techies/authelia
1
0
Fork 0
mirror of https://github.com/0rangebananaspy/authelia.git synced 2024-09-14 22:47:21 +07:00
Code Issues Projects Releases Wiki Activity
37de389c2f
authelia/docs/features/statelessness.md
James Elliott 08e674b62f
docs: refactor several areas of documentation (#1726) 
Updated all links to use https://www.authelia.com/docs/.
Removed all comment sections from documented configuration on the documentation site and replaced them with their own sections.
Made all documentation inside config.template.yml double hashes, and made all commented configuration sections single quoted.
Added .yamllint.yaml to express our desired YAML styles.
Added a style guide.
Refactored many documentation areas to be 120 char widths where possible. It's by no means exhaustive but is a large start.
Added a statelessness guide for the pending Kubernetes chart introduction.
Added labels to configuration documentation and made many areas uniform.
2021-04-11 21:25:03 +10:00

2.0 KiB
Raw Blame History

layout title parent nav_order
default Statelessness Features 7

Statelessness

Authelia supports operating as a stateless application. This is incredibly important when running in highly available deployments like you may see in platforms like Kubernetes.

Stateful Considerations

There are some components within Authelia that may optionally be made stateful by using certain providers. Examples of this are as follows:

Session Provider

Severity: BREAKING.

Solution: Use a session provider other than memory (Redis).

If you do not configure an external provider for the session configuration it stores the session in memory. This is unacceptable for the operation of Authelia and is thus not supported for high availability.

Storage Provider

Severity: BREAKING.

Solution: Use a session provider other than SQLite3 (MySQL, MariaDB, PostgreSQL).

Use of the local storage provider (SQLite3) is not supported in high availability setups due to a design limitation with how SQLite3 operates. Use any of the other storage providers.

Notification Provider

Severity: HIGH.

Solution: Use a notification provider other than file system (SMTP).

Use of the file system notification provider prevents users from several key tasks which heavily impact usability of the system, and technically reduce security. Users will be unable to reset passwords or register new 2FA devices on their own. The file system provider is not supported for high availability.

Authentication Provider

Severity: MEDIUM (limiting).

Solution: Use an authentication provider other than file (LDAP), or distribute the file and disable password reset.

Use of the file authentication provider (YAML) is only partially supported with high availability setups. It's recommended if you don't use a stateless provider that you disable password reset and make sure the file is distributed to all instances. We do not support using the file type in these scenarios.