summaryrefslogtreecommitdiff
path: root/internal/suites/ActiveDirectory/configuration.yml
blob: 657bacc2cc91357eb12068ac79d0ea364e8c7540 (plain) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101

---
certificates_directory: '/certs/'
theme: 'grey'

server:
  address: 'tcp://:9091'
  tls:
    certificate: '/pki/public.backend.crt'
    key: '/pki/private.backend.pem'

log:
  level: 'debug'

storage:
  encryption_key: 'a_not_so_secure_encryption_key'
  local:
    path: '/config/db.sqlite3'

notifier:
  smtp:
    address: 'smtp://mail.example.com:1025'
    sender: 'admin@example.com'

identity_validation:
  reset_password:
    jwt_secret: 'a_very_important_secret'

regulation:
  max_retries: 3
  find_time: '5 minutes'
  ban_time: '15 minutes'

session:
  secret: 'unsecure_session_secret'
  cookies:
    - domain: 'example.com'
      authelia_url: 'https://login.example.com:8080'
      default_redirection_url: 'https://home.example.com:8080/'
      expiration: '1 hour'
      inactivity: '5 minutes'
      remember_me: '1 year'

authentication_backend:
  ldap:
    address: 'ldap://sambaldap'
    pooling:
      enable: true
      count: 4
      retries: 3
      timeout: 10s
    implementation: 'activedirectory'
    tls:
      skip_verify: true
    start_tls: true
    base_dn: 'DC=example,DC=com'
    additional_users_dn: 'OU=Users'
    additional_groups_dn: 'OU=Groups'
    user: 'CN=Administrator,CN=Users,DC=example,DC=com'
    password: 'password'

totp:
  issuer: 'example.com'
  disable_reuse_security_policy: true

webauthn:
  disable: false
  enable_passkey_login: true
  display_name: 'Authelia'
  attestation_conveyance_preference: 'indirect'
  timeout: '60 seconds'
  filtering:
    permitted_aaguids: []
    prohibited_aaguids: []
    prohibit_backup_eligibility: false
  selection_criteria:
    attachment: ''
    discoverability: 'required'
    user_verification: 'preferred'
  metadata:
    enabled: false
    validate_trust_anchor: true
    validate_entry: false
    validate_entry_permit_zero_aaguid: true
    validate_status: true
    validate_status_permitted: []
    validate_status_prohibited: []

access_control:
  default_policy: 'deny'
  rules:
    - domain: ['home.example.com', 'public.example.com']
      policy: 'bypass'
    - domain: 'deny.example.com'
      policy: 'deny'
    - domain: 'admin.example.com'
      policy: 'two_factor'
    - domain: 'secure.example.com'
      policy: 'two_factor'
    - domain: 'singlefactor.example.com'
      policy: 'one_factor'
...