--- default_redirection_url: https://home.example.com:8080/ server: host: 127.0.0.1 port: 9091 log: level: debug totp: issuer: authelia.com duo_api: hostname: api-123456789.example.com integration_key: ABCDEF authentication_backend: ldap: url: ldap://127.0.0.1 tls: private_key: | -----BEGIN RSA PRIVATE KEY----- MIIEpAIBAAKCAQEA6z1LOg1ZCqb0lytXWZ+MRBpMHEXOoTOLYgfZXt1IYyE3Z758 cyalk0NYQhY5cZDsXPYWPvAHiPMUxutWkoxFwby56S+AbIMa3/Is+ILrHRJs8Exn ZkpyrYFxPX12app2kErdmAkHSx0Z5/kuXiz96PHs8S8/ZbyZolLHzdfLtSzjvRm5 Zue5iFzsf19NJz5CIBfv8g5lRwtE8wNJoRSpn1xq7fqfuA0weDNFPzjlNWRLy6aa rK7qJexRkmkCs4sLgyl+9NODYJpvmN8E1yhyC27E0joI6rBFVW7Ihv+cSPCdDzGp EWe81x3AeqAa3mjVqkiq4u4Z2i8JDgBaPboqJwIDAQABAoIBAAFdLZ58jVOefDSU L8F5R1rtvBs93GDa56f926jNJ6pLewLC+/2+757W+SAI+PRLntM7Kg3bXm/Q2QH+ Q1Y+MflZmspbWCdI61L5GIGoYKyeers59i+FpvySj5GHtLQRiTZ0+Kv1AXHSDWBm 9XneUOqU3IbZe0ifu1RRno72/VtjkGXbW8Mkkw+ohyGbIeTx/0/JQ6sSNZTT3Vk7 8i4IXptq3HSF0/vqZuah8rShoeNq72pD1YLM9YPdL5by1QkDLnqATDiCpLBTCaNV I8sqYEun+HYbQzBj8ZACG2JVZpEEidONWQHw5BPWO95DSZYrVnEkuCqeH+u5vYt7 CHuJ3AECgYEA+W3v5z+j91w1VPHS0VB3SCDMouycAMIUnJPAbt+0LPP0scUFsBGE hPAKddC54pmMZRQ2KIwBKiyWfCrJ8Xz8Yogn7fJgmwTHidJBr2WQpIEkNGlK3Dzi jXL2sh0yC7sHvn0DqiQ79l/e7yRbSnv2wrTJEczOOH2haD7/tBRyCYECgYEA8W+q E9YyGvEltnPFaOxofNZ8LHVcZSsQI5b6fc0iE7fjxFqeXPXEwGSOTwqQLQRiHn9b CfPmIG4Vhyq0otVmlPvUnfBZ2OK+tl5X2/mQFO3ROMdvpi0KYa994uqfJdSTaqLn jjoKFB906UFHnDQDLZUNiV1WwnkTglgLc+xrd6cCgYEAqqthyv6NyBTM3Tm2gcio Ra9Dtntl51LlXZnvwy3IkDXBCd6BHM9vuLKyxZiziGx+Vy90O1xI872cnot8sINQ Am+dur/tAEVN72zxyv0Y8qb2yfH96iKy9gxi5s75TnOEQgAygLnYWaWR2lorKRUX bHTdXBOiS58S0UzCFEslGIECgYBqkO4SKWYeTDhoKvuEj2yjRYyzlu28XeCWxOo1 otiauX0YSyNBRt2cSgYiTzhKFng0m+QUJYp63/wymB/5C5Zmxi0XtWIDADpLhqLj HmmBQ2Mo26alQ5YkffBju0mZyhVzaQop1eZi8WuKFV1FThPlB7hc3E0SM5zv2Grd tQnOWwKBgQC40yZY0PcjuILhy+sIc0Wvh7LUA7taSdTye149kRvbvsCDN7Jh75lM USjhLXY0Nld2zBm9r8wMb81mXH29uvD+tDqqsICvyuKlA/tyzXR+QTr7dCVKVwu0 1YjCJ36UpTsLre2f8nOSLtNmRfDPtbOE2mkOoO9dD9UU0XZwnvn9xw== -----END RSA PRIVATE KEY----- base_dn: dc=example,dc=com username_attribute: uid additional_users_dn: ou=users users_filter: (&({username_attribute}={input})(objectCategory=person)(objectClass=user)) additional_groups_dn: ou=groups groups_filter: (&(member={dn})(objectClass=groupOfNames)) group_name_attribute: cn mail_attribute: mail user: cn=admin,dc=example,dc=com access_control: default_policy: deny rules: # Rules applied to everyone - domain: public.example.com policy: bypass - domain: secure.example.com policy: one_factor # Network based rule, if not provided any network matches. networks: - 192.168.1.0/24 - domain: secure.example.com policy: two_factor - domain: [singlefactor.example.com, onefactor.example.com] policy: one_factor # Rules applied to 'admins' group - domain: "mx2.mail.example.com" subject: "group:admins" policy: deny - domain: "*.example.com" subject: "group:admins" policy: two_factor # Rules applied to 'dev' group - domain: dev.example.com resources: - "^/groups/dev/.*$" subject: "group:dev" policy: two_factor # Rules applied to user 'john' - domain: dev.example.com resources: - "^/users/john/.*$" subject: "user:john" policy: two_factor # Rules applied to 'dev' group and user 'john' - domain: dev.example.com resources: - "^/deny-all.*$" subject: ["group:dev", "user:john"] policy: deny # Rules applied to user 'harry' - domain: dev.example.com resources: - "^/users/harry/.*$" subject: "user:harry" policy: two_factor # Rules applied to user 'bob' - domain: "*.mail.example.com" subject: "user:bob" policy: two_factor - domain: "dev.example.com" resources: - "^/users/bob/.*$" subject: "user:bob" policy: two_factor session: name: authelia_session expiration: 3600000 # 1 hour inactivity: 300000 # 5 minutes domain: example.com redis: host: 127.0.0.1 port: 6379 high_availability: sentinel_name: test regulation: max_retries: 3 find_time: 120 ban_time: 300 storage: mysql: host: 127.0.0.1 port: 3306 database: authelia username: authelia notifier: smtp: username: test host: 127.0.0.1 port: 1025 sender: admin@example.com disable_require_tls: true ...