authelia/docs/content/en/configuration/miscellaneous/introduction.md

---
title: "Miscellaneous"
description: "Miscellaneous Configuration."
lead: "Authelia has a few config items that don't fit into their own area. This describes these options."
date: 2020-02-29T01:43:59+01:00
draft: false
images: []
menu:
  configuration:
    parent: "miscellaneous"
weight: 199100
toc: true
aliases:
  - /docs/configuration/miscellaneous.html
  - /docs/configuration/theme.html
---

## Configuration

{{< config-alert-example >}}

```yaml
certificates_directory: '/config/certs/'
default_redirection_url: 'https://home.example.com:8080/'
jwt_secret: 'v3ry_important_s3cr3t'
theme: 'light'
```

## Options

This section describes the individual configuration options.

### certificates_directory

This option defines the location of additional certificates to load into the trust chain specifically for Authelia.
This currently affects both the SMTP notifier and the LDAP authentication backend. The certificates should all be in the
PEM format and end with the extension `.pem`, `.crt`, or `.cer`. You can either add the individual certificates public
key or the CA public key which signed them (don't add the private key).

### default_redirection_url

{{< confkey type="string" required="no" >}}

The default redirection URL is the URL where users are redirected when Authelia cannot detect the target URL where the
user was heading.

In a normal authentication workflow, a user tries to access a website and they get redirected to the sign-in portal in
order to authenticate. Since the user initially targeted a website, the portal knows where the user was heading and
can redirect them after the authentication process. However, when a user visits the sign in portal directly, the portal
considers the targeted website is the portal. In that case and if the default redirection URL is configured, the user is
redirected to that URL. If not defined, the user is not redirected after authentication.

### default_2fa_method

{{< confkey type="string" default="totp" required="no" >}}

Sets the default second factor method for users. This must be blank or one of the enabled methods. New users will by
default have this method selected for them. In addition if this was configured to `webauthn` and a user had the `totp`
method, and the `totp` method was disabled in the configuration, the users' method would automatically update to the
`webauthn` method.

Options are:

* totp
* webauthn
* mobile_push

```yaml
default_2fa_method: totp
```

### jwt_secret

{{< confkey type="string" required="yes" >}}

*__Important Note:__ This can also be defined using a [secret](../methods/secrets.md) which is __strongly recommended__
especially for containerized deployments.*

Defines the secret used to craft JWT tokens leveraged by the identity verification process. This can a random string.
It's strongly recommended this is a [Random Alphanumeric String](../../reference/guides/generating-secure-values.md#generating-a-random-alphanumeric-string) with
64 or more characters.

### theme

{{< confkey type="string " default="light" required="no" >}}

There are currently 3 available themes for Authelia:

* light (default)
* dark
* grey

To enable automatic switching between themes, you can set `theme` to `auto`. The theme will be set to either `dark` or
`light` depending on the user's system preference which is determined using media queries. To read more technical
details about the media queries used, read the
[MDN](https://developer.mozilla.org/en-US/docs/Web/CSS/@media/prefers-color-scheme).
[DOCS] Bootstrap new documentation website based on just-the-docs (#659) 2020-02-29 00:43:59 +00:00			`---`
feat: major documentation refresh (#3475) This marks the launch of the new documentation website. 2022-06-15 07:51:47 +00:00			`title: "Miscellaneous"`
			`description: "Miscellaneous Configuration."`
			`lead: "Authelia has a few config items that don't fit into their own area. This describes these options."`
docs: update dates (#3615) 2022-06-28 05:27:14 +00:00			`date: 2020-02-29T01:43:59+01:00`
feat: major documentation refresh (#3475) This marks the launch of the new documentation website. 2022-06-15 07:51:47 +00:00			`draft: false`
			`images: []`
			`menu:`
			`configuration:`
			`parent: "miscellaneous"`
			`weight: 199100`
			`toc: true`
			`aliases:`
			`- /docs/configuration/miscellaneous.html`
			`- /docs/configuration/theme.html`
[DOCS] Bootstrap new documentation website based on just-the-docs (#659) 2020-02-29 00:43:59 +00:00			`---`

feat: major documentation refresh (#3475) This marks the launch of the new documentation website. 2022-06-15 07:51:47 +00:00			`## Configuration`
[DOCS] Bootstrap new documentation website based on just-the-docs (#659) 2020-02-29 00:43:59 +00:00
docs: add alert for configuration sections (#5380) Signed-off-by: James Elliott <james-d-elliott@users.noreply.github.com> 2023-05-04 11:23:15 +00:00			`{{< config-alert-example >}}`

feat: major documentation refresh (#3475) This marks the launch of the new documentation website. 2022-06-15 07:51:47 +00:00			```yaml
feat(authentication): suport ldap over unix socket (#5397) This adds support for LDAP unix sockets using the ldapi scheme. In addition it improves all of the address related parsing significantly deprecating old options. Signed-off-by: James Elliott <james-d-elliott@users.noreply.github.com> 2023-05-07 06:39:17 +00:00			`certificates_directory: '/config/certs/'`
			`default_redirection_url: 'https://home.example.com:8080/'`
			`jwt_secret: 'v3ry_important_s3cr3t'`
			`theme: 'light'`
feat: major documentation refresh (#3475) This marks the launch of the new documentation website. 2022-06-15 07:51:47 +00:00			```

			`## Options`
[FEATURE] Enhance LDAP/SMTP TLS Configuration and Unify Them (#1557) * add new directive in the global scope `certificates_directory` which is used to bulk load certs and trust them in Authelia * this is in ADDITION to system certs and are trusted by both LDAP and SMTP * added a shared TLSConfig struct to be used by both SMTP and LDAP, and anything else in the future that requires tuning the TLS * remove usage of deprecated LDAP funcs Dial and DialTLS in favor of DialURL which is also easier to use * use the server name from LDAP URL or SMTP host when validating the certificate unless otherwise defined in the TLS section * added temporary translations from the old names to the new ones for all deprecated options * added docs * updated example configuration * final deprecations to be done in 4.28.0 * doc updates * fix misc linting issues * uniform deprecation notices for ease of final removal * added additional tests covering previously uncovered areas and the new configuration options * add non-fatal to certificate loading when system certs could not be loaded * adjust timeout of Suite ShortTimeouts * add warnings pusher for the StructValidator * make the schema suites uninform * utilize the warnings in the StructValidator * fix test suite usage for skip_verify * extract LDAP filter parsing into it's own function to make it possible to test * test LDAP filter parsing * update ErrorContainer interface * add tests to the StructValidator * add NewTLSConfig test * move baseDN for users/groups into parsed values * add tests to cover many of the outstanding areas in LDAP * add explicit deferred LDAP conn close to UpdatePassword * add some basic testing to SMTP notifier * suggestions from code review 2021-01-04 10:28:55 +00:00
feat(authentication): suport ldap over unix socket (#5397) This adds support for LDAP unix sockets using the ldapi scheme. In addition it improves all of the address related parsing significantly deprecating old options. Signed-off-by: James Elliott <james-d-elliott@users.noreply.github.com> 2023-05-07 06:39:17 +00:00			`This section describes the individual configuration options.`

feat: major documentation refresh (#3475) This marks the launch of the new documentation website. 2022-06-15 07:51:47 +00:00			`### certificates_directory`
[FEATURE] Enhance LDAP/SMTP TLS Configuration and Unify Them (#1557) * add new directive in the global scope `certificates_directory` which is used to bulk load certs and trust them in Authelia * this is in ADDITION to system certs and are trusted by both LDAP and SMTP * added a shared TLSConfig struct to be used by both SMTP and LDAP, and anything else in the future that requires tuning the TLS * remove usage of deprecated LDAP funcs Dial and DialTLS in favor of DialURL which is also easier to use * use the server name from LDAP URL or SMTP host when validating the certificate unless otherwise defined in the TLS section * added temporary translations from the old names to the new ones for all deprecated options * added docs * updated example configuration * final deprecations to be done in 4.28.0 * doc updates * fix misc linting issues * uniform deprecation notices for ease of final removal * added additional tests covering previously uncovered areas and the new configuration options * add non-fatal to certificate loading when system certs could not be loaded * adjust timeout of Suite ShortTimeouts * add warnings pusher for the StructValidator * make the schema suites uninform * utilize the warnings in the StructValidator * fix test suite usage for skip_verify * extract LDAP filter parsing into it's own function to make it possible to test * test LDAP filter parsing * update ErrorContainer interface * add tests to the StructValidator * add NewTLSConfig test * move baseDN for users/groups into parsed values * add tests to cover many of the outstanding areas in LDAP * add explicit deferred LDAP conn close to UpdatePassword * add some basic testing to SMTP notifier * suggestions from code review 2021-01-04 10:28:55 +00:00
			`This option defines the location of additional certificates to load into the trust chain specifically for Authelia.`
			`This currently affects both the SMTP notifier and the LDAP authentication backend. The certificates should all be in the`
docs: refactor several areas of documentation (#1726) Updated all links to use https://www.authelia.com/docs/. Removed all comment sections from documented configuration on the documentation site and replaced them with their own sections. Made all documentation inside config.template.yml double hashes, and made all commented configuration sections single quoted. Added .yamllint.yaml to express our desired YAML styles. Added a style guide. Refactored many documentation areas to be 120 char widths where possible. It's by no means exhaustive but is a large start. Added a statelessness guide for the pending Kubernetes chart introduction. Added labels to configuration documentation and made many areas uniform. 2021-04-11 11:25:03 +00:00			PEM format and end with the extension `.pem`, `.crt`, or `.cer`. You can either add the individual certificates public
			`key or the CA public key which signed them (don't add the private key).`
[FEATURE] Enhance LDAP/SMTP TLS Configuration and Unify Them (#1557) * add new directive in the global scope `certificates_directory` which is used to bulk load certs and trust them in Authelia * this is in ADDITION to system certs and are trusted by both LDAP and SMTP * added a shared TLSConfig struct to be used by both SMTP and LDAP, and anything else in the future that requires tuning the TLS * remove usage of deprecated LDAP funcs Dial and DialTLS in favor of DialURL which is also easier to use * use the server name from LDAP URL or SMTP host when validating the certificate unless otherwise defined in the TLS section * added temporary translations from the old names to the new ones for all deprecated options * added docs * updated example configuration * final deprecations to be done in 4.28.0 * doc updates * fix misc linting issues * uniform deprecation notices for ease of final removal * added additional tests covering previously uncovered areas and the new configuration options * add non-fatal to certificate loading when system certs could not be loaded * adjust timeout of Suite ShortTimeouts * add warnings pusher for the StructValidator * make the schema suites uninform * utilize the warnings in the StructValidator * fix test suite usage for skip_verify * extract LDAP filter parsing into it's own function to make it possible to test * test LDAP filter parsing * update ErrorContainer interface * add tests to the StructValidator * add NewTLSConfig test * move baseDN for users/groups into parsed values * add tests to cover many of the outstanding areas in LDAP * add explicit deferred LDAP conn close to UpdatePassword * add some basic testing to SMTP notifier * suggestions from code review 2021-01-04 10:28:55 +00:00
feat: major documentation refresh (#3475) This marks the launch of the new documentation website. 2022-06-15 07:51:47 +00:00			`### default_redirection_url`
[DOCS] Bootstrap new documentation website based on just-the-docs (#659) 2020-02-29 00:43:59 +00:00
feat: major documentation refresh (#3475) This marks the launch of the new documentation website. 2022-06-15 07:51:47 +00:00			`{{< confkey type="string" required="no" >}}`
docs: refactor several areas of documentation (#1726) Updated all links to use https://www.authelia.com/docs/. Removed all comment sections from documented configuration on the documentation site and replaced them with their own sections. Made all documentation inside config.template.yml double hashes, and made all commented configuration sections single quoted. Added .yamllint.yaml to express our desired YAML styles. Added a style guide. Refactored many documentation areas to be 120 char widths where possible. It's by no means exhaustive but is a large start. Added a statelessness guide for the pending Kubernetes chart introduction. Added labels to configuration documentation and made many areas uniform. 2021-04-11 11:25:03 +00:00
			`The default redirection URL is the URL where users are redirected when Authelia cannot detect the target URL where the`
			`user was heading.`

docs: fix grammar (#2863) Remove the gender specific examples for `default_redirection_url` Co-authored-by: James Elliott <james-d-elliott@users.noreply.github.com> 2022-02-17 02:26:17 +00:00			`In a normal authentication workflow, a user tries to access a website and they get redirected to the sign-in portal in`
docs: refactor several areas of documentation (#1726) Updated all links to use https://www.authelia.com/docs/. Removed all comment sections from documented configuration on the documentation site and replaced them with their own sections. Made all documentation inside config.template.yml double hashes, and made all commented configuration sections single quoted. Added .yamllint.yaml to express our desired YAML styles. Added a style guide. Refactored many documentation areas to be 120 char widths where possible. It's by no means exhaustive but is a large start. Added a statelessness guide for the pending Kubernetes chart introduction. Added labels to configuration documentation and made many areas uniform. 2021-04-11 11:25:03 +00:00			`order to authenticate. Since the user initially targeted a website, the portal knows where the user was heading and`
docs: fix grammar (#2863) Remove the gender specific examples for `default_redirection_url` Co-authored-by: James Elliott <james-d-elliott@users.noreply.github.com> 2022-02-17 02:26:17 +00:00			`can redirect them after the authentication process. However, when a user visits the sign in portal directly, the portal`
docs: refactor several areas of documentation (#1726) Updated all links to use https://www.authelia.com/docs/. Removed all comment sections from documented configuration on the documentation site and replaced them with their own sections. Made all documentation inside config.template.yml double hashes, and made all commented configuration sections single quoted. Added .yamllint.yaml to express our desired YAML styles. Added a style guide. Refactored many documentation areas to be 120 char widths where possible. It's by no means exhaustive but is a large start. Added a statelessness guide for the pending Kubernetes chart introduction. Added labels to configuration documentation and made many areas uniform. 2021-04-11 11:25:03 +00:00			`considers the targeted website is the portal. In that case and if the default redirection URL is configured, the user is`
			`redirected to that URL. If not defined, the user is not redirected after authentication.`
[DOCS] Bootstrap new documentation website based on just-the-docs (#659) 2020-02-29 00:43:59 +00:00
feat: major documentation refresh (#3475) This marks the launch of the new documentation website. 2022-06-15 07:51:47 +00:00			`### default_2fa_method`
feat(configuration): configurable default second factor method (#3081) This allows configuring the default second factor method. 2022-04-17 23:58:24 +00:00
feat: major documentation refresh (#3475) This marks the launch of the new documentation website. 2022-06-15 07:51:47 +00:00			`{{< confkey type="string" default="totp" required="no" >}}`
feat(configuration): configurable default second factor method (#3081) This allows configuring the default second factor method. 2022-04-17 23:58:24 +00:00
			`Sets the default second factor method for users. This must be blank or one of the enabled methods. New users will by`
			default have this method selected for them. In addition if this was configured to `webauthn` and a user had the `totp`
			method, and the `totp` method was disabled in the configuration, the users' method would automatically update to the
			`webauthn` method.

			`Options are:`

feat: major documentation refresh (#3475) This marks the launch of the new documentation website. 2022-06-15 07:51:47 +00:00			`* totp`
			`* webauthn`
			`* mobile_push`
feat(configuration): configurable default second factor method (#3081) This allows configuring the default second factor method. 2022-04-17 23:58:24 +00:00
			```yaml
			`default_2fa_method: totp`
feat: major documentation refresh (#3475) This marks the launch of the new documentation website. 2022-06-15 07:51:47 +00:00			```

			`### jwt_secret`

			`{{< confkey type="string" required="yes" >}}`

docs: improve secrets documentation (#3565) Improve documentation around secrets. 2022-06-21 09:45:08 +00:00			`*__Important Note:__ This can also be defined using a [secret](../methods/secrets.md) which is __strongly recommended__`
			`especially for containerized deployments.*`

			`Defines the secret used to craft JWT tokens leveraged by the identity verification process. This can a random string.`
docs: fix misc url issues (#4503) 2022-12-07 09:43:02 +00:00			`It's strongly recommended this is a [Random Alphanumeric String](../../reference/guides/generating-secure-values.md#generating-a-random-alphanumeric-string) with`
docs: improve secrets documentation (#3565) Improve documentation around secrets. 2022-06-21 09:45:08 +00:00			`64 or more characters.`
feat: major documentation refresh (#3475) This marks the launch of the new documentation website. 2022-06-15 07:51:47 +00:00
			`### theme`

			`{{< confkey type="string " default="light" required="no" >}}`

			`There are currently 3 available themes for Authelia:`

			`* light (default)`
			`* dark`
			`* grey`

			To enable automatic switching between themes, you can set `theme` to `auto`. The theme will be set to either `dark` or
			`light` depending on the user's system preference which is determined using media queries. To read more technical
			`details about the media queries used, read the`
			`[MDN](https://developer.mozilla.org/en-US/docs/Web/CSS/@media/prefers-color-scheme).`