diff --git a/config.template.yml b/config.template.yml index 2f1857220..4e8eb0580 100644 --- a/config.template.yml +++ b/config.template.yml @@ -39,7 +39,7 @@ default_redirection_url: 'https://home.example.com/' ## Set the default 2FA method for new users and for when a user has a preferred method configured that has been ## disabled. This setting must be a method that is enabled. ## Options are totp, webauthn, mobile_push. -default_2fa_method: '' +# default_2fa_method: '' ## ## Server Configuration @@ -203,7 +203,7 @@ totp: ## The TOTP algorithm to use. ## It is CRITICAL you read the documentation before changing this option: ## https://www.authelia.com/c/totp#algorithm - algorithm: 'sha1' + algorithm: 'SHA1' ## The number of digits a user has to input. Must either be 6 or 8. ## Changing this option only affects newly generated TOTP configurations. @@ -300,7 +300,7 @@ authentication_backend: ## External reset password url that redirects the user to an external reset portal. This disables the internal reset ## functionality. - custom_url: '' + # custom_url: '' ## The amount of time to wait before we refresh data from the authentication backend in the duration common syntax. ## To disable this feature set it to 'disable', this will slightly reduce security because for Authelia, users will @@ -396,7 +396,7 @@ authentication_backend: # SKECIQDY6G8gvsYJdXCE9UJ7ukoLrRHxt/frhAtmSY5lVAPuMwIhAMzuDrJo73LH # ZyEaqIXc5pIiX3Sag43csPDHfuXdtT2NAiEAhyRKGJzDxiDlefFU+sGWYK/z/iYg # 0Rvz/kbV8UvnJwECIQDAYN6VJ6NZmc27qv33JIejOfdoTEEhZMMKVg1PlxE0ZQIg - # HFpJiFxZES3QvVPr8deBXORPurqD5uU85NKsf61AdRsDO_NOT_USE= + # HFpJiFxZES3QvVPr8deBXORPurqD5uU85NKsf61AdRs_DO_NOT_USE= # -----END RSA PRIVATE KEY----- ## The distinguished name of the container searched for objects in the directory information tree. @@ -820,7 +820,7 @@ session: # SKECIQDY6G8gvsYJdXCE9UJ7ukoLrRHxt/frhAtmSY5lVAPuMwIhAMzuDrJo73LH # ZyEaqIXc5pIiX3Sag43csPDHfuXdtT2NAiEAhyRKGJzDxiDlefFU+sGWYK/z/iYg # 0Rvz/kbV8UvnJwECIQDAYN6VJ6NZmc27qv33JIejOfdoTEEhZMMKVg1PlxE0ZQIg - # HFpJiFxZES3QvVPr8deBXORPurqD5uU85NKsf61AdRsDO_NOT_USE= + # HFpJiFxZES3QvVPr8deBXORPurqD5uU85NKsf61AdRs_DO_NOT_USE= # -----END RSA PRIVATE KEY----- ## The Redis HA configuration options. @@ -965,7 +965,7 @@ regulation: # SKECIQDY6G8gvsYJdXCE9UJ7ukoLrRHxt/frhAtmSY5lVAPuMwIhAMzuDrJo73LH # ZyEaqIXc5pIiX3Sag43csPDHfuXdtT2NAiEAhyRKGJzDxiDlefFU+sGWYK/z/iYg # 0Rvz/kbV8UvnJwECIQDAYN6VJ6NZmc27qv33JIejOfdoTEEhZMMKVg1PlxE0ZQIg - # HFpJiFxZES3QvVPr8deBXORPurqD5uU85NKsf61AdRsDO_NOT_USE= + # HFpJiFxZES3QvVPr8deBXORPurqD5uU85NKsf61AdRs_DO_NOT_USE= # -----END RSA PRIVATE KEY----- ## @@ -1048,8 +1048,8 @@ regulation: # SKECIQDY6G8gvsYJdXCE9UJ7ukoLrRHxt/frhAtmSY5lVAPuMwIhAMzuDrJo73LH # ZyEaqIXc5pIiX3Sag43csPDHfuXdtT2NAiEAhyRKGJzDxiDlefFU+sGWYK/z/iYg # 0Rvz/kbV8UvnJwECIQDAYN6VJ6NZmc27qv33JIejOfdoTEEhZMMKVg1PlxE0ZQIg - # HFpJiFxZES3QvVPr8deBXORPurqD5uU85NKsf61AdRsDO_NOT_USE= - # -----END RSA PRIVATE KEY----- + # HFpJiFxZES3QvVPr8deBXORPurqD5uU85NKsf61AdRs_DO_NOT_USE= + # -----END RSA PRIVATE KEY----- ## ## Notification Provider @@ -1166,7 +1166,7 @@ notifier: # SKECIQDY6G8gvsYJdXCE9UJ7ukoLrRHxt/frhAtmSY5lVAPuMwIhAMzuDrJo73LH # ZyEaqIXc5pIiX3Sag43csPDHfuXdtT2NAiEAhyRKGJzDxiDlefFU+sGWYK/z/iYg # 0Rvz/kbV8UvnJwECIQDAYN6VJ6NZmc27qv33JIejOfdoTEEhZMMKVg1PlxE0ZQIg - # HFpJiFxZES3QvVPr8deBXORPurqD5uU85NKsf61AdRsDO_NOT_USE= + # HFpJiFxZES3QvVPr8deBXORPurqD5uU85NKsf61AdRs_DO_NOT_USE= # -----END RSA PRIVATE KEY----- ## @@ -1208,7 +1208,7 @@ notifier: # SKECIQDY6G8gvsYJdXCE9UJ7ukoLrRHxt/frhAtmSY5lVAPuMwIhAMzuDrJo73LH # ZyEaqIXc5pIiX3Sag43csPDHfuXdtT2NAiEAhyRKGJzDxiDlefFU+sGWYK/z/iYg # 0Rvz/kbV8UvnJwECIQDAYN6VJ6NZmc27qv33JIejOfdoTEEhZMMKVg1PlxE0ZQIg - # HFpJiFxZES3QvVPr8deBXORPurqD5uU85NKsf61AdRsDO_NOT_USE= + # HFpJiFxZES3QvVPr8deBXORPurqD5uU85NKsf61AdRs_DO_NOT_USE= # -----END RSA PRIVATE KEY----- @@ -1238,7 +1238,7 @@ notifier: # SKECIQDY6G8gvsYJdXCE9UJ7ukoLrRHxt/frhAtmSY5lVAPuMwIhAMzuDrJo73LH # ZyEaqIXc5pIiX3Sag43csPDHfuXdtT2NAiEAhyRKGJzDxiDlefFU+sGWYK/z/iYg # 0Rvz/kbV8UvnJwECIQDAYN6VJ6NZmc27qv33JIejOfdoTEEhZMMKVg1PlxE0ZQIg - # HFpJiFxZES3QvVPr8deBXORPurqD5uU85NKsf61AdRsDO_NOT_USE= + # HFpJiFxZES3QvVPr8deBXORPurqD5uU85NKsf61AdRs_DO_NOT_USE= # -----END RSA PRIVATE KEY----- ## Optional matching certificate chain in PEM DER form that matches the issuer_private_key. All certificates within @@ -1287,6 +1287,7 @@ notifier: ## List of endpoints in addition to the metadata endpoints to permit cross-origin requests on. # endpoints: # - 'authorization' + # - 'pushed-authorization-request' # - 'token' # - 'revocation' # - 'introspection' @@ -1325,7 +1326,7 @@ notifier: ## Redirect URI's specifies a list of valid case-sensitive callbacks for this client. # redirect_uris: - # - 'https://oidc.example.com:8080/oauth2/callback' + # - 'https://oidc.example.com:8080/oauth2/callback' ## Audience this client is allowed to request. # audience: [] @@ -1340,7 +1341,7 @@ notifier: ## Grant Types configures which grants this client can obtain. ## It's not recommended to define this unless you know what you're doing. # grant_types: - # - 'authorization_code' + # - 'authorization_code' ## Response Types configures which responses this client can be sent. ## It's not recommended to define this unless you know what you're doing. @@ -1412,7 +1413,7 @@ notifier: # key: | # -----BEGIN RSA PUBLIC KEY----- # MEgCQQDAwV26ZA1lodtOQxNrJ491gWT+VzFum9IeZ+WTmMypYWyW1CzXKwsvTHDz - # 9ec+jserR3EMQ0Rr24lj13FL1ib5AgMBAAE= + # 9ec+jserR3EMQ0Rr24lj13FL1ib5AgMBAAE_DO_NOT_USE= # -----END RSA PUBLIC KEY---- ## The matching certificate chain in PEM DER form that matches the key if available. diff --git a/internal/configuration/config.template.yml b/internal/configuration/config.template.yml index 2f1857220..4e8eb0580 100644 --- a/internal/configuration/config.template.yml +++ b/internal/configuration/config.template.yml @@ -39,7 +39,7 @@ default_redirection_url: 'https://home.example.com/' ## Set the default 2FA method for new users and for when a user has a preferred method configured that has been ## disabled. This setting must be a method that is enabled. ## Options are totp, webauthn, mobile_push. -default_2fa_method: '' +# default_2fa_method: '' ## ## Server Configuration @@ -203,7 +203,7 @@ totp: ## The TOTP algorithm to use. ## It is CRITICAL you read the documentation before changing this option: ## https://www.authelia.com/c/totp#algorithm - algorithm: 'sha1' + algorithm: 'SHA1' ## The number of digits a user has to input. Must either be 6 or 8. ## Changing this option only affects newly generated TOTP configurations. @@ -300,7 +300,7 @@ authentication_backend: ## External reset password url that redirects the user to an external reset portal. This disables the internal reset ## functionality. - custom_url: '' + # custom_url: '' ## The amount of time to wait before we refresh data from the authentication backend in the duration common syntax. ## To disable this feature set it to 'disable', this will slightly reduce security because for Authelia, users will @@ -396,7 +396,7 @@ authentication_backend: # SKECIQDY6G8gvsYJdXCE9UJ7ukoLrRHxt/frhAtmSY5lVAPuMwIhAMzuDrJo73LH # ZyEaqIXc5pIiX3Sag43csPDHfuXdtT2NAiEAhyRKGJzDxiDlefFU+sGWYK/z/iYg # 0Rvz/kbV8UvnJwECIQDAYN6VJ6NZmc27qv33JIejOfdoTEEhZMMKVg1PlxE0ZQIg - # HFpJiFxZES3QvVPr8deBXORPurqD5uU85NKsf61AdRsDO_NOT_USE= + # HFpJiFxZES3QvVPr8deBXORPurqD5uU85NKsf61AdRs_DO_NOT_USE= # -----END RSA PRIVATE KEY----- ## The distinguished name of the container searched for objects in the directory information tree. @@ -820,7 +820,7 @@ session: # SKECIQDY6G8gvsYJdXCE9UJ7ukoLrRHxt/frhAtmSY5lVAPuMwIhAMzuDrJo73LH # ZyEaqIXc5pIiX3Sag43csPDHfuXdtT2NAiEAhyRKGJzDxiDlefFU+sGWYK/z/iYg # 0Rvz/kbV8UvnJwECIQDAYN6VJ6NZmc27qv33JIejOfdoTEEhZMMKVg1PlxE0ZQIg - # HFpJiFxZES3QvVPr8deBXORPurqD5uU85NKsf61AdRsDO_NOT_USE= + # HFpJiFxZES3QvVPr8deBXORPurqD5uU85NKsf61AdRs_DO_NOT_USE= # -----END RSA PRIVATE KEY----- ## The Redis HA configuration options. @@ -965,7 +965,7 @@ regulation: # SKECIQDY6G8gvsYJdXCE9UJ7ukoLrRHxt/frhAtmSY5lVAPuMwIhAMzuDrJo73LH # ZyEaqIXc5pIiX3Sag43csPDHfuXdtT2NAiEAhyRKGJzDxiDlefFU+sGWYK/z/iYg # 0Rvz/kbV8UvnJwECIQDAYN6VJ6NZmc27qv33JIejOfdoTEEhZMMKVg1PlxE0ZQIg - # HFpJiFxZES3QvVPr8deBXORPurqD5uU85NKsf61AdRsDO_NOT_USE= + # HFpJiFxZES3QvVPr8deBXORPurqD5uU85NKsf61AdRs_DO_NOT_USE= # -----END RSA PRIVATE KEY----- ## @@ -1048,8 +1048,8 @@ regulation: # SKECIQDY6G8gvsYJdXCE9UJ7ukoLrRHxt/frhAtmSY5lVAPuMwIhAMzuDrJo73LH # ZyEaqIXc5pIiX3Sag43csPDHfuXdtT2NAiEAhyRKGJzDxiDlefFU+sGWYK/z/iYg # 0Rvz/kbV8UvnJwECIQDAYN6VJ6NZmc27qv33JIejOfdoTEEhZMMKVg1PlxE0ZQIg - # HFpJiFxZES3QvVPr8deBXORPurqD5uU85NKsf61AdRsDO_NOT_USE= - # -----END RSA PRIVATE KEY----- + # HFpJiFxZES3QvVPr8deBXORPurqD5uU85NKsf61AdRs_DO_NOT_USE= + # -----END RSA PRIVATE KEY----- ## ## Notification Provider @@ -1166,7 +1166,7 @@ notifier: # SKECIQDY6G8gvsYJdXCE9UJ7ukoLrRHxt/frhAtmSY5lVAPuMwIhAMzuDrJo73LH # ZyEaqIXc5pIiX3Sag43csPDHfuXdtT2NAiEAhyRKGJzDxiDlefFU+sGWYK/z/iYg # 0Rvz/kbV8UvnJwECIQDAYN6VJ6NZmc27qv33JIejOfdoTEEhZMMKVg1PlxE0ZQIg - # HFpJiFxZES3QvVPr8deBXORPurqD5uU85NKsf61AdRsDO_NOT_USE= + # HFpJiFxZES3QvVPr8deBXORPurqD5uU85NKsf61AdRs_DO_NOT_USE= # -----END RSA PRIVATE KEY----- ## @@ -1208,7 +1208,7 @@ notifier: # SKECIQDY6G8gvsYJdXCE9UJ7ukoLrRHxt/frhAtmSY5lVAPuMwIhAMzuDrJo73LH # ZyEaqIXc5pIiX3Sag43csPDHfuXdtT2NAiEAhyRKGJzDxiDlefFU+sGWYK/z/iYg # 0Rvz/kbV8UvnJwECIQDAYN6VJ6NZmc27qv33JIejOfdoTEEhZMMKVg1PlxE0ZQIg - # HFpJiFxZES3QvVPr8deBXORPurqD5uU85NKsf61AdRsDO_NOT_USE= + # HFpJiFxZES3QvVPr8deBXORPurqD5uU85NKsf61AdRs_DO_NOT_USE= # -----END RSA PRIVATE KEY----- @@ -1238,7 +1238,7 @@ notifier: # SKECIQDY6G8gvsYJdXCE9UJ7ukoLrRHxt/frhAtmSY5lVAPuMwIhAMzuDrJo73LH # ZyEaqIXc5pIiX3Sag43csPDHfuXdtT2NAiEAhyRKGJzDxiDlefFU+sGWYK/z/iYg # 0Rvz/kbV8UvnJwECIQDAYN6VJ6NZmc27qv33JIejOfdoTEEhZMMKVg1PlxE0ZQIg - # HFpJiFxZES3QvVPr8deBXORPurqD5uU85NKsf61AdRsDO_NOT_USE= + # HFpJiFxZES3QvVPr8deBXORPurqD5uU85NKsf61AdRs_DO_NOT_USE= # -----END RSA PRIVATE KEY----- ## Optional matching certificate chain in PEM DER form that matches the issuer_private_key. All certificates within @@ -1287,6 +1287,7 @@ notifier: ## List of endpoints in addition to the metadata endpoints to permit cross-origin requests on. # endpoints: # - 'authorization' + # - 'pushed-authorization-request' # - 'token' # - 'revocation' # - 'introspection' @@ -1325,7 +1326,7 @@ notifier: ## Redirect URI's specifies a list of valid case-sensitive callbacks for this client. # redirect_uris: - # - 'https://oidc.example.com:8080/oauth2/callback' + # - 'https://oidc.example.com:8080/oauth2/callback' ## Audience this client is allowed to request. # audience: [] @@ -1340,7 +1341,7 @@ notifier: ## Grant Types configures which grants this client can obtain. ## It's not recommended to define this unless you know what you're doing. # grant_types: - # - 'authorization_code' + # - 'authorization_code' ## Response Types configures which responses this client can be sent. ## It's not recommended to define this unless you know what you're doing. @@ -1412,7 +1413,7 @@ notifier: # key: | # -----BEGIN RSA PUBLIC KEY----- # MEgCQQDAwV26ZA1lodtOQxNrJ491gWT+VzFum9IeZ+WTmMypYWyW1CzXKwsvTHDz - # 9ec+jserR3EMQ0Rr24lj13FL1ib5AgMBAAE= + # 9ec+jserR3EMQ0Rr24lj13FL1ib5AgMBAAE_DO_NOT_USE= # -----END RSA PUBLIC KEY---- ## The matching certificate chain in PEM DER form that matches the key if available.