authelia/internal/configuration/test_resources/config_oidc_disable_entropy...

---
default_redirection_url: 'https://home.example.com:8080/'

server:
  address: 'tcp://127.0.0.1:9091'

log:
  level: 'debug'

totp:
  issuer: 'authelia.com'

duo_api:
  hostname: 'api-123456789.example.com'
  integration_key: 'ABCDEF'

authentication_backend:
  ldap:
    address: 'ldap://127.0.0.1'
    base_dn: 'dc=example,dc=com'
    additional_users_dn: 'ou=users'
    users_filter: '(&({username_attribute}={input})(objectCategory=person)(objectClass=user))'
    additional_groups_dn: 'ou=groups'
    groups_filter: '(&(member={dn})(objectClass=groupOfNames))'
    user: 'cn=admin,dc=example,dc=com'
    attributes:
      username: 'uid'
      group_name: 'cn'
      mail: 'mail'

access_control:
  default_policy: 'deny'

  rules:
    # Rules applied to everyone
    - domain: 'public.example.com'
      policy: 'bypass'

    - domain: 'secure.example.com'
      policy: 'one_factor'
      # Network based rule, if not provided any network matches.
      networks:
        - '192.168.1.0/24'
    - domain: 'secure.example.com'
      policy: 'two_factor'

    - domain: ['singlefactor.example.com', 'onefactor.example.com']
      policy: 'one_factor'

    # Rules applied to 'admins' group
    - domain: 'mx2.mail.example.com'
      subject: 'group:admins'
      policy: 'deny'
    - domain: '*.example.com'
      subject: 'group:admins'
      policy: 'two_factor'

    # Rules applied to 'dev' group
    - domain: 'dev.example.com'
      resources:
        - '^/groups/dev/.*$'
      subject: 'group:dev'
      policy: 'two_factor'

    # Rules applied to user 'john'
    - domain: 'dev.example.com'
      resources:
        - '^/users/john/.*$'
      subject: 'user:john'
      policy: 'two_factor'

    # Rules applied to 'dev' group and user 'john'
    - domain: 'dev.example.com'
      resources:
        - '^/deny-all.*$'
      subject: ['group:dev', 'user:john']
      policy: 'deny'

    # Rules applied to user 'harry'
    - domain: 'dev.example.com'
      resources:
        - '^/users/harry/.*$'
      subject: 'user:harry'
      policy: 'two_factor'

    # Rules applied to user 'bob'
    - domain: '*.mail.example.com'
      subject: 'user:bob'
      policy: 'two_factor'
    - domain: 'dev.example.com'
      resources:
        - '^/users/bob/.*$'
      subject: 'user:bob'
      policy: 'two_factor'

session:
  name: 'authelia_session'
  expiration: '1h'  # 1 hour
  inactivity: '5m'  # 5 minutes
  domain: 'example.com'
  redis:
    host: '127.0.0.1'
    port: 6379
    high_availability:
      sentinel_name: 'test'

regulation:
  max_retries: 3
  find_time: '2m'
  ban_time: '5m'

storage:
  mysql:
    address: 'tcp://127.0.0.1:3306'
    database: 'authelia'
    username: 'authelia'

notifier:
  smtp:
    address: 'smtp://127.0.0.1:1025'
    username: 'test'
    sender: 'admin@example.com'
    disable_require_tls: true

identity_providers:
  oidc:
    cors:
      allowed_origins:
        - 'https://google.com'
        - 'https://example.com'
    minimum_parameter_entropy: -1
    clients:
      - id: 'abc'
        secret: '123'
        consent_mode: 'explicit'
        userinfo_signing_alg: 'none'
...
feat(authentication): ldap memberof group search (#5418) Introduces the concept of group search mode into the LDAP configuration. This also adds the filter and memberof search modes. The full description of these is included in the docs but the filter mode is the same mode as previous which is also the default and recommended value. The memberof mode should only be used by users who are aware of how the concept works as per the docs. Closes #2161 Signed-off-by: James Elliott <james-d-elliott@users.noreply.github.com> 2023-06-18 04:40:38 +00:00			`---`
			`default_redirection_url: 'https://home.example.com:8080/'`

			`server:`
			`address: 'tcp://127.0.0.1:9091'`

			`log:`
			`level: 'debug'`

			`totp:`
			`issuer: 'authelia.com'`

			`duo_api:`
			`hostname: 'api-123456789.example.com'`
			`integration_key: 'ABCDEF'`

			`authentication_backend:`
			`ldap:`
			`address: 'ldap://127.0.0.1'`
			`base_dn: 'dc=example,dc=com'`
			`additional_users_dn: 'ou=users'`
			`users_filter: '(&({username_attribute}={input})(objectCategory=person)(objectClass=user))'`
			`additional_groups_dn: 'ou=groups'`
			`groups_filter: '(&(member={dn})(objectClass=groupOfNames))'`
			`user: 'cn=admin,dc=example,dc=com'`
			`attributes:`
			`username: 'uid'`
			`group_name: 'cn'`
			`mail: 'mail'`

			`access_control:`
			`default_policy: 'deny'`

			`rules:`
			`# Rules applied to everyone`
			`- domain: 'public.example.com'`
			`policy: 'bypass'`

			`- domain: 'secure.example.com'`
			`policy: 'one_factor'`
			`# Network based rule, if not provided any network matches.`
			`networks:`
			`- '192.168.1.0/24'`
			`- domain: 'secure.example.com'`
			`policy: 'two_factor'`

			`- domain: ['singlefactor.example.com', 'onefactor.example.com']`
			`policy: 'one_factor'`

			`# Rules applied to 'admins' group`
			`- domain: 'mx2.mail.example.com'`
			`subject: 'group:admins'`
			`policy: 'deny'`
			`- domain: '*.example.com'`
			`subject: 'group:admins'`
			`policy: 'two_factor'`

			`# Rules applied to 'dev' group`
			`- domain: 'dev.example.com'`
			`resources:`
			`- '^/groups/dev/.*$'`
			`subject: 'group:dev'`
			`policy: 'two_factor'`

			`# Rules applied to user 'john'`
			`- domain: 'dev.example.com'`
			`resources:`
			`- '^/users/john/.*$'`
			`subject: 'user:john'`
			`policy: 'two_factor'`

			`# Rules applied to 'dev' group and user 'john'`
			`- domain: 'dev.example.com'`
			`resources:`
			`- '^/deny-all.*$'`
			`subject: ['group:dev', 'user:john']`
			`policy: 'deny'`

			`# Rules applied to user 'harry'`
			`- domain: 'dev.example.com'`
			`resources:`
			`- '^/users/harry/.*$'`
			`subject: 'user:harry'`
			`policy: 'two_factor'`

			`# Rules applied to user 'bob'`
			`- domain: '*.mail.example.com'`
			`subject: 'user:bob'`
			`policy: 'two_factor'`
			`- domain: 'dev.example.com'`
			`resources:`
			`- '^/users/bob/.*$'`
			`subject: 'user:bob'`
			`policy: 'two_factor'`

			`session:`
			`name: 'authelia_session'`
			`expiration: '1h' # 1 hour`
			`inactivity: '5m' # 5 minutes`
			`domain: 'example.com'`
			`redis:`
			`host: '127.0.0.1'`
			`port: 6379`
			`high_availability:`
			`sentinel_name: 'test'`

			`regulation:`
			`max_retries: 3`
			`find_time: '2m'`
			`ban_time: '5m'`

			`storage:`
			`mysql:`
			`address: 'tcp://127.0.0.1:3306'`
			`database: 'authelia'`
			`username: 'authelia'`

			`notifier:`
			`smtp:`
			`address: 'smtp://127.0.0.1:1025'`
			`username: 'test'`
			`sender: 'admin@example.com'`
			`disable_require_tls: true`

			`identity_providers:`
			`oidc:`
			`cors:`
			`allowed_origins:`
			`- 'https://google.com'`
			`- 'https://example.com'`
			`minimum_parameter_entropy: -1`
			`clients:`
			`- id: 'abc'`
			`secret: '123'`
			`consent_mode: 'explicit'`
			`userinfo_signing_alg: 'none'`
			`...`