techies/authelia
1
0
Fork 0
mirror of https://github.com/0rangebananaspy/authelia.git synced 2024-09-14 22:47:21 +07:00
Code Issues Projects Releases Wiki Activity
a59a3c62f9
authelia/internal/suites/example/kube/authelia/configs/configuration.yml
James Elliott a3b14871ba
perf(authentication): improve ldap dynamic replacement performance (#2239) 
This change means we only check the filters for the existence of placeholders that cannot be replaced at startup. We then utilized cached results of that lookup for subsequent replacements.
2021-08-05 14:17:07 +10:00

112 lines
2.5 KiB
YAML
Raw Blame History

---
###############################################################
# Authelia configuration #
###############################################################
default_redirection_url: https://home.example.com:8080
server:
port: 443
tls:
certificate: /config/ssl/cert.pem
key: /config/ssl/key.pem
log:
level: debug
authentication_backend:
ldap:
url: ldaps://ldap-service
tls:
skip_verify: true
base_dn: dc=example,dc=com
username_attribute: uid
additional_users_dn: ou=users
users_filter: (&({username_attribute}={input})(objectClass=person))
additional_groups_dn: ou=groups
groups_filter: (&(member={dn})(objectClass=groupOfNames))
group_name_attribute: cn
mail_attribute: mail
display_name_attribute: displayName
user: cn=admin,dc=example,dc=com
access_control:
default_policy: deny
rules:
# Rules applied to everyone
- domain: public.example.com
policy: bypass
- domain: secure.example.com
policy: two_factor
- domain: singlefactor.example.com
policy: one_factor
# Rules applied to 'admins' group
- domain: "mx2.mail.example.com"
subject: "group:admins"
policy: deny
- domain: "*.example.com"
subject: "group:admins"
policy: two_factor
# Rules applied to 'dev' group
- domain: dev.example.com
resources:
- "^/groups/dev/.*$"
subject: "group:dev"
policy: two_factor
# Rules applied to user 'john'
- domain: dev.example.com
resources:
- "^/users/john/.*$"
subject: "user:john"
policy: two_factor
# Rules applied to user 'harry'
- domain: dev.example.com
resources:
- "^/users/harry/.*$"
subject: "user:harry"
policy: two_factor
# Rules applied to user 'bob'
- domain: "*.mail.example.com"
subject: "user:bob"
policy: two_factor
- domain: "dev.example.com"
resources:
- "^/users/bob/.*$"
subject: "user:bob"
policy: two_factor
session:
expiration: 3600 # 1 hour
inactivity: 300 # 5 minutes
remember_me_duration: 1y
domain: example.com
redis:
host: redis-service
port: 6379
regulation:
max_retries: 3
find_time: 120
ban_time: 300
storage:
mysql:
host: mariadb-service
port: 3306
database: authelia
username: admin
notifier:
smtp:
host: "mailcatcher-service"
port: 1025
sender: admin@example.com
disable_require_tls: true
...
Reference in New Issue View Git Blame Copy Permalink