authelia/internal/suites/DuoPush/configuration.yml

---
###############################################################
#                Authelia minimal configuration               #
###############################################################

jwt_secret: 'very_important_secret'
default_redirection_url: 'https://home.example.com:8080/'

server:
  address: 'tcp://:9091'
  tls:
    certificate: '/pki/public.backend.crt'
    key: '/pki/private.backend.pem'

log:
  level: 'trace'

authentication_backend:
  file:
    path: '/config/users.yml'

session:
  secret: 'unsecure_session_secret'
  expiration: '1h'  # 1 hour
  inactivity: '5m'  # 5 minutes
  remember_me: '1y'
  cookies:
    - domain: 'example.com'
      authelia_url: 'https://login.example.com:8080'

# Configuration of the storage backend used to store data and secrets. i.e. totp data
storage:
  encryption_key: 'a_not_so_secure_encryption_key'
  local:
    path: '/tmp/db.sqlite3'

# TOTP Issuer Name
#
# This will be the issuer name displayed in Google Authenticator
# See: 'https://github.com/google/google-authenticator/wiki/Key-Uri-Format for more info on issuer names'
totp:
  issuer: 'example.com'

# The Duo Push Notification API configuration
duo_api:
  hostname: 'duo.example.com'
  integration_key: 'ABCDEFGHIJKL'
  secret_key: 'abcdefghijklmnopqrstuvwxyz123456789'
  enable_self_enrollment: true

# Access Control
#
# Access control is a set of rules you can use to restrict user access to certain
# resources.
access_control:
  # Default policy can either be `bypass`, `one_factor`, `two_factor` or `deny`.
  default_policy: 'two_factor'

  rules:
    - domain: 'singlefactor.example.com'
      policy: 'one_factor'

    - domain: 'public.example.com'
      policy: 'bypass'

    - domain: 'secure.example.com'
      policy: 'two_factor'

    - domain: '*.example.com'
      subject: 'group:admins'
      policy: 'two_factor'

    - domain: 'dev.example.com'
      resources:
        - '^/users/john/.*$'
      subject: 'user:john'
      policy: 'two_factor'

    - domain: 'dev.example.com'
      resources:
        - '^/users/harry/.*$'
      subject: 'user:harry'
      policy: 'two_factor'

    - domain: '*.mail.example.com'
      subject: 'user:bob'
      policy: 'two_factor'

    - domain: 'dev.example.com'
      resources:
        - '^/users/bob/.*$'
      subject: 'user:bob'
      policy: 'two_factor'

# Configuration of the authentication regulation mechanism.
regulation:
  # Set it to 0 to disable max_retries.
  max_retries: 3

  # The user is banned if the authentication failed `max_retries` times in a `find_time` seconds window.
  find_time: '5m'

  # The length of time before a banned user can login again.
  ban_time: '15m'

notifier:
  filesystem:
    filename: '/tmp/notifier.html'
...
ci: add yamllint (#1895) This change implements yamllint and adjusts all yaml files to abide by our linting setup. This excludes config.template.yml as this will be done in an alternate commit. 2021-04-10 20:51:00 +00:00			`---`
Add Duo Push Notification option as 2FA. 2019-03-24 14:15:49 +00:00			`###############################################################`
			`# Authelia minimal configuration #`
			`###############################################################`

refactor: single quote yaml strings Signed-off-by: James Elliott <james-d-elliott@users.noreply.github.com> 2023-05-07 06:41:41 +00:00			`jwt_secret: 'very_important_secret'`
			`default_redirection_url: 'https://home.example.com:8080/'`
feat(configuration): replace several configuration options (#2209) This change adjusts several global options moving them into the server block. It additionally notes other breaking changes in the configuration. BREAKING CHANGE: Several configuration options have been changed and moved into other sections. Migration instructions are documented here: https://authelia.com/docs/configuration/migration.html#4.30.0 2021-08-02 11:55:30 +00:00
			`server:`
feat(authentication): suport ldap over unix socket (#5397) This adds support for LDAP unix sockets using the ldapi scheme. In addition it improves all of the address related parsing significantly deprecating old options. Signed-off-by: James Elliott <james-d-elliott@users.noreply.github.com> 2023-05-07 06:39:17 +00:00			`address: 'tcp://:9091'`
feat(configuration): replace several configuration options (#2209) This change adjusts several global options moving them into the server block. It additionally notes other breaking changes in the configuration. BREAKING CHANGE: Several configuration options have been changed and moved into other sections. Migration instructions are documented here: https://authelia.com/docs/configuration/migration.html#4.30.0 2021-08-02 11:55:30 +00:00			`tls:`
refactor: single quote yaml strings Signed-off-by: James Elliott <james-d-elliott@users.noreply.github.com> 2023-05-07 06:41:41 +00:00			`certificate: '/pki/public.backend.crt'`
			`key: '/pki/private.backend.pem'`
Add Duo Push Notification option as 2FA. 2019-03-24 14:15:49 +00:00
refactor(configuration): use key log instead of logging (#2072) * refactor: logging config key to log This refactors the recent pre-release change adding log options to their own configuration section in favor of a log section (from logging). * docs: add step to getting started to get the latest tagged commit This is so we avoid issues with changes on master having differences that don't work on the latest docker tag. * test: adjust tests * docs: adjust doc strings 2021-06-08 13:15:43 +00:00			`log:`
refactor: single quote yaml strings Signed-off-by: James Elliott <james-d-elliott@users.noreply.github.com> 2023-05-07 06:41:41 +00:00			`level: 'trace'`
Add Duo Push Notification option as 2FA. 2019-03-24 14:15:49 +00:00
			`authentication_backend:`
			`file:`
refactor: single quote yaml strings Signed-off-by: James Elliott <james-d-elliott@users.noreply.github.com> 2023-05-07 06:41:41 +00:00			`path: '/config/users.yml'`
Add Duo Push Notification option as 2FA. 2019-03-24 14:15:49 +00:00
			`session:`
refactor: single quote yaml strings Signed-off-by: James Elliott <james-d-elliott@users.noreply.github.com> 2023-05-07 06:41:41 +00:00			`secret: 'unsecure_session_secret'`
			`expiration: '1h' # 1 hour`
			`inactivity: '5m' # 5 minutes`
			`remember_me: '1y'`
feat(server): customizable authz endpoints (#4296) This allows users to customize the authz endpoints. Closes #2753, Fixes #3716 Co-authored-by: Amir Zarrinkafsh <nightah@me.com> 2023-01-25 09:36:40 +00:00			`cookies:`
			`- domain: 'example.com'`
			`authelia_url: 'https://login.example.com:8080'`
Add Duo Push Notification option as 2FA. 2019-03-24 14:15:49 +00:00
			`# Configuration of the storage backend used to store data and secrets. i.e. totp data`
			`storage:`
refactor: single quote yaml strings Signed-off-by: James Elliott <james-d-elliott@users.noreply.github.com> 2023-05-07 06:41:41 +00:00			`encryption_key: 'a_not_so_secure_encryption_key'`
Add Duo Push Notification option as 2FA. 2019-03-24 14:15:49 +00:00			`local:`
refactor: single quote yaml strings Signed-off-by: James Elliott <james-d-elliott@users.noreply.github.com> 2023-05-07 06:41:41 +00:00			`path: '/tmp/db.sqlite3'`
Add Duo Push Notification option as 2FA. 2019-03-24 14:15:49 +00:00
			`# TOTP Issuer Name`
			`#`
			`# This will be the issuer name displayed in Google Authenticator`
refactor: single quote yaml strings Signed-off-by: James Elliott <james-d-elliott@users.noreply.github.com> 2023-05-07 06:41:41 +00:00			`# See: 'https://github.com/google/google-authenticator/wiki/Key-Uri-Format for more info on issuer names'`
Add Duo Push Notification option as 2FA. 2019-03-24 14:15:49 +00:00			`totp:`
refactor: single quote yaml strings Signed-off-by: James Elliott <james-d-elliott@users.noreply.github.com> 2023-05-07 06:41:41 +00:00			`issuer: 'example.com'`
Add Duo Push Notification option as 2FA. 2019-03-24 14:15:49 +00:00
			`# The Duo Push Notification API configuration`
			`duo_api:`
refactor: single quote yaml strings Signed-off-by: James Elliott <james-d-elliott@users.noreply.github.com> 2023-05-07 06:41:41 +00:00			`hostname: 'duo.example.com'`
			`integration_key: 'ABCDEFGHIJKL'`
			`secret_key: 'abcdefghijklmnopqrstuvwxyz123456789'`
feat(duo): multi device selection (#2137) Allow users to select and save the preferred duo device and method, depending on availability in the duo account. A default enrollment URL is provided and adjusted if returned by the duo API. This allows auto-enrollment if enabled by the administrator. Closes #594. Closes #1039. 2021-12-01 03:32:58 +00:00			`enable_self_enrollment: true`
Add Duo Push Notification option as 2FA. 2019-03-24 14:15:49 +00:00
			`# Access Control`
			`#`
Rewrite and fix remaining suites in Go. 2019-11-24 20:27:59 +00:00			`# Access control is a set of rules you can use to restrict user access to certain`
Add Duo Push Notification option as 2FA. 2019-03-24 14:15:49 +00:00			`# resources.`
			`access_control:`
			# Default policy can either be `bypass`, `one_factor`, `two_factor` or `deny`.
refactor: single quote yaml strings Signed-off-by: James Elliott <james-d-elliott@users.noreply.github.com> 2023-05-07 06:41:41 +00:00			`default_policy: 'two_factor'`
Add Duo Push Notification option as 2FA. 2019-03-24 14:15:49 +00:00
			`rules:`
refactor: single quote yaml strings Signed-off-by: James Elliott <james-d-elliott@users.noreply.github.com> 2023-05-07 06:41:41 +00:00			`- domain: 'singlefactor.example.com'`
			`policy: 'one_factor'`
Add Duo Push Notification option as 2FA. 2019-03-24 14:15:49 +00:00
refactor: single quote yaml strings Signed-off-by: James Elliott <james-d-elliott@users.noreply.github.com> 2023-05-07 06:41:41 +00:00			`- domain: 'public.example.com'`
			`policy: 'bypass'`
Add Duo Push Notification option as 2FA. 2019-03-24 14:15:49 +00:00
refactor: single quote yaml strings Signed-off-by: James Elliott <james-d-elliott@users.noreply.github.com> 2023-05-07 06:41:41 +00:00			`- domain: 'secure.example.com'`
			`policy: 'two_factor'`
Add Duo Push Notification option as 2FA. 2019-03-24 14:15:49 +00:00
refactor: single quote yaml strings Signed-off-by: James Elliott <james-d-elliott@users.noreply.github.com> 2023-05-07 06:41:41 +00:00			`- domain: '*.example.com'`
			`subject: 'group:admins'`
			`policy: 'two_factor'`
Add Duo Push Notification option as 2FA. 2019-03-24 14:15:49 +00:00
refactor: single quote yaml strings Signed-off-by: James Elliott <james-d-elliott@users.noreply.github.com> 2023-05-07 06:41:41 +00:00			`- domain: 'dev.example.com'`
Add Duo Push Notification option as 2FA. 2019-03-24 14:15:49 +00:00			`resources:`
refactor: single quote yaml strings Signed-off-by: James Elliott <james-d-elliott@users.noreply.github.com> 2023-05-07 06:41:41 +00:00			`- '^/users/john/.*$'`
			`subject: 'user:john'`
			`policy: 'two_factor'`
Add Duo Push Notification option as 2FA. 2019-03-24 14:15:49 +00:00
refactor: single quote yaml strings Signed-off-by: James Elliott <james-d-elliott@users.noreply.github.com> 2023-05-07 06:41:41 +00:00			`- domain: 'dev.example.com'`
Add Duo Push Notification option as 2FA. 2019-03-24 14:15:49 +00:00			`resources:`
refactor: single quote yaml strings Signed-off-by: James Elliott <james-d-elliott@users.noreply.github.com> 2023-05-07 06:41:41 +00:00			`- '^/users/harry/.*$'`
			`subject: 'user:harry'`
			`policy: 'two_factor'`
Add Duo Push Notification option as 2FA. 2019-03-24 14:15:49 +00:00
refactor: single quote yaml strings Signed-off-by: James Elliott <james-d-elliott@users.noreply.github.com> 2023-05-07 06:41:41 +00:00			`- domain: '*.mail.example.com'`
			`subject: 'user:bob'`
			`policy: 'two_factor'`
Add Duo Push Notification option as 2FA. 2019-03-24 14:15:49 +00:00
refactor: single quote yaml strings Signed-off-by: James Elliott <james-d-elliott@users.noreply.github.com> 2023-05-07 06:41:41 +00:00			`- domain: 'dev.example.com'`
Add Duo Push Notification option as 2FA. 2019-03-24 14:15:49 +00:00			`resources:`
refactor: single quote yaml strings Signed-off-by: James Elliott <james-d-elliott@users.noreply.github.com> 2023-05-07 06:41:41 +00:00			`- '^/users/bob/.*$'`
			`subject: 'user:bob'`
			`policy: 'two_factor'`
Add Duo Push Notification option as 2FA. 2019-03-24 14:15:49 +00:00
			`# Configuration of the authentication regulation mechanism.`
Rewrite and fix remaining suites in Go. 2019-11-24 20:27:59 +00:00			`regulation:`
Add Duo Push Notification option as 2FA. 2019-03-24 14:15:49 +00:00			`# Set it to 0 to disable max_retries.`
			`max_retries: 3`

Misc Spelling Corrections - Mostly changes to spelling of comments/docs/displayed text - A few changes to test function names 2020-01-21 00:10:00 +00:00			# The user is banned if the authentication failed `max_retries` times in a `find_time` seconds window.
refactor: single quote yaml strings Signed-off-by: James Elliott <james-d-elliott@users.noreply.github.com> 2023-05-07 06:41:41 +00:00			`find_time: '5m'`
Add Duo Push Notification option as 2FA. 2019-03-24 14:15:49 +00:00
			`# The length of time before a banned user can login again.`
refactor: single quote yaml strings Signed-off-by: James Elliott <james-d-elliott@users.noreply.github.com> 2023-05-07 06:41:41 +00:00			`ban_time: '15m'`
Add Duo Push Notification option as 2FA. 2019-03-24 14:15:49 +00:00
			`notifier:`
[FEATURE] Notifier Startup Checks (#889) * implement SMTP notifier startup check * check dial, starttls, auth, mail from, rcpt to, reset, and quit * log the error on failure * implement mock * misc optimizations, adjustments, and refactoring * implement validate_skip config option * fix comments to end with period * fix suites that used smtp notifier without a smtp container * add docs * add file notifier startup check * move file mode into const.go * disable gosec linting on insecureskipverify since it's intended, warned, and discouraged * minor PR commentary adjustment * apply suggestions from code review Co-Authored-By: Amir Zarrinkafsh <nightah@me.com> 2020-04-21 04:59:38 +00:00			`filesystem:`
refactor: single quote yaml strings Signed-off-by: James Elliott <james-d-elliott@users.noreply.github.com> 2023-05-07 06:41:41 +00:00			`filename: '/tmp/notifier.html'`
ci: add yamllint (#1895) This change implements yamllint and adjusts all yaml files to abide by our linting setup. This excludes config.template.yml as this will be done in an alternate commit. 2021-04-10 20:51:00 +00:00			`...`