From a523e0191931ac10a298c938e1e420f759db32d7 Mon Sep 17 00:00:00 2001 From: micheleRP Date: Mon, 26 Jan 2026 12:40:41 -0700 Subject: [PATCH 1/2] DOC-1927 Document configuration param maximumSessionAge in console --- .../pages/config/security/authentication.adoc | 92 +++++++++++++++++++ .../attachments/redpanda-console-config.yaml | 2 + 2 files changed, 94 insertions(+) diff --git a/modules/console/pages/config/security/authentication.adoc b/modules/console/pages/config/security/authentication.adoc index 9f5d77801c..917e927c20 100644 --- a/modules/console/pages/config/security/authentication.adoc +++ b/modules/console/pages/config/security/authentication.adoc @@ -497,6 +497,98 @@ Most Kafka client libraries support SASL/SCRAM out of the box. You must configur - `sasl.username`: The Redpanda username - `sasl.password`: The corresponding password +== Configure session duration + +[NOTE] +==== +include::shared:partial$enterprise-and-console.adoc[] +==== + +By default, Redpanda Console sessions remain valid for one year. For enterprise deployments, you can limit the maximum session duration using the `maximumSessionAge` configuration parameter. + +When a session exceeds the configured maximum age, users must re-authenticate to continue using Redpanda Console. + +[tabs] +====== +Standalone:: ++ +-- +[,yaml] +---- +authentication: + jwtSigningKey: "" + useSecureCookies: true + maximumSessionAge: "90d" # <1> + basic: + enabled: true +---- +-- + +Kubernetes embedded:: ++ +-- +When using the Redpanda Operator or the Redpanda Helm chart: + +[tabs] +==== +Operator:: ++ +[,yaml] +---- +apiVersion: cluster.redpanda.com/v1alpha2 +kind: Redpanda +metadata: + name: redpanda +spec: + clusterSpec: + console: + enabled: true + console: + config: + authentication: + jwtSigningKey: "" + useSecureCookies: true + maximumSessionAge: "90d" # <1> + basic: + enabled: true +---- + +Helm:: ++ +[,yaml] +---- +console: + enabled: true + console: + config: + authentication: + jwtSigningKey: "" + useSecureCookies: true + maximumSessionAge: "90d" # <1> + basic: + enabled: true +---- +==== +-- + +Kubernetes standalone:: ++ +-- +[,yaml] +---- +config: + authentication: + jwtSigningKey: "" + useSecureCookies: true + maximumSessionAge: "90d" # <1> + basic: + enabled: true +---- +-- +====== + +<1> Maximum duration for browser sessions. Accepts duration strings such as `90d` (90 days), `24h` (24 hours), or `30m` (30 minutes). If not specified, sessions remain valid for one year. + == Configure API authentication After enabling authentication, you must configure how Redpanda Console authenticates to each Redpanda API: Kafka, Admin, and Schema Registry. diff --git a/modules/shared/attachments/redpanda-console-config.yaml b/modules/shared/attachments/redpanda-console-config.yaml index 6a5427a814..1b537c16ff 100644 --- a/modules/shared/attachments/redpanda-console-config.yaml +++ b/modules/shared/attachments/redpanda-console-config.yaml @@ -85,6 +85,8 @@ schemaRegistry: authentication: jwtSigningKey: "secret-value" useSecureCookies: true + # Maximum browser session age (Enterprise). Accepts duration strings (for example, "90d", "24h", "30m"). Default: 1 year. + # maximumSessionAge: "90d" # Optionally enable cookie chunking if cookie size is an issue. # useCookieChunking: false # OIDC configuration (if using OIDC): From 692c9afa93d9ea3a210c029e82e41aec3f2dab19 Mon Sep 17 00:00:00 2001 From: micheleRP Date: Wed, 28 Jan 2026 09:22:09 -0700 Subject: [PATCH 2/2] remove extra enterprise note --- modules/console/pages/config/security/authentication.adoc | 5 ----- 1 file changed, 5 deletions(-) diff --git a/modules/console/pages/config/security/authentication.adoc b/modules/console/pages/config/security/authentication.adoc index 917e927c20..8962a109cd 100644 --- a/modules/console/pages/config/security/authentication.adoc +++ b/modules/console/pages/config/security/authentication.adoc @@ -499,11 +499,6 @@ Most Kafka client libraries support SASL/SCRAM out of the box. You must configur == Configure session duration -[NOTE] -==== -include::shared:partial$enterprise-and-console.adoc[] -==== - By default, Redpanda Console sessions remain valid for one year. For enterprise deployments, you can limit the maximum session duration using the `maximumSessionAge` configuration parameter. When a session exceeds the configured maximum age, users must re-authenticate to continue using Redpanda Console.