authelia/docs/content/en/configuration/miscellaneous/server-endpoints-authz.md

2.4 KiB

title description lead date draft images menu configuration parent weight toc aliases
Server Authz Endpoints Configuring the Server Authz Endpoint Settings. Authelia supports several authorization endpoints on the internal webserver. This section describes how to configure and tune them. 2023-01-25T20:36:40+11:00 false
miscellaneous 199210 true
/c/authz

Configuration

{{< config-alert-example >}}

server:
  endpoints:
    authz:
      forward-auth:
        implementation: ForwardAuth
        authn_strategies: []
      ext-authz:
        implementation: ExtAuthz
        authn_strategies: []
      auth-request:
        implementation: AuthRequest
        authn_strategies: []
      legacy:
        implementation: Legacy
        authn_strategies: []

Name

{{< confkey type="string" required="yes" >}}

The first level under the authz directive is the name of the endpoint. In the example these names are forward-auth, ext-authz, auth-request, and legacy.

The name correlates with the path of the endpoint. All endpoints start with /api/authz/, and end with the name. In the example the forward-auth endpoint has a full path of /api/authz/forward-auth.

Valid characters for the name are alphanumeric as well as - and _. They MUST start AND end with an alphanumeric character.

implementation

{{< confkey type="string" required="yes" >}}

The underlying implementation for the endpoint. Valid case-sensitive values are ForwardAuth, ExtAuthz, AuthRequest, and Legacy. Read more about the implementations in the reference guide.

authn_strategies

{{< confkey type="list" required="no" >}}

A list of authentication strategies and their configuration options. These strategies are in order, and the first one which succeeds is used. Failures other than lacking the sufficient information in the request to perform the strategy immediately short-circuit the authentication, otherwise the next strategy in the list is attempted.

name

{{< confkey type="string" required="yes" >}}

The name of the strategy. Valid case-sensitive values are CookieSession, HeaderAuthorization, HeaderProxyAuthorization, HeaderAuthRequestProxyAuthorization, and HeaderLegacy. Read more about the strategies in the reference guide.