############################################################### # Authelia configuration # ############################################################### host: 127.0.0.1 port: 9091 jwt_secret: unsecure_secret logs_level: debug default_redirection_url: https://home.example.com:8080/ totp: issuer: authelia.com duo_api: hostname: api-123456789.example.com integration_key: ABCDEF secret_key: 1234567890abcdefghifjkl authentication_backend: ldap: url: ldap://127.0.0.1 base_dn: dc=example,dc=com additional_users_dn: ou=users users_filter: (cn={0}) additional_groups_dn: ou=groups groups_filter: (&(member={dn})(objectclass=groupOfNames)) group_name_attribute: cn mail_attribute: mail user: cn=admin,dc=example,dc=com password: password access_control: default_policy: deny rules: # Rules applied to everyone - domain: public.example.com policy: bypass - domain: secure.example.com policy: one_factor # Network based rule, if not provided any network matches. networks: - 192.168.1.0/24 - domain: secure.example.com policy: two_factor - domain: singlefactor.example.com policy: one_factor # Rules applied to 'admins' group - domain: "mx2.mail.example.com" subject: "group:admins" policy: deny - domain: "*.example.com" subject: "group:admins" policy: two_factor # Rules applied to 'dev' group - domain: dev.example.com resources: - "^/groups/dev/.*$" subject: "group:dev" policy: two_factor # Rules applied to user 'john' - domain: dev.example.com resources: - "^/users/john/.*$" subject: "user:john" policy: two_factor # Rules applied to user 'harry' - domain: dev.example.com resources: - "^/users/harry/.*$" subject: "user:harry" policy: two_factor # Rules applied to user 'bob' - domain: "*.mail.example.com" subject: "user:bob" policy: two_factor - domain: "dev.example.com" resources: - "^/users/bob/.*$" subject: "user:bob" policy: two_factor session: name: authelia_session secret: unsecure_session_secret expiration: 3600000 # 1 hour inactivity: 300000 # 5 minutes domain: example.com redis: host: 127.0.0.1 port: 6379 password: authelia regulation: max_retries: 3 find_time: 120 ban_time: 300 storage: mysql: host: 127.0.0.1 port: 3306 database: authelia username: authelia password: authelia notifier: smtp: username: test password: password host: 127.0.0.1 port: 1025 sender: admin@example.com disable_require_tls: true