Edit README to make the user add more subdomains in /etc/hosts for testing the example locally

This commit is contained in:
Clement Michaud 2017-03-25 18:42:48 +01:00
parent b403cfe2f8
commit 7d21f8d5df
2 changed files with 29 additions and 14 deletions

View File

@ -40,6 +40,9 @@ Add the following lines to your /etc/hosts to simulate multiple subdomains
127.0.0.1 secret.test.local
127.0.0.1 secret1.test.local
127.0.0.1 secret2.test.local
127.0.0.1 home.test.local
127.0.0.1 mx1.mail.test.local
127.0.0.1 mx2.mail.test.local
127.0.0.1 auth.test.local
Then, type the following command to build and deploy the services:
@ -48,20 +51,28 @@ Then, type the following command to build and deploy the services:
docker-compose up -d
After few seconds the services should be running and you should be able to visit
[https://secret.test.local:8080/](https://secret.test.local:8080/).
[https://home.test.local:8080/](https://home.test.local:8080/).
Normally, a self-signed certificate exception should appear, it has to be
accepted before getting to the login page:
![first-factor-page](https://raw.githubusercontent.com/clems4ever/authelia/master/images/first_factor.png)
### 1st factor: LDAP
An LDAP server has been deployed for you with the following credentials:
### 1st factor: LDAP and ACL
An LDAP server has been deployed for you with the following credentials and
access control list:
- **john/password** is in the admin group and has access to every subdomain.
- **bob/password** is in the dev group and has only access to *secret2.test.local*
- **harry/password** is not in a group but has access to *secret1.test.local*
as per the configuration file.
- **john / password** is in the admin group and has access to the secret from
any subdomain.
- **bob / password** is in the dev group and has access to the secret from
- [secret.test.local](https://secret.test.local:8080/secret.html)
- [secret2.test.local](https://secret2.test.local:8080/secret.html)
- [home.test.local](https://home.test.local:8080/secret.html)
- [\*.mail.test.local](https://mx1.mail.test.local:8080/secret.html)
- **harry / password** is not in a group but has rules giving him has access to
the secret from
- [secret1.test.local](https://secret1.test.local:8080/secret.html)
- [home.test.local](https://home.test.local:8080/secret.html)
Type them in the login page and validate. Then, the second factor page should
have appeared as shown below.
@ -107,8 +118,8 @@ Paste the link in your browser and you should be able to reset the password.
### Access Control
With **Authelia**, you can define your own access control rules for restricting
the access to certain subdomains to your users. Those rules are defined in the
configuration file and are per-user or per-group. Check out the
*config.template.yml* to see how they are defined.
configuration file and can be either default, per-user or per-group policies.
Check out the *config.template.yml* to see how they are defined.
## Documentation
### Configuration

View File

@ -36,12 +36,16 @@ ldap:
# Access Control
#
# Access control is a set of rules where you can specify a group-based
# subdomain restrictions.
# Access control is a set of rules you can use to restrict the user access.
# Default (anyone), per-user or per-group rules can be defined.
#
# If access_control is not defined, ACL rules are disabled and default policy
# is allowed to everyone.
# Otherwise, the default policy is denied for any user and any subdomain.
# If 'access_control' is not defined, ACL rules are disabled and default policy
# is applied, i.e., access is allowed to anyone. Otherwise restrictions follow
# the rules defined below.
# If no rule is provided, all domains are denied.
#
# '*' means 'any' subdomains and matches any string. It must stand at the
# beginning of the pattern.
access_control:
default:
- home.test.local