authelia/config.template.yml


# The port to listen on
port: 80

# Log level
#
# Level of verbosity for logs
logs_level: info

# LDAP configuration
#
# Example: for user john, the DN will be cn=john,ou=users,dc=example,dc=com
ldap:
  # The url of the ldap server
  url: ldap://openldap

  # The base dn for every entries
  base_dn: dc=example,dc=com

  # An additional dn to define the scope to all users
  additional_user_dn: ou=users

  # The user name attribute of users. Might uid for FreeIPA. 'cn' by default.
  user_name_attribute: cn

  # An additional dn to define the scope of groups
  additional_group_dn: ou=groups

  # The group name attribute of group. 'cn' by default.
  group_name_attribute: cn

  # The username and password of the admin user.
  user: cn=admin,dc=example,dc=com
  password: password


# Access Control
#
# Access control is a set of rules you can use to restrict the user access.
# Default (anyone), per-user or per-group rules can be defined.
#
# If 'access_control' is not defined, ACL rules are disabled and default policy
# is applied, i.e., access is allowed to anyone. Otherwise restrictions follow 
# the rules defined below.
# If no rule is provided, all domains are denied.
#
# '*' means 'any' subdomains and matches any string. It must stand at the 
# beginning of the pattern.
access_control:
  default:
    - home.test.local
  groups:
    admin:
      - '*.test.local'
    dev:
      - secret.test.local
      - secret2.test.local
  users: 
    harry:
      - secret1.test.local
    bob:
      - '*.mail.test.local'


# Configuration of session cookies
#
# _secret_ the secret to encrypt session cookies
# _expiration_ the time before cookies expire
# _domain_ the domain to protect. 
# Note: the authenticator must also be in that domain. If empty, the cookie
# is restricted to the subdomain of the issuer. 
session:
  secret: unsecure_secret
  expiration: 3600000
  domain: test.local
  redis:
    host: redis
    port: 6379

# The directory where the DB files will be saved
store_directory: /var/lib/authelia/store


# Notifications are sent to users when they require a password reset, a u2f
# registration or a TOTP registration.
# Use only one available configuration: filesystem, gmail
notifier:
  # For testing purpose, notifications can be sent in a file
  filesystem:
    filename: /var/lib/authelia/notifications/notification.txt

  # Use your gmail account to send the notifications. You can use an app password.
  # gmail:
  #   username: user@example.com
  #   password: yourpassword
Registration process sends an email to allow user to register its U2F device 2017-01-22 16:54:45 +00:00
Move config adaptation into a module and make it testable 2017-03-21 19:57:03 +00:00			`# The port to listen on`
Add the access_control entry in the config file to allow the user to define per group rules to access the subdomains 2017-03-25 14:17:21 +00:00			`port: 80`
Move config adaptation into a module and make it testable 2017-03-21 19:57:03 +00:00
Add the access_control entry in the config file to allow the user to define per group rules to access the subdomains 2017-03-25 14:17:21 +00:00			`# Log level`
			`#`
Handle SSO over multiple subdomains 2017-03-15 22:07:57 +00:00			`# Level of verbosity for logs`
Create a filesystem notifier for simple getting started 2017-01-28 18:59:15 +00:00			`logs_level: info`
Set the level of logs in the config file 2017-01-22 17:18:19 +00:00
Add the access_control entry in the config file to allow the user to define per group rules to access the subdomains 2017-03-25 14:17:21 +00:00			`# LDAP configuration`
			`#`
Add an LDAP user search filter in the configuration filte to specify the user attribute to search for in LDAP 2017-03-16 00:25:55 +00:00			`# Example: for user john, the DN will be cn=john,ou=users,dc=example,dc=com`
Registration process sends an email to allow user to register its U2F device 2017-01-22 16:54:45 +00:00			`ldap:`
Add the access_control entry in the config file to allow the user to define per group rules to access the subdomains 2017-03-25 14:17:21 +00:00			`# The url of the ldap server`
Fix example environment 2017-07-14 17:05:42 +00:00			`url: ldap://openldap`
Add the access_control entry in the config file to allow the user to define per group rules to access the subdomains 2017-03-25 14:17:21 +00:00
			`# The base dn for every entries`
			`base_dn: dc=example,dc=com`

			`# An additional dn to define the scope to all users`
			`additional_user_dn: ou=users`

			`# The user name attribute of users. Might uid for FreeIPA. 'cn' by default.`
			`user_name_attribute: cn`

			`# An additional dn to define the scope of groups`
			`additional_group_dn: ou=groups`

			`# The group name attribute of group. 'cn' by default.`
			`group_name_attribute: cn`

			`# The username and password of the admin user.`
Implement password reset 2017-01-27 00:20:03 +00:00			`user: cn=admin,dc=example,dc=com`
			`password: password`
Registration process sends an email to allow user to register its U2F device 2017-01-22 16:54:45 +00:00
Handle SSO over multiple subdomains 2017-03-15 22:07:57 +00:00
Add the access_control entry in the config file to allow the user to define per group rules to access the subdomains 2017-03-25 14:17:21 +00:00			`# Access Control`
			`#`
Edit README to make the user add more subdomains in /etc/hosts for testing the example locally 2017-03-25 17:42:48 +00:00			`# Access control is a set of rules you can use to restrict the user access.`
			`# Default (anyone), per-user or per-group rules can be defined.`
Add the access_control entry in the config file to allow the user to define per group rules to access the subdomains 2017-03-25 14:17:21 +00:00			`#`
Edit README to make the user add more subdomains in /etc/hosts for testing the example locally 2017-03-25 17:42:48 +00:00			`# If 'access_control' is not defined, ACL rules are disabled and default policy`
			`# is applied, i.e., access is allowed to anyone. Otherwise restrictions follow`
			`# the rules defined below.`
			`# If no rule is provided, all domains are denied.`
			`#`
			`# '*' means 'any' subdomains and matches any string. It must stand at the`
			`# beginning of the pattern.`
Add the access_control entry in the config file to allow the user to define per group rules to access the subdomains 2017-03-25 14:17:21 +00:00			`access_control:`
Rework the configuration of the access control to allow default policy for certain domains 2017-03-25 17:38:14 +00:00			`default:`
			`- home.test.local`
			`groups:`
			`admin:`
			`- '*.test.local'`
			`dev:`
			`- secret.test.local`
			`- secret2.test.local`
			`users:`
			`harry:`
			`- secret1.test.local`
			`bob:`
			`- '*.mail.test.local'`
Add the access_control entry in the config file to allow the user to define per group rules to access the subdomains 2017-03-25 14:17:21 +00:00

Handle SSO over multiple subdomains 2017-03-15 22:07:57 +00:00			`# Configuration of session cookies`
			`#`
			`# _secret_ the secret to encrypt session cookies`
			`# _expiration_ the time before cookies expire`
			`# _domain_ the domain to protect.`
			`# Note: the authenticator must also be in that domain. If empty, the cookie`
			`# is restricted to the subdomain of the issuer.`
Registration process sends an email to allow user to register its U2F device 2017-01-22 16:54:45 +00:00			`session:`
			`secret: unsecure_secret`
			`expiration: 3600000`
domain for cookie - issue in example 2017-04-08 23:14:57 +00:00			`domain: test.local`
Add redis option to the express-session middleware 2017-06-29 17:41:05 +00:00			`redis:`
			`host: redis`
			`port: 6379`
Registration process sends an email to allow user to register its U2F device 2017-01-22 16:54:45 +00:00
Handle SSO over multiple subdomains 2017-03-15 22:07:57 +00:00			`# The directory where the DB files will be saved`
Refactor client to make it responsive and testable 2017-05-25 13:09:29 +00:00			`store_directory: /var/lib/authelia/store`
Registration process sends an email to allow user to register its U2F device 2017-01-22 16:54:45 +00:00
Create a filesystem notifier for simple getting started 2017-01-28 18:59:15 +00:00
Handle SSO over multiple subdomains 2017-03-15 22:07:57 +00:00			`# Notifications are sent to users when they require a password reset, a u2f`
			`# registration or a TOTP registration.`
			`# Use only one available configuration: filesystem, gmail`
Registration process sends an email to allow user to register its U2F device 2017-01-22 16:54:45 +00:00			`notifier:`
Handle SSO over multiple subdomains 2017-03-15 22:07:57 +00:00			`# For testing purpose, notifications can be sent in a file`
Create a filesystem notifier for simple getting started 2017-01-28 18:59:15 +00:00			`filesystem:`
Fix integration test and package Travis scripts 2017-06-28 13:57:58 +00:00			`filename: /var/lib/authelia/notifications/notification.txt`
Create a filesystem notifier for simple getting started 2017-01-28 18:59:15 +00:00
Handle SSO over multiple subdomains 2017-03-15 22:07:57 +00:00			`# Use your gmail account to send the notifications. You can use an app password.`
Create a filesystem notifier for simple getting started 2017-01-28 18:59:15 +00:00			`# gmail:`
			`# username: user@example.com`
			`# password: yourpassword`
Registration process sends an email to allow user to register its U2F device 2017-01-22 16:54:45 +00:00