2024-10-11 20:01:22 +02:00
|
|
|
theme: 'auto'
|
|
|
|
|
|
|
|
access_control:
|
|
|
|
default_policy: deny
|
|
|
|
rules:
|
|
|
|
- domain: '*.gasdev.fr'
|
|
|
|
policy: one_factor
|
2024-10-18 10:53:36 +02:00
|
|
|
|
2024-10-11 20:01:22 +02:00
|
|
|
server:
|
2024-10-18 10:53:36 +02:00
|
|
|
address: 'tcp://:9091/'
|
2024-10-11 20:01:22 +02:00
|
|
|
endpoints:
|
|
|
|
authz:
|
|
|
|
forward-auth:
|
|
|
|
implementation: 'ForwardAuth'
|
2024-10-18 10:53:36 +02:00
|
|
|
|
2024-10-11 20:01:22 +02:00
|
|
|
session:
|
|
|
|
cookies:
|
|
|
|
- domain: 'gasdev.fr'
|
|
|
|
authelia_url: 'https://auth.gasdev.fr'
|
2024-10-18 10:53:36 +02:00
|
|
|
default_redirection_url: 'https://auth.gasdev.fr/authenticated'
|
|
|
|
|
2024-10-21 10:48:54 +02:00
|
|
|
identity_providers:
|
|
|
|
oidc:
|
|
|
|
jwks:
|
|
|
|
- key: {{ secret "/secrets/OIDC_JWKS_PRIVATE_KEY" | mindent 10 "|" | msquote }}
|
|
|
|
clients:
|
|
|
|
- client_id: 'penpot'
|
|
|
|
client_name: 'Penpot'
|
|
|
|
client_secret: $pbkdf2-sha512$310000$WuYHbHrVI3wMn/tZXwDTMA$WnS0VoR4jLNQnXjJUN46EfnC4QMdpdnNcYsGvSCpkbzguO4of.tCgAeLsfzLgWn9CSGMt20TZOQfc/7IbfwBHg
|
|
|
|
redirect_uris: 'https://penpot.gasdev.fr/api/auth/oauth/oidc/callback'
|
|
|
|
token_endpoint_auth_method: 'client_secret_post'
|
|
|
|
authorization_policy: 'one_factor'
|
|
|
|
scopes:
|
|
|
|
- 'email'
|
|
|
|
- 'openid'
|
|
|
|
- 'profile'
|
2024-11-03 21:06:00 +01:00
|
|
|
- client_id: 'outline'
|
|
|
|
client_name: 'Outline'
|
|
|
|
client_secret: '$pbkdf2-sha512$310000$KykggigTF2ZRKzEdHqPD0A$TV66lPDqlTodPjFGMpxMUaeQPywHliW8yTXfXsMh4EBkYI3cIqmDc.z6Yk/3/So2.HqsRWwfPlEHmBn9Esq/4A'
|
|
|
|
public: false
|
|
|
|
authorization_policy: 'one_factor'
|
|
|
|
redirect_uris:
|
|
|
|
- 'https://outline.gasdev.fr/auth/oidc.callback'
|
|
|
|
scopes:
|
|
|
|
- 'openid'
|
|
|
|
- 'offline_access'
|
|
|
|
- 'profile'
|
|
|
|
- 'email'
|
|
|
|
userinfo_signed_response_alg: 'none'
|
|
|
|
token_endpoint_auth_method: 'client_secret_post'
|
2024-10-21 10:48:54 +02:00
|
|
|
|
|
|
|
|
2024-10-18 10:53:36 +02:00
|
|
|
authentication_backend:
|
|
|
|
password_reset:
|
|
|
|
disable: false
|
|
|
|
|
|
|
|
file:
|
|
|
|
path: '/data/users_database.yml'
|
|
|
|
password:
|
|
|
|
algorithm: 'argon2'
|
|
|
|
|
|
|
|
password_policy:
|
|
|
|
standard:
|
|
|
|
enabled: true
|
|
|
|
min_length: 10
|
|
|
|
max_length: 128
|
|
|
|
require_uppercase: true
|
|
|
|
require_lowercase: true
|
|
|
|
require_number: true
|
|
|
|
require_special: true
|
|
|
|
|
|
|
|
storage:
|
|
|
|
local:
|
|
|
|
path: /data/db.sqlite3
|
|
|
|
|
|
|
|
notifier:
|
2024-10-18 11:13:14 +02:00
|
|
|
smtp:
|
2024-11-05 14:48:31 +01:00
|
|
|
address: 'smtp.gasdev.fr'
|
2024-10-18 11:13:14 +02:00
|
|
|
username: 'postmaster@gasdev.fr'
|
|
|
|
sender: 'Authelia <authelia@gasdev.fr>'
|
2024-10-18 10:53:36 +02:00
|
|
|
|
|
|
|
log:
|
|
|
|
level: 'info'
|
|
|
|
format: 'json'
|
|
|
|
|
|
|
|
totp:
|
|
|
|
issuer: 'gasdev.fr'
|
|
|
|
## https://www.authelia.com/c/totp#algorithm
|
|
|
|
algorithm: 'SHA1'
|
|
|
|
|
|
|
|
## https://www.authelia.com/c/totp#digits
|
|
|
|
digits: 6
|
|
|
|
period: 30
|
|
|
|
## See: https://www.authelia.com/c/totp#input-validation to read
|
|
|
|
skew: 1
|
|
|
|
|
|
|
|
webauthn:
|
|
|
|
disable: true
|
|
|
|
|
|
|
|
duo_api:
|
|
|
|
disable: true
|
|
|
|
|
|
|
|
ntp:
|
|
|
|
address: 'udp://time.cloudflare.com:123'
|
2024-10-11 20:01:22 +02:00
|
|
|
|