Access the secret
You need to log in to access the secret!
Try to access it using
one of the following links to test access control powered by Authelia.
You can also log off by visiting the following link.
List of users
Here is the list of credentials you can log in with to test access control.
Once first factor is passed, you will need to follow the links to register a secret for the second factor.
Authelia
will send you a fictituous email in a fake webmail at http://localhost:8085.
It will provide you with the link to complete the registration allowing you to authenticate with 2-factor.
- john / password: belongs to admin and dev groups.
- bob / password: belongs to dev group only.
- harry / password: does not belong to any group.
Access control rules
These rules are extracted from the configuration file
config.template.yml.
# Default policy can either be `allow` or `deny`.
# It is the policy applied to any resource if it has not been overriden
# in the `any`, `groups` or `users` category.
default_policy: deny
# The rules that apply to anyone.
# The value is a list of rules.
any:
- domain: public.example.com
policy: allow
# Group-based rules. The key is a group name and the value
# is a list of rules.
groups:
admin:
# All resources in all domains
- domain: '*.example.com'
policy: allow
# Except mx2.mail.example.com (it restricts the first rule)
- domain: 'mx2.mail.example.com'
policy: deny
dev:
- domain: dev.example.com
policy: allow
resources:
- '^/groups/dev/.*$'
# User-based rules. The key is a user name and the value
# is a list of rules.
users:
john:
- domain: dev.example.com
policy: allow
resources:
- '^/users/john/.*$'
harry:
- domain: dev.example.com
policy: allow
resources:
- '^/users/harry/.*$'
bob:
- domain: '*.mail.example.com'
policy: allow
- domain: 'dev.example.com'
policy: allow
resources:
- '^/users/bob/.*$'
- domain: 'dev.example.com'
policy: allow
resources:
- '^/users/harry/.*$'