RPJosh
/
authelia
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

docs: fix missing yaml example (#4853)

pull/4854/head^2
James Elliott 2023-01-31 10:28:00 +11:00 committed by GitHub
parent 78cd8dbebe
commit a2965183f7
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 30 additions and 24 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

54
docs/content/en/configuration/session/introduction.md
View File

@ -15,11 +15,8 @@ aliases:
- /docs/configuration/session/ - /docs/configuration/session/
--- ---
__Authelia__ relies on session cookies to authenticate users. When the user visits a website of the protected domain __Authelia__ relies on session cookies to authorize user access to various protected websites. This section configures
`example.com` for the first time, Authelia detects that there is no cookie for that user. Consequently, Authelia the session cookie behaviour and the domains which Authelia can service authorization requests for.
redirects the user to the login portal through which the user should authenticate to get a cookie which is valid for
`*.example.com`, meaning all websites of the domain. At the next request, Authelia receives the cookie associated to the
authenticated user and can then order the reverse proxy to let the request pass through to the application.
## Configuration ## Configuration
@ -34,8 +31,9 @@ session:
remember_me: 1M remember_me: 1M
cookies: cookies:
- name: authelia_session - domain: example.com
domain: example.com authelia_url: https://auth.example.com
name: authelia_session
same_site: lax same_site: lax
inactivity: 5m inactivity: 5m
expiration: 1h expiration: 1h
@ -75,10 +73,8 @@ characters.
{{< confkey type="string" required="no" >}} {{< confkey type="string" required="no" >}}
_**Deprecation Notice:** This option is deprecated. See the [cookies](#cookies) section instead._ _**Deprecation Notice:** This option is deprecated. See the [cookies](#cookies) section and specifically the
[cookies domain](#domain-1) option instead._
The domain the cookie is assigned to protect. This must be the same as the domain Authelia is served on or the root
of the domain. For example if listening on auth.example.com the cookie should be auth.example.com or example.com.
This value automatically maps to a single cookies configuration using the default values. It cannot be assigned at the This value automatically maps to a single cookies configuration using the default values. It cannot be assigned at the
same time as a `cookies` configuration. same time as a `cookies` configuration.
@ -128,22 +124,18 @@ The list of specific cookie domains that Authelia is configured to handle. Domai
automatically be denied by Authelia. The list allows administrators to define multiple session cookie domain automatically be denied by Authelia. The list allows administrators to define multiple session cookie domain
configurations with individual settings. configurations with individual settings.
#### name
{{< confkey type="string" required="no" >}}
*__Default Value:__ This option takes its default value from the [name](#name) setting above.*
The name of the session cookie. By default this is set to the `name` value in the main session configuration section.
#### domain #### domain
{{< confkey type="string" required="yes" >}} {{< confkey type="string" required="yes" >}}
The domain the cookie is assigned to protect. This must be the same as the domain Authelia is served on or the root *__Important Note:__ Browsers have rules regarding which cookie domains a website can write. In particular this.*
of the domain, and consequently if the [authelia_url](#authelia_url) is configured must be able to read and write cookies
for the domain. For example if listening on `auth.example.com` the cookie should be either `auth.example.com` or The domain the session cookie is assigned to protect. This must be the same as the domain Authelia is served on or the
`example.com`. root of the domain, and consequently if the [authelia_url](#authelia_url) is configured must be able to read and write
cookies for this domain.
For example if Authelia is accessible via the URL `https://auth.example.com` the domain should be either
`auth.example.com` or `example.com`.
Please note most good DynamicDNS solutions fall into a specially protected group of domains and browsers do not allow Please note most good DynamicDNS solutions fall into a specially protected group of domains and browsers do not allow
you to write cookies for the root domain. i.e. if you have been assigned `john.duckdns.org` you can't use `duckdns.org` you to write cookies for the root domain. i.e. if you have been assigned `john.duckdns.org` you can't use `duckdns.org`
@ -160,10 +152,24 @@ that the `authelia_url` option is ineffectual for both NGINX and HAProxy, or any
implementation.* implementation.*
This is a completely optional URL which is the root URL of your Authelia installation for this cookie domain which can This is a completely optional URL which is the root URL of your Authelia installation for this cookie domain which can
be used to generate the appropriate redirection for proxies which support this. be used to generate the appropriate redirection for proxies which support this. This URL must:
1. Be able to read and write cookies for the configured [domain](#domain-1).
2. Use the `https://` scheme.
3. Include the path if relevant (i.e. `https://example.com/authelia` rather than `https://example.com` if you're using the
[server path option](../miscellaneous/server.md#path) of `authelia` and if the Authelia portal is inaccessible from
`https://example.com`).
If this option is absent you must use the appropriate query parameter or header for your relevant proxy. If this option is absent you must use the appropriate query parameter or header for your relevant proxy.
#### name
{{< confkey type="string" required="no" >}}
*__Default Value:__ This option takes its default value from the [name](#name) setting above.*
The name of the session cookie. By default this is set to the `name` value in the main session configuration section.
#### same_site #### same_site
{{< confkey type="string" required="no" >}} {{< confkey type="string" required="no" >}}