summaryrefslogtreecommitdiff
path: root/docs/content/en/overview/authorization/statelessness.md
diff options
context:
space:
mode:
Diffstat (limited to 'docs/content/en/overview/authorization/statelessness.md')
-rw-r--r--docs/content/en/overview/authorization/statelessness.md63
1 files changed, 63 insertions, 0 deletions
diff --git a/docs/content/en/overview/authorization/statelessness.md b/docs/content/en/overview/authorization/statelessness.md
new file mode 100644
index 000000000..010873173
--- /dev/null
+++ b/docs/content/en/overview/authorization/statelessness.md
@@ -0,0 +1,63 @@
+---
+title: "Statelessness"
+description: "Statelessness is the ability for a system to operate without an in-memory state. A crash could result in loss of the in-memory state causing a bad user experience."
+lead: "Statelessness is the ability for a system to operate without an in-memory state. A crash could result in loss of the in-memory state causing a bad user experience."
+date: 2022-03-20T22:52:38+11:00
+draft: false
+images: []
+menu:
+ overview:
+ parent: "authorization"
+weight: 390
+toc: false
+aliases:
+ - /t/statelessness
+ - /docs/features/statelessness.html
+---
+
+__Authelia__ supports operating as a stateless application. This is incredibly important when running in highly
+available deployments like you may see in platforms like Kubernetes.
+
+## Stateful Considerations
+
+There are some components within __Authelia__ that may optionally be made stateful by using certain providers. Examples
+of this are as follows:
+
+### Session Provider
+
+__Severity:__ *BREAKING*.
+
+__Solution:__ Use a session provider other than memory (Redis).
+
+If you do not configure an external provider for the session configuration
+it stores the session in memory. This is unacceptable for the operation of
+__Authelia__ and is thus not supported for high availability.
+
+### Storage Provider
+
+__Severity:__ *BREAKING*.
+
+__Solution:__ Use a session provider other than SQLite3 (MySQL, MariaDB, PostgreSQL).
+
+Use of the local storage provider (SQLite3) is not supported in high availability setups
+due to a design limitation with how SQLite3 operates. Use any of the other storage providers.
+
+### Notification Provider
+
+__Severity:__ *HIGH*.
+
+__Solution:__ Use a notification provider other than file system (SMTP).
+
+Use of the file system notification provider prevents users from several key tasks which heavily impact usability of
+the system, and technically reduce security. Users will be unable to reset passwords or register new 2FA devices on
+their own. The file system provider is not supported for high availability.
+
+### Authentication Provider
+
+__Severity:__ *MEDIUM (limiting)*.
+
+__Solution:__ Use an authentication provider other than file (LDAP), or distribute the file and disable password reset.
+
+Use of the file authentication provider (YAML) is only partially supported with high availability setups. It's
+recommended if you don't use a stateless provider that you disable password reset and make sure the file is distributed
+to all instances. We do not support using the file type in these scenarios.