pointfichiers/services/authelia/configuration.yml

106 lines
2.4 KiB
YAML
Raw Normal View History

2024-10-11 20:01:22 +02:00
theme: 'auto'
access_control:
default_policy: deny
rules:
- domain: '*.gasdev.fr'
policy: one_factor
2024-10-11 20:01:22 +02:00
server:
address: 'tcp://:9091/'
2024-10-11 20:01:22 +02:00
endpoints:
authz:
forward-auth:
implementation: 'ForwardAuth'
2024-10-11 20:01:22 +02:00
session:
cookies:
- domain: 'gasdev.fr'
authelia_url: 'https://auth.gasdev.fr'
default_redirection_url: 'https://auth.gasdev.fr/authenticated'
identity_providers:
oidc:
jwks:
- key: {{ secret "/secrets/OIDC_JWKS_PRIVATE_KEY" | mindent 10 "|" | msquote }}
clients:
- client_id: 'penpot'
client_name: 'Penpot'
client_secret: $pbkdf2-sha512$310000$WuYHbHrVI3wMn/tZXwDTMA$WnS0VoR4jLNQnXjJUN46EfnC4QMdpdnNcYsGvSCpkbzguO4of.tCgAeLsfzLgWn9CSGMt20TZOQfc/7IbfwBHg
redirect_uris: 'https://penpot.gasdev.fr/api/auth/oauth/oidc/callback'
token_endpoint_auth_method: 'client_secret_post'
authorization_policy: 'one_factor'
scopes:
- 'email'
- 'openid'
- 'profile'
- client_id: 'outline'
client_name: 'Outline'
client_secret: '$pbkdf2-sha512$310000$KykggigTF2ZRKzEdHqPD0A$TV66lPDqlTodPjFGMpxMUaeQPywHliW8yTXfXsMh4EBkYI3cIqmDc.z6Yk/3/So2.HqsRWwfPlEHmBn9Esq/4A'
public: false
authorization_policy: 'one_factor'
redirect_uris:
- 'https://outline.gasdev.fr/auth/oidc.callback'
scopes:
- 'openid'
- 'offline_access'
- 'profile'
- 'email'
userinfo_signed_response_alg: 'none'
token_endpoint_auth_method: 'client_secret_post'
authentication_backend:
password_reset:
disable: false
file:
path: '/data/users_database.yml'
password:
algorithm: 'argon2'
password_policy:
standard:
enabled: true
min_length: 10
max_length: 128
require_uppercase: true
require_lowercase: true
require_number: true
require_special: true
storage:
local:
path: /data/db.sqlite3
notifier:
smtp:
address: 'smtp.gasdev.fr'
username: 'postmaster@gasdev.fr'
sender: 'Authelia <authelia@gasdev.fr>'
log:
level: 'info'
format: 'json'
totp:
issuer: 'gasdev.fr'
## https://www.authelia.com/c/totp#algorithm
algorithm: 'SHA1'
## https://www.authelia.com/c/totp#digits
digits: 6
period: 30
## See: https://www.authelia.com/c/totp#input-validation to read
skew: 1
webauthn:
disable: true
duo_api:
disable: true
ntp:
address: 'udp://time.cloudflare.com:123'
2024-10-11 20:01:22 +02:00