2.4 KiB
title | description | lead | date | draft | images | menu | configuration | parent | weight | toc | aliases | |
---|---|---|---|---|---|---|---|---|---|---|---|---|
Server Authz Endpoints | Configuring the Server Authz Endpoint Settings. | Authelia supports several authorization endpoints on the internal webserver. This section describes how to configure and tune them. | 2023-01-25T20:36:40+11:00 | false | miscellaneous | 199210 | true |
|
Configuration
server:
endpoints:
authz:
forward-auth:
implementation: ForwardAuth
authn_strategies: []
ext-authz:
implementation: ExtAuthz
authn_strategies: []
auth-request:
implementation: AuthRequest
authn_strategies: []
legacy:
implementation: Legacy
authn_strategies: []
Name
{{< confkey type="string" required="yes" >}}
The first level under the authz
directive is the name of the endpoint. In the example these names are forward-auth
,
ext-authz
, auth-request
, and legacy
.
The name correlates with the path of the endpoint. All endpoints start with /api/authz/
, and end with the name. In the
example the forward-auth
endpoint has a full path of /api/authz/forward-auth
.
Valid characters for the name are alphanumeric as well as -
and _
. They MUST start AND end with an
alphanumeric character.
implementation
{{< confkey type="string" required="yes" >}}
The underlying implementation for the endpoint. Valid case-sensitive values are ForwardAuth
, ExtAuthz
,
AuthRequest
, and Legacy
. Read more about the implementations in the
reference guide.
authn_strategies
{{< confkey type="list" required="no" >}}
A list of authentication strategies and their configuration options. These strategies are in order, and the first one which succeeds is used. Failures other than lacking the sufficient information in the request to perform the strategy immediately short-circuit the authentication, otherwise the next strategy in the list is attempted.
name
{{< confkey type="string" required="yes" >}}
The name of the strategy. Valid case-sensitive values are CookieSession
, HeaderAuthorization
,
HeaderProxyAuthorization
, HeaderAuthRequestProxyAuthorization
, and HeaderLegacy
. Read more about the strategies in
the reference guide.