diff --git a/docs/configuration/session/redis.md b/docs/configuration/session/redis.md
index ced765f9..a8b438b4 100644
--- a/docs/configuration/session/redis.md
+++ b/docs/configuration/session/redis.md
@@ -30,6 +30,9 @@ session:
minimum_version: TLS1.2
high_availability:
sentinel_name: mysentinel
+ # If `sentinel_username` is supplied, Authelia will connect using ACL-based
+ # authentication. Otherwise, it will use traditional `requirepass` auth.
+ sentinel_username: sentinel_user
sentinel_password: sentinel_specific_pass
nodes:
- host: sentinel-node1
@@ -148,7 +151,7 @@ required: yes
The [redis sentinel] master name. This is defined in your [redis sentinel] configuration, it is not a hostname. This
must be defined currently for a high availability configuration.
-#### sentinel_password
+#### sentinel_username
type: string
{: .label .label-config .label-purple }
@@ -156,8 +159,21 @@ required: no
{: .label .label-config .label-green }
-The password for the [redis sentinel] connection. A [redis sentinel] username is not supported at this time due to the
-upstream library not supporting it.
+The username for the [redis sentinel] connection. If this is provided, it will be used along with the sentinel_password
+for ACL-based authentication to the Redis Sentinel. If only a password is provided, the [redis sentinel] connection will
+be authenticated with traditional requirepass authentication.
+
+#### sentinel_password
+
+type: string
+{: .label .label-config .label-purple }
+required: no (yes if sentinel_username is supplied)
+{: .label .label-config .label-green }
+
+
+The password for the [redis sentinel] connection. If specified with sentinel_username, configures Authelia to
+authenticate to the Redis Sentinel with ACL-based authentication. Otherwise, this is used for requirepass
+authentication.
#### nodes
diff --git a/internal/configuration/schema/session.go b/internal/configuration/schema/session.go
index ca9aac6c..e82004ee 100644
--- a/internal/configuration/schema/session.go
+++ b/internal/configuration/schema/session.go
@@ -9,6 +9,7 @@ type RedisNode struct {
// RedisHighAvailabilityConfiguration holds configuration variables for Redis Cluster/Sentinel.
type RedisHighAvailabilityConfiguration struct {
SentinelName string `koanf:"sentinel_name"`
+ SentinelUsername string `koanf:"sentinel_username"`
SentinelPassword string `koanf:"sentinel_password"`
Nodes []RedisNode `koanf:"nodes"`
RouteByLatency bool `koanf:"route_by_latency"`
diff --git a/internal/session/provider_config.go b/internal/session/provider_config.go
index 24d9cd72..ea7c7f74 100644
--- a/internal/session/provider_config.go
+++ b/internal/session/provider_config.go
@@ -88,6 +88,7 @@ func NewProviderConfig(configuration schema.SessionConfiguration, certPool *x509
Logger: &redisLogger{logger: logging.Logger()},
MasterName: configuration.Redis.HighAvailability.SentinelName,
SentinelAddrs: addrs,
+ SentinelUsername: configuration.Redis.HighAvailability.SentinelUsername,
SentinelPassword: configuration.Redis.HighAvailability.SentinelPassword,
RouteByLatency: configuration.Redis.HighAvailability.RouteByLatency,
RouteRandomly: configuration.Redis.HighAvailability.RouteRandomly,