iframe] and +https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie/SameSite[SameSite cookies] documentation for more information. [float] ==== Authentication -If you're embedding {kib} to the website that supports Single Sign-On with SAML, OpenID Connect, Kerberos or PKI it's highly advisable to configure {kib} as a part of this Single Sign-On setup as well. Operating within a single and properly configured security domain would provide you with the most secure and seamless user experience. You can read more at <>. +If you're embedding {kib} in a website that supports Single Sign-On with SAML, OpenID Connect, Kerberos, or PKI, it's highly advisable to configure {kib} as a part of the Single Sign-On setup. Operating in a single and properly configured security domain provides you with the most secure and seamless user experience. You can read more at <>. -If you want anyone to access embedded {kib} skipping the login step, but the Single Sign-On isn't an option for you, consider configuring the <> instead. It is already natively integrated into the embedding workflow for the dashboards and visualizations. +If you want users to access embedded {kib} by skipping the login step, and Single Sign-On isn't an option for you, consider configuring <>. It is already natively integrated into the workflow for embedding dashboards and visualizations. If you have multiple authentication providers enabled, and you want to automatically log in anonymous users when embedding anything other than dashboards and visualizations, then you will need to add the `auth_provider_hint=` query string parameter to the {kib} URL that you're embedding. -For example, if you craft the iframe code to embed {kib}, it may look like this: +For example, if you craft the iframe code to embed {kib}, it might look like this: ```html @@ -34,16 +39,16 @@ To make this iframe leverage anonymous access automatically, you will need to mo ``` -Note that `auth_provider_hint` query string parameter goes *before* the hash URL fragment. +Note that the `auth_provider_hint` query string parameter goes *before* the hash URL fragment. [float] ==== Cookies -Irrespective to the authentication type you're going to use for the embedded {kib} you need to make sure that browsers can transmit session cookies to a {kib} server. The setting you need to be aware of is <>, and to support modern browsers, you might need to set it to `None`: +Regardless of the authentication type that you're using for the embedded {kib}, you must make sure that the browsers can transmit session cookies to a {kib} server. The setting you need to be aware of is <>. To support modern browsers, you must set it to `None`: [source,yaml] -- xpack.security.sameSiteCookies: "None" -- -You can find more information about possible values and implications <>. \ No newline at end of file +For more information about possible values and implications, go to <>. \ No newline at end of file From ef5788e9627a2b1378df9af7cb2de0f9624442a6 Mon Sep 17 00:00:00 2001 From: Aleh Zasypkin Date: Mon, 22 Feb 2021 13:10:10 +0100 Subject: [PATCH 4/5] Review#3: handle review feedback. --- docs/setup/embedding.asciidoc | 19 ++++++++++--------- .../security/authentication/index.asciidoc | 2 +- 2 files changed, 11 insertions(+), 10 deletions(-) diff --git a/docs/setup/embedding.asciidoc b/docs/setup/embedding.asciidoc index 6e5b802088564..d313b408b3139 100644 --- a/docs/setup/embedding.asciidoc +++ b/docs/setup/embedding.asciidoc @@ -1,23 +1,23 @@ [[embedding]] -== Embedding {kib} +== Embedding {kib} content in a web page -Once you create a dashboard, or a visualization you surely might want to share it with your colleagues or friends at some point. The easiest way to do that is to share a direct link to your dashboard or visualization, but not everyone might have access to your {kib} or even know what {kib} is. Moreover, sometimes you might want to give more context to the thing you're sharing, for example, attach analysis, or images, or links, and {kib} isn't always the best tool for this type of job. +Once you create a dashboard or a visualization, you might want to share it with your colleagues or friends. The easiest way to do this is to share a direct link to your dashboard or visualization. However, some users might not have access to your {kib}. -If you have an internal company website or just a personal webpage where it'd make more sense to display the content you created in {kib}, then try out the {kib} embedding functionality. You can embed a {kib} dashboard or visualization using an HTML code snippet generated with the *Copy iFrame code* button in the *Share > Embed code* menu in *Dashboard* or *Visualize*. - -NOTE: Embedding of any other part of {kib} is also generally possible, but you may need to craft the proper HTML code manually. +With the {kib} embedding functionality, you can display the content you created in {kib} to an internal company website or a personal web page. From *Dashboard* or *Visualize*, open the *Share > Embed code* menu, and then click *Copy iFrame code* to generate an HTML code snippet. You can embed this snippet in your web page, and then add analysis, images, and links to give more context to the object you're sharing. image::images/embed-kibana.png[Generate an HTML snippet to embed {kib}, align=center] +NOTE: Embedding of any other part of {kib} is also generally possible, but you may need to craft the proper HTML code manually. + [float] [[embedding-security]] === Configure security Embedding content through iframes requires careful consideration to minimize security risks. By default, modern web browsers enforce the https://developer.mozilla.org/en-US/docs/Web/Security/Same-origin_policy[same-origin policy] to restrict the behavior of framed pages. When -{stack-security-features} are enabled on your cluster, you must relax this constraint for cookies as described below for {kib} to function -in an iframe. See https://developer.mozilla.org/en-US/docs/Web/HTML/Element/iframe[iframe] and -https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie/SameSite[SameSite cookies] documentation for more information. +{stack-security-features} are enabled on your cluster, you must relax this constraint for cookies as described in <> for {kib} to function +in an iframe. Refer to https://developer.mozilla.org/en-US/docs/Web/HTML/Element/iframe[iframe] and +https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie/SameSite[SameSite cookies] for more information. [float] ==== Authentication @@ -42,6 +42,7 @@ To make this iframe leverage anonymous access automatically, you will need to mo Note that the `auth_provider_hint` query string parameter goes *before* the hash URL fragment. [float] +[[embedding-cookies]] ==== Cookies Regardless of the authentication type that you're using for the embedded {kib}, you must make sure that the browsers can transmit session cookies to a {kib} server. The setting you need to be aware of is <>. To support modern browsers, you must set it to `None`: @@ -51,4 +52,4 @@ Regardless of the authentication type that you're using for the embedded {kib}, xpack.security.sameSiteCookies: "None" -- -For more information about possible values and implications, go to <>. \ No newline at end of file +For more information about possible values and implications, go to <>. \ No newline at end of file diff --git a/docs/user/security/authentication/index.asciidoc b/docs/user/security/authentication/index.asciidoc index 376af2daa0e96..1db79198b94fb 100644 --- a/docs/user/security/authentication/index.asciidoc +++ b/docs/user/security/authentication/index.asciidoc @@ -389,7 +389,7 @@ You can also use the *Public URL* toggle when you're generating permanent links NOTE: The *Public URL* toggle is only available if anonymous access is properly configured and your anonymous service account has privileges to access what you want to embed or share. -For more information, refer to <>. +For more information, refer to <>. [[http-authentication]] ==== HTTP authentication From 2349a929975c1465d0a823cf92f66941a8726e9b Mon Sep 17 00:00:00 2001 From: Aleh Zasypkin Date: Tue, 23 Feb 2021 08:48:24 +0100 Subject: [PATCH 5/5] Review#4: handle review feedaback. --- docs/setup/embedding.asciidoc | 4 ++-- docs/user/security/authentication/index.asciidoc | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/docs/setup/embedding.asciidoc b/docs/setup/embedding.asciidoc index d313b408b3139..1b20baf66913a 100644 --- a/docs/setup/embedding.asciidoc +++ b/docs/setup/embedding.asciidoc @@ -1,5 +1,5 @@ [[embedding]] -== Embedding {kib} content in a web page +== Embed {kib} content in a web page Once you create a dashboard or a visualization, you might want to share it with your colleagues or friends. The easiest way to do this is to share a direct link to your dashboard or visualization. However, some users might not have access to your {kib}. @@ -7,7 +7,7 @@ With the {kib} embedding functionality, you can display the content you created image::images/embed-kibana.png[Generate an HTML snippet to embed {kib}, align=center] -NOTE: Embedding of any other part of {kib} is also generally possible, but you may need to craft the proper HTML code manually. +NOTE: Embedding of any other part of {kib} is also generally possible, but you might need to craft the proper HTML code manually. [float] [[embedding-security]] diff --git a/docs/user/security/authentication/index.asciidoc b/docs/user/security/authentication/index.asciidoc index 1db79198b94fb..b3be4d64921cd 100644 --- a/docs/user/security/authentication/index.asciidoc +++ b/docs/user/security/authentication/index.asciidoc @@ -389,7 +389,7 @@ You can also use the *Public URL* toggle when you're generating permanent links NOTE: The *Public URL* toggle is only available if anonymous access is properly configured and your anonymous service account has privileges to access what you want to embed or share. -For more information, refer to <>. +For more information, refer to <>. [[http-authentication]] ==== HTTP authentication