mirror of
https://github.com/0rangebananaspy/authelia.git
synced 2024-09-14 22:47:21 +07:00
a3b14871ba
This change means we only check the filters for the existence of placeholders that cannot be replaced at startup. We then utilized cached results of that lookup for subsequent replacements.
127 lines
2.7 KiB
YAML
127 lines
2.7 KiB
YAML
---
|
|
jwt_secret: secret_from_config
|
|
|
|
default_redirection_url: https://home.example.com:8080/
|
|
|
|
server:
|
|
host: 127.0.0.1
|
|
port: 9091
|
|
|
|
log:
|
|
level: debug
|
|
|
|
totp:
|
|
issuer: authelia.com
|
|
|
|
duo_api:
|
|
hostname: api-123456789.example.com
|
|
integration_key: ABCDEF
|
|
|
|
authentication_backend:
|
|
ldap:
|
|
url: ldap://127.0.0.1
|
|
base_dn: dc=example,dc=com
|
|
username_attribute: uid
|
|
additional_users_dn: ou=users
|
|
users_filter: (&({username_attribute}={input})(objectCategory=person)(objectClass=user))
|
|
additional_groups_dn: ou=groups
|
|
groups_filter: (&(member={dn})(objectClass=groupOfNames))
|
|
group_name_attribute: cn
|
|
mail_attribute: mail
|
|
user: cn=admin,dc=example,dc=com
|
|
|
|
access_control:
|
|
default_policy: deny
|
|
|
|
rules:
|
|
# Rules applied to everyone
|
|
- domain: public.example.com
|
|
policy: bypass
|
|
|
|
- domain: secure.example.com
|
|
policy: one_factor
|
|
# Network based rule, if not provided any network matches.
|
|
networks:
|
|
- 192.168.1.0/24
|
|
- domain: secure.example.com
|
|
policy: two_factor
|
|
|
|
- domain: [singlefactor.example.com, onefactor.example.com]
|
|
policy: one_factor
|
|
|
|
# Rules applied to 'admins' group
|
|
- domain: "mx2.mail.example.com"
|
|
subject: "group:admins"
|
|
policy: deny
|
|
- domain: "*.example.com"
|
|
subject: "group:admins"
|
|
policy: two_factor
|
|
|
|
# Rules applied to 'dev' group
|
|
- domain: dev.example.com
|
|
resources:
|
|
- "^/groups/dev/.*$"
|
|
subject: "group:dev"
|
|
policy: two_factor
|
|
|
|
# Rules applied to user 'john'
|
|
- domain: dev.example.com
|
|
resources:
|
|
- "^/users/john/.*$"
|
|
subject: "user:john"
|
|
policy: two_factor
|
|
|
|
# Rules applied to 'dev' group and user 'john'
|
|
- domain: dev.example.com
|
|
resources:
|
|
- "^/deny-all.*$"
|
|
subject: ["group:dev", "user:john"]
|
|
policy: deny
|
|
|
|
# Rules applied to user 'harry'
|
|
- domain: dev.example.com
|
|
resources:
|
|
- "^/users/harry/.*$"
|
|
subject: "user:harry"
|
|
policy: two_factor
|
|
|
|
# Rules applied to user 'bob'
|
|
- domain: "*.mail.example.com"
|
|
subject: "user:bob"
|
|
policy: two_factor
|
|
- domain: "dev.example.com"
|
|
resources:
|
|
- "^/users/bob/.*$"
|
|
subject: "user:bob"
|
|
policy: two_factor
|
|
|
|
session:
|
|
name: authelia_session
|
|
expiration: 3600000 # 1 hour
|
|
inactivity: 300000 # 5 minutes
|
|
domain: example.com
|
|
redis:
|
|
host: 127.0.0.1
|
|
port: 6379
|
|
|
|
regulation:
|
|
max_retries: 3
|
|
find_time: 120
|
|
ban_time: 300
|
|
|
|
storage:
|
|
mysql:
|
|
host: 127.0.0.1
|
|
port: 3306
|
|
database: authelia
|
|
username: authelia
|
|
|
|
notifier:
|
|
smtp:
|
|
username: test
|
|
host: 127.0.0.1
|
|
port: 1025
|
|
sender: admin@example.com
|
|
disable_require_tls: true
|
|
...
|