blob: 9a60ccdf1fb620bd40694703233513bc16b05ee9 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
|
---
certificates_directory: '/certs/'
server:
address: 'tcp://:9091'
tls:
certificate: '/pki/public.backend.crt'
key: '/pki/private.backend.pem'
endpoints:
rate_limits:
second_factor_duo:
buckets:
- period: '20 seconds'
requests: 20
- period: '30 seconds'
requests: 30
log:
level: 'trace'
storage:
encryption_key: 'a_not_so_secure_encryption_key'
local:
path: '/tmp/db.sqlite3'
notifier:
filesystem:
filename: '/tmp/notifier.html'
identity_validation:
reset_password:
jwt_secret: 'a_very_important_secret'
regulation:
max_retries: 3
find_time: '5 minutes'
ban_time: '15 minutes'
session:
secret: 'unsecure_session_secret'
cookies:
- domain: 'example.com'
authelia_url: 'https://login.example.com:8080'
default_redirection_url: 'https://home.example.com:8080/'
expiration: '1 hour'
inactivity: '5 minutes'
remember_me: '1 year'
authentication_backend:
file:
path: '/config/users.yml'
totp:
issuer: 'example.com'
disable_reuse_security_policy: true
webauthn:
disable: false
enable_passkey_login: true
display_name: 'Authelia'
attestation_conveyance_preference: 'indirect'
timeout: '60 seconds'
filtering:
permitted_aaguids: []
prohibited_aaguids: []
prohibit_backup_eligibility: false
selection_criteria:
attachment: ''
discoverability: 'required'
user_verification: 'preferred'
metadata:
enabled: false
validate_trust_anchor: true
validate_entry: false
validate_entry_permit_zero_aaguid: true
validate_status: true
validate_status_permitted: []
validate_status_prohibited: []
duo_api:
hostname: 'duo.example.com'
integration_key: 'ABCDEFGHIJKL'
secret_key: 'abcdefghijklmnopqrstuvwxyz123456789'
enable_self_enrollment: true
access_control:
default_policy: 'two_factor'
rules:
- domain: 'singlefactor.example.com'
policy: 'one_factor'
- domain: 'public.example.com'
policy: 'bypass'
- domain: 'secure.example.com'
policy: 'two_factor'
- domain: '*.example.com'
subject: 'group:admins'
policy: 'two_factor'
- domain: 'dev.example.com'
resources:
- '^/users/john/.*$'
subject: 'user:john'
policy: 'two_factor'
- domain: 'dev.example.com'
resources:
- '^/users/harry/.*$'
subject: 'user:harry'
policy: 'two_factor'
- domain: '*.mail.example.com'
subject: 'user:bob'
policy: 'two_factor'
- domain: 'dev.example.com'
resources:
- '^/users/bob/.*$'
subject: 'user:bob'
policy: 'two_factor'
...
|
