mirror of
https://github.com/0rangebananaspy/authelia.git
synced 2024-09-14 22:47:21 +07:00
aa64d0c4e5
* Added `ActiveDirectory` suite for integration tests with Samba AD * Updated documentation * Minor styling refactor to suites * Clean up LDAP user provisioning * Fix Authelia home splash to reference correct link for webmail * Add notification message for password complexity errors * Add password complexity integration test * Rename implementation default from rfc to custom * add specific defaults for LDAP (activedirectory implementation) * add docs to show the new defaults * add docs explaining the importance of users filter * add tests * update instances of LDAP implementation names to use the new consts where applicable * made the 'custom' case in the UpdatePassword method for the implementation switch the default case instead * update config examples due to the new defaults * apply changes from code review * replace schema default name from MSAD to ActiveDirectory for consistency * fix missing default for username_attribute * replace test raising on empty username attribute with not raising on empty Co-authored-by: James Elliott <james-d-elliott@users.noreply.github.com>
135 lines
4.3 KiB
HTML
135 lines
4.3 KiB
HTML
<!DOCTYPE>
|
|
<html>
|
|
|
|
<head>
|
|
<title>Home page</title>
|
|
<link rel="icon" href="/icon.png" type="image/png" />
|
|
</head>
|
|
|
|
<body>
|
|
<h1>Access the secret</h1>
|
|
<span style="font-size: 1.2em; color: red">You need to log in to access the secret!</span><br /><br /> Try to access
|
|
it using
|
|
one of the following links to test access control powered by Authelia.<br />
|
|
<ul>
|
|
<li>
|
|
public.example.com <a href="https://public.example.com:8080/"> /</a>
|
|
</li>
|
|
<li>
|
|
secure.example.com <a href="https://secure.example.com:8080/secret.html"> / secret.html</a>
|
|
</li>
|
|
<li>
|
|
singlefactor.example.com <a href="https://singlefactor.example.com:8080/secret.html"> / secret.html</a>
|
|
</li>
|
|
<li>
|
|
dev.example.com
|
|
<ul>
|
|
<li>Groups
|
|
<ul>
|
|
<li>
|
|
<a href="https://dev.example.com:8080/groups/admin/secret.html"> / groups / admins / secret.html</a>
|
|
</li>
|
|
<li>
|
|
<a href="https://dev.example.com:8080/groups/dev/secret.html"> / groups / dev / secret.html</a>
|
|
</li>
|
|
</ul>
|
|
</li>
|
|
<li>Users
|
|
<ul>
|
|
<li>
|
|
<a href="https://dev.example.com:8080/users/john/secret.html"> / users / john / secret.html</a>
|
|
</li>
|
|
<li>
|
|
<a href="https://dev.example.com:8080/users/harry/secret.html"> / users / harry / secret.html</a>
|
|
</li>
|
|
<li>
|
|
<a href="https://dev.example.com:8080/users/bob/secret.html"> / users / bob / secret.html</a>
|
|
</li>
|
|
</ul>
|
|
</li>
|
|
</ul>
|
|
</li>
|
|
<li>
|
|
admin.example.com <a href="https://admin.example.com:8080/secret.html"> / secret.html</a>
|
|
</li>
|
|
<li>
|
|
mx1.main.example.com <a href="https://mx1.mail.example.com:8080/secret.html"> / secret.html</a>
|
|
</li>
|
|
<li>
|
|
mx2.main.example.com <a href="https://mx2.mail.example.com:8080/secret.html"> / secret.html</a>
|
|
</li>
|
|
</ul>
|
|
|
|
You can also log off by visiting the following <a
|
|
href="https://login.example.com:8080/logout?rd=https://home.example.com:8080/">link</a>.
|
|
|
|
<h1>List of users</h1>
|
|
Here is the list of credentials you can log in with to test access control.<br />
|
|
<br /> Once first factor is passed, you will need to follow the links to register a secret for the second
|
|
factor.<br /> Authelia
|
|
will send you a fictitious email in a <strong>fake webmail</strong> at <a
|
|
href="https://mail.example.com:8080/">https://mail.example.com:8080/</a>.<br />
|
|
It will provide you with the link to complete the registration allowing you to authenticate with 2-factor.
|
|
|
|
<ul>
|
|
<li><strong>john / password</strong>: belongs to <em>admin</em> and <em>dev</em> groups.</li>
|
|
<li><strong>bob / password</strong>: belongs to <em>dev</em> group only.</li>
|
|
<li><strong>harry / password</strong>: does not belong to any group.</li>
|
|
</ul>
|
|
|
|
<h1>Access control rules</h1>
|
|
<p></p>These rules are extracted from the configuration file
|
|
<a href="https://github.com/authelia/authelia/blob/master/config.template.yml">config.template.yml</a>.</p>
|
|
<pre id="rules" style="border: 1px grey solid; padding: 20px; display: inline-block;">
|
|
default_policy: deny
|
|
|
|
rules:
|
|
# Rules applied to everyone
|
|
- domain: public.example.com
|
|
policy: two_factor
|
|
- domain: singlefactor.example.com
|
|
policy: one_factor
|
|
|
|
# Rules applied to 'admins' group
|
|
- domain: 'mx2.mail.example.com'
|
|
subject: 'group:admins'
|
|
policy: deny
|
|
- domain: '*.example.com'
|
|
subject: 'group:admins'
|
|
policy: two_factor
|
|
|
|
# Rules applied to 'dev' group
|
|
- domain: dev.example.com
|
|
resources:
|
|
- '^/groups/dev/.*$'
|
|
subject: 'group:dev'
|
|
policy: two_factor
|
|
|
|
# Rules applied to user 'john'
|
|
- domain: dev.example.com
|
|
resources:
|
|
- '^/users/john/.*$'
|
|
subject: 'user:john'
|
|
policy: two_factor
|
|
|
|
|
|
# Rules applied to user 'harry'
|
|
- domain: dev.example.com
|
|
resources:
|
|
- '^/users/harry/.*$'
|
|
subject: 'user:harry'
|
|
policy: two_factor
|
|
|
|
# Rules applied to user 'bob'
|
|
- domain: '*.mail.example.com'
|
|
subject: 'user:bob'
|
|
policy: two_factor
|
|
- domain: 'dev.example.com'
|
|
resources:
|
|
- '^/users/bob/.*$'
|
|
subject: 'user:bob'
|
|
policy: two_factor
|
|
</pre>
|
|
</body>
|
|
|
|
</html> |