authelia/test/suites/basic/config.yml

###############################################################
#                Authelia minimal configuration               #
###############################################################

port: 9091

logs_level: debug

default_redirection_url: https://home.example.com:8080/

authentication_backend:
  file:
    path: ./test/suites/basic/users_database.test.yml

session:
  secret: unsecure_session_secret
  domain: example.com
  expiration: 3600000 # 1 hour
  inactivity: 300000 # 5 minutes

# Configuration of the storage backend used to store data and secrets. i.e. totp data
storage:
  local:
    path: /tmp/authelia/db

# TOTP Issuer Name
#
# This will be the issuer name displayed in Google Authenticator
# See: https://github.com/google/google-authenticator/wiki/Key-Uri-Format for more info on issuer names
totp:
  issuer: example.com

# Access Control
#
# Access control is a set of rules you can use to restrict user access to certain 
# resources.
access_control:
  # Default policy can either be `bypass`, `one_factor`, `two_factor` or `deny`.
  default_policy: deny

  rules:
    - domain: singlefactor.example.com
      policy: one_factor

    - domain: public.example.com
      policy: bypass

    - domain: secure.example.com
      policy: two_factor

    - domain: '*.example.com'
      subject: "group:admins"
      policy: two_factor

    - domain: dev.example.com
      resources:
        - '^/users/john/.*$' 
      subject: "user:john"
      policy: two_factor

    - domain: dev.example.com
      resources:
        - '^/users/harry/.*$'
      subject: "user:harry"
      policy: two_factor

    - domain: '*.mail.example.com'
      subject: "user:bob"
      policy: two_factor

    - domain: dev.example.com
      resources:
        - '^/users/bob/.*$'
      subject: "user:bob"
      policy: two_factor


# Configuration of the authentication regulation mechanism.
regulation: 
  # Set it to 0 to disable max_retries.
  max_retries: 3

  # The user is banned if the authenticaction failed `max_retries` times in a `find_time` seconds window. 
  find_time: 300

  # The length of time before a banned user can login again.
  ban_time: 900

notifier:
  # Use a SMTP server for sending notifications
  smtp:
    username: test
    password: password
    secure: false
    host: 127.0.0.1
    port: 1025
    sender: admin@example.com
Fix inactivity Ãe2e tests. 2019-01-30 22:33:14 +00:00			`###############################################################`
			`# Authelia minimal configuration #`
			`###############################################################`

			`port: 9091`

			`logs_level: debug`

Fix unit tests. 2019-02-22 09:27:54 +00:00			`default_redirection_url: https://home.example.com:8080/`

Fix inactivity Ãe2e tests. 2019-01-30 22:33:14 +00:00			`authentication_backend:`
			`file:`
Move users_database.yml files to dedicated suites. 2019-03-02 22:16:53 +00:00			`path: ./test/suites/basic/users_database.test.yml`
Fix inactivity Ãe2e tests. 2019-01-30 22:33:14 +00:00
			`session:`
			`secret: unsecure_session_secret`
			`domain: example.com`
Create a specific suite for short timeouts to let humans use simple suite. 2019-03-02 21:27:54 +00:00			`expiration: 3600000 # 1 hour`
			`inactivity: 300000 # 5 minutes`
Fix inactivity Ãe2e tests. 2019-01-30 22:33:14 +00:00
			`# Configuration of the storage backend used to store data and secrets. i.e. totp data`
			`storage:`
			`local:`
Create /tmp/authelia/db directory when starting minimal suite. 2019-03-01 20:40:44 +00:00			`path: /tmp/authelia/db`
Fix inactivity Ãe2e tests. 2019-01-30 22:33:14 +00:00
			`# TOTP Issuer Name`
			`#`
			`# This will be the issuer name displayed in Google Authenticator`
			`# See: https://github.com/google/google-authenticator/wiki/Key-Uri-Format for more info on issuer names`
			`totp:`
			`issuer: example.com`

			`# Access Control`
			`#`
			`# Access control is a set of rules you can use to restrict user access to certain`
			`# resources.`
			`access_control:`
			# Default policy can either be `bypass`, `one_factor`, `two_factor` or `deny`.
			`default_policy: deny`

			`rules:`
[BREAKING] Create a suite for kubernetes tests. Authelia client uses hash router instead of browser router in order to work with Kubernetes nginx-ingress-controller. This is also better for users having old browsers. This commit is breaking because it requires to change the configuration of the proxy to include the # in the URL of the login portal. 2019-03-03 22:51:52 +00:00			`- domain: singlefactor.example.com`
Fix inactivity Ãe2e tests. 2019-01-30 22:33:14 +00:00			`policy: one_factor`

Fix the bypass strategy. Before this fix an anonymous user was not able to access a resource that were configured with a bypass policy. This was due to a useless check of the userid in the auth session. Moreover, in the case of an anonymous user, we should not check the inactivity period since there is no session. Also refactor /verify endpoint for better testability and add tests in a new suite. 2019-03-22 15:54:27 +00:00			`- domain: public.example.com`
			`policy: bypass`

Display only one 2FA option. Displaying only one option at 2FA stage will allow to add more options like DUO push or OAuth. The user can switch to other option and in this case the option is remembered so that next time, the user will see the same option. The latest option is considered as the prefered option by Authelia. 2019-03-23 14:44:46 +00:00			`- domain: secure.example.com`
			`policy: two_factor`

Fix inactivity Ãe2e tests. 2019-01-30 22:33:14 +00:00			`- domain: '*.example.com'`
			`subject: "group:admins"`
			`policy: two_factor`

			`- domain: dev.example.com`
			`resources:`
			`- '^/users/john/.*$'`
			`subject: "user:john"`
			`policy: two_factor`

			`- domain: dev.example.com`
			`resources:`
			`- '^/users/harry/.*$'`
			`subject: "user:harry"`
			`policy: two_factor`

			`- domain: '*.mail.example.com'`
			`subject: "user:bob"`
			`policy: two_factor`

			`- domain: dev.example.com`
			`resources:`
			`- '^/users/bob/.*$'`
			`subject: "user:bob"`
			`policy: two_factor`


			`# Configuration of the authentication regulation mechanism.`
			`regulation:`
			`# Set it to 0 to disable max_retries.`
			`max_retries: 3`

			# The user is banned if the authenticaction failed `max_retries` times in a `find_time` seconds window.
Create a specific suite for short timeouts to let humans use simple suite. 2019-03-02 21:27:54 +00:00			`find_time: 300`
Fix inactivity Ãe2e tests. 2019-01-30 22:33:14 +00:00
			`# The length of time before a banned user can login again.`
Create a specific suite for short timeouts to let humans use simple suite. 2019-03-02 21:27:54 +00:00			`ban_time: 900`
Fix inactivity Ãe2e tests. 2019-01-30 22:33:14 +00:00
			`notifier:`
			`# Use a SMTP server for sending notifications`
			`smtp:`
			`username: test`
			`password: password`
			`secure: false`
			`host: 127.0.0.1`
			`port: 1025`
			`sender: admin@example.com`