Skip to content
Snippets Groups Projects

Workflow v2

Merged Workflow v2
workflow_v2 into dev
2 unresolved threads
Merged Loraine Gueguen requested to merge workflow_v2 into dev
2 unresolved threads
Compare
and
Show latest version
25 files
+ 196
289
Compare changes
  • Side-by-side
  • Inline
Files
25
examples/authelia_config_example.ymlexamples/authelia_config.yml
+ 8
16
@@ -16,7 +16,7 @@ log_level: info
# The secret used to generate JWT tokens when validating user identity by
# email confirmation.
# This secret can also be set using the env variables AUTHELIA_JWT_SECRET
jwt_secret: XXXXXXXXXXXXXXXXX
#jwt_secret: XXXXXXXXXXXXXXXXX
# Default redirection URL
#
@@ -82,7 +82,7 @@ authentication_backend:
# skip_verify: false
# The base dn for every entries
# base_dn: dc=genouest,dc=org
# base_dn: dc=domain,dc=org
# The attribute holding the username of the user. This attribute is used to populate
# the username in the session information. It was introduced due to #561 to handle case
@@ -196,7 +196,7 @@ access_control:
# Default policy can either be 'bypass', 'one_factor', 'two_factor' or 'deny'.
# It is the policy applied to any resource if there is no policy to be applied
# to the user.
default_policy: bypass
default_policy: deny
rules:
# The login portal is freely accessible (redirectino loop otherwise)
@@ -213,12 +213,9 @@ access_control:
- domain: localhost
resources:
- "^/traefik/.*$"
- "^/api/.*$"
policy: one_factor
subject: "group:ldap_admin"
- domain: localhost
resources:
- "^/traefik/.*$"
policy: deny
# All galaxies are restricted to a group from ldap
- domain: localhost
@@ -237,22 +234,17 @@ access_control:
- "^/sp/genus_species/.*$"
policy: one_factor
subject: "group:gspecies"
- domain: localhost
resources:
- "^/sp/genus_species/.*$"
policy: deny
# Configuration of session cookies
#
# The session cookies identify the user once logged in.
session:
# The name of the session cookie. (default: authelia_session).
name: authelia_replaceme_session
name: authelia_session
# The secret to encrypt the session data. This is only used with Redis.
# This secret can also be set using the env variables AUTHELIA_SESSION_SECRET
secret: WXXXXXXXXXXXXXXXXXXXcXXXXXXXXXXXXXX
# secret: WXXXXXXXXXXXXXXXXXXXcXXXXXXXXXXXXXX
# The time in seconds before the cookie expires and session is reset.
expiration: 3600000 # 1000 hour
@@ -271,7 +263,7 @@ session:
# The domain to protect.
# Note: the authenticator must also be in that domain. If empty, the cookie
# is restricted to the subdomain of the issuer.
domain: replaceme.org
domain: domain.org
# The redis connection details
redis:
@@ -342,7 +334,7 @@ notifier:
host: smtp-server-hostname
port: 25
disable_require_tls: true
sender: replace@me.fr
sender: replace@domain.org
# Sending an email using a Gmail account is as simple as the next section.
# You need to create an app password by following: https://support.google.com/accounts/answer/185833?hl=en