diff --git a/modules/console/pages/config/security/authentication.adoc b/modules/console/pages/config/security/authentication.adoc index 9f5d77801c..8962a109cd 100644 --- a/modules/console/pages/config/security/authentication.adoc +++ b/modules/console/pages/config/security/authentication.adoc @@ -497,6 +497,93 @@ Most Kafka client libraries support SASL/SCRAM out of the box. You must configur - `sasl.username`: The Redpanda username - `sasl.password`: The corresponding password +== Configure session duration + +By default, Redpanda Console sessions remain valid for one year. For enterprise deployments, you can limit the maximum session duration using the `maximumSessionAge` configuration parameter. + +When a session exceeds the configured maximum age, users must re-authenticate to continue using Redpanda Console. + +[tabs] +====== +Standalone:: ++ +-- +[,yaml] +---- +authentication: + jwtSigningKey: "" + useSecureCookies: true + maximumSessionAge: "90d" # <1> + basic: + enabled: true +---- +-- + +Kubernetes embedded:: ++ +-- +When using the Redpanda Operator or the Redpanda Helm chart: + +[tabs] +==== +Operator:: ++ +[,yaml] +---- +apiVersion: cluster.redpanda.com/v1alpha2 +kind: Redpanda +metadata: + name: redpanda +spec: + clusterSpec: + console: + enabled: true + console: + config: + authentication: + jwtSigningKey: "" + useSecureCookies: true + maximumSessionAge: "90d" # <1> + basic: + enabled: true +---- + +Helm:: ++ +[,yaml] +---- +console: + enabled: true + console: + config: + authentication: + jwtSigningKey: "" + useSecureCookies: true + maximumSessionAge: "90d" # <1> + basic: + enabled: true +---- +==== +-- + +Kubernetes standalone:: ++ +-- +[,yaml] +---- +config: + authentication: + jwtSigningKey: "" + useSecureCookies: true + maximumSessionAge: "90d" # <1> + basic: + enabled: true +---- +-- +====== + +<1> Maximum duration for browser sessions. Accepts duration strings such as `90d` (90 days), `24h` (24 hours), or `30m` (30 minutes). If not specified, sessions remain valid for one year. + == Configure API authentication After enabling authentication, you must configure how Redpanda Console authenticates to each Redpanda API: Kafka, Admin, and Schema Registry. diff --git a/modules/shared/attachments/redpanda-console-config.yaml b/modules/shared/attachments/redpanda-console-config.yaml index 6a5427a814..1b537c16ff 100644 --- a/modules/shared/attachments/redpanda-console-config.yaml +++ b/modules/shared/attachments/redpanda-console-config.yaml @@ -85,6 +85,8 @@ schemaRegistry: authentication: jwtSigningKey: "secret-value" useSecureCookies: true + # Maximum browser session age (Enterprise). Accepts duration strings (for example, "90d", "24h", "30m"). Default: 1 year. + # maximumSessionAge: "90d" # Optionally enable cookie chunking if cookie size is an issue. # useCookieChunking: false # OIDC configuration (if using OIDC):