mirror of
https://github.com/0rangebananaspy/authelia.git
synced 2024-09-14 22:47:21 +07:00
d9e487c99f
Displaying only one option at 2FA stage will allow to add more options like DUO push or OAuth. The user can switch to other option and in this case the option is remembered so that next time, the user will see the same option. The latest option is considered as the prefered option by Authelia.
117 lines
2.9 KiB
YAML
117 lines
2.9 KiB
YAML
###############################################################
|
|
# Authelia minimal configuration #
|
|
###############################################################
|
|
|
|
port: 9091
|
|
|
|
logs_level: debug
|
|
|
|
default_redirection_url: https://home.example.com:8080/
|
|
|
|
authentication_backend:
|
|
file:
|
|
path: ./test/suites/basic/users_database.test.yml
|
|
|
|
session:
|
|
secret: unsecure_session_secret
|
|
domain: example.com
|
|
expiration: 3600000 # 1 hour
|
|
inactivity: 300000 # 5 minutes
|
|
|
|
# Configuration of the storage backend used to store data and secrets. i.e. totp data
|
|
storage:
|
|
local:
|
|
path: /tmp/authelia/db
|
|
|
|
# TOTP Issuer Name
|
|
#
|
|
# This will be the issuer name displayed in Google Authenticator
|
|
# See: https://github.com/google/google-authenticator/wiki/Key-Uri-Format for more info on issuer names
|
|
totp:
|
|
issuer: example.com
|
|
|
|
# Access Control
|
|
#
|
|
# Access control is a set of rules you can use to restrict user access to certain
|
|
# resources.
|
|
access_control:
|
|
# Default policy can either be `bypass`, `one_factor`, `two_factor` or `deny`.
|
|
default_policy: deny
|
|
|
|
rules:
|
|
- domain: singlefactor.example.com
|
|
policy: one_factor
|
|
|
|
- domain: public.example.com
|
|
policy: bypass
|
|
|
|
- domain: secure.example.com
|
|
policy: two_factor
|
|
|
|
- domain: '*.example.com'
|
|
subject: "group:admins"
|
|
policy: two_factor
|
|
|
|
- domain: dev.example.com
|
|
resources:
|
|
- '^/users/john/.*$'
|
|
subject: "user:john"
|
|
policy: two_factor
|
|
|
|
- domain: dev.example.com
|
|
resources:
|
|
- '^/users/harry/.*$'
|
|
subject: "user:harry"
|
|
policy: two_factor
|
|
|
|
- domain: '*.mail.example.com'
|
|
subject: "user:bob"
|
|
policy: two_factor
|
|
|
|
- domain: dev.example.com
|
|
resources:
|
|
- '^/users/bob/.*$'
|
|
subject: "user:bob"
|
|
policy: two_factor
|
|
|
|
|
|
# Configuration of the authentication regulation mechanism.
|
|
regulation:
|
|
# Set it to 0 to disable max_retries.
|
|
max_retries: 3
|
|
|
|
# The user is banned if the authenticaction failed `max_retries` times in a `find_time` seconds window.
|
|
find_time: 300
|
|
|
|
# The length of time before a banned user can login again.
|
|
ban_time: 900
|
|
|
|
# Default redirection URL
|
|
#
|
|
# Note: this parameter is optional. If not provided, user won't
|
|
# be redirected upon successful authentication.
|
|
#default_redirection_url: https://authelia.example.domain
|
|
|
|
notifier:
|
|
# For testing purpose, notifications can be sent in a file
|
|
# filesystem:
|
|
# filename: /tmp/authelia/notification.txt
|
|
|
|
# Use your email account to send the notifications. You can use an app password.
|
|
# List of valid services can be found here: https://nodemailer.com/smtp/well-known/
|
|
## email:
|
|
## username: user@example.com
|
|
## password: yourpassword
|
|
## sender: admin@example.com
|
|
## service: gmail
|
|
|
|
# Use a SMTP server for sending notifications
|
|
smtp:
|
|
username: test
|
|
password: password
|
|
secure: false
|
|
host: 127.0.0.1
|
|
port: 1025
|
|
sender: admin@example.com
|
|
|