blob: b5f38b6c630c6dc5199a2e145cd601118f4ca0a5 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
|
---
certificates_directory: '/certs/'
server:
address: 'tcp://:9091/auth'
tls:
certificate: '/pki/public.backend.crt'
key: '/pki/private.backend.pem'
endpoints:
rate_limits:
reset_password_start:
buckets:
- period: '2 minutes'
requests: 20
reset_password_finish:
buckets:
- period: '2 minutes'
requests: 20
session_elevation_start:
buckets:
- period: '2 minutes'
requests: 20
session_elevation_finish:
buckets:
- period: '2 minutes'
requests: 20
log:
level: 'debug'
storage:
encryption_key: 'a_not_so_secure_encryption_key'
local:
path: '/config/db.sqlite'
notifier:
smtp:
address: 'smtp://mail.example.com:1025'
sender: 'admin@example.com'
identity_validation:
reset_password:
jwt_secret: 'a_very_important_secret'
session:
secret: 'unsecure_session_secret'
cookies:
- domain: 'example.com'
authelia_url: 'https://login.example.com:8080/auth/'
expiration: '1 hour'
inactivity: '5 minutes'
remember_me: '1 year'
authentication_backend:
file:
path: '/config/users.yml'
totp:
disable_reuse_security_policy: true
webauthn:
disable: false
enable_passkey_login: true
display_name: 'Authelia'
attestation_conveyance_preference: 'indirect'
timeout: '60 seconds'
filtering:
permitted_aaguids: []
prohibited_aaguids: []
prohibit_backup_eligibility: false
selection_criteria:
attachment: ''
discoverability: 'required'
user_verification: 'preferred'
metadata:
enabled: false
validate_trust_anchor: true
validate_entry: false
validate_entry_permit_zero_aaguid: true
validate_status: true
validate_status_permitted: []
validate_status_prohibited: []
access_control:
default_policy: 'deny'
rules:
- domain: ['home.example.com', 'public.example.com']
policy: 'bypass'
- domain: 'deny.example.com'
policy: 'deny'
- domain: 'admin.example.com'
policy: 'two_factor'
- domain: 'secure.example.com'
policy: 'two_factor'
- domain: 'singlefactor.example.com'
policy: 'one_factor'
...
|
