theme: 'auto' access_control: default_policy: deny rules: - domain: '*.gasdev.fr' policy: one_factor server: address: 'tcp://:9091/' endpoints: authz: forward-auth: implementation: 'ForwardAuth' session: cookies: - domain: 'gasdev.fr' authelia_url: 'https://auth.gasdev.fr' default_redirection_url: 'https://auth.gasdev.fr/authenticated' identity_providers: oidc: jwks: - key: {{ secret "/secrets/OIDC_JWKS_PRIVATE_KEY" | mindent 10 "|" | msquote }} clients: - client_id: 'penpot' client_name: 'Penpot' client_secret: $pbkdf2-sha512$310000$WuYHbHrVI3wMn/tZXwDTMA$WnS0VoR4jLNQnXjJUN46EfnC4QMdpdnNcYsGvSCpkbzguO4of.tCgAeLsfzLgWn9CSGMt20TZOQfc/7IbfwBHg redirect_uris: 'https://penpot.gasdev.fr/api/auth/oauth/oidc/callback' token_endpoint_auth_method: 'client_secret_post' authorization_policy: 'one_factor' scopes: - 'email' - 'openid' - 'profile' - client_id: 'outline' client_name: 'Outline' client_secret: '$pbkdf2-sha512$310000$KykggigTF2ZRKzEdHqPD0A$TV66lPDqlTodPjFGMpxMUaeQPywHliW8yTXfXsMh4EBkYI3cIqmDc.z6Yk/3/So2.HqsRWwfPlEHmBn9Esq/4A' public: false authorization_policy: 'one_factor' redirect_uris: - 'https://outline.gasdev.fr/auth/oidc.callback' scopes: - 'openid' - 'offline_access' - 'profile' - 'email' userinfo_signed_response_alg: 'none' token_endpoint_auth_method: 'client_secret_post' authentication_backend: password_reset: disable: false file: path: '/data/users_database.yml' password: algorithm: 'argon2' password_policy: standard: enabled: true min_length: 10 max_length: 128 require_uppercase: true require_lowercase: true require_number: true require_special: true storage: local: path: /data/db.sqlite3 notifier: disable_startup_check: true smtp: address: 'submissions://mail.gasdev.fr:465' username: 'postmaster' sender: 'Authelia ' # identifier: 'mail.gasdev.fr' # tls: # server_name: 'mail.gasdev.fr' log: level: 'info' format: 'json' totp: issuer: 'gasdev.fr' ## https://www.authelia.com/c/totp#algorithm algorithm: 'SHA1' ## https://www.authelia.com/c/totp#digits digits: 6 period: 30 ## See: https://www.authelia.com/c/totp#input-validation to read skew: 1 webauthn: disable: true duo_api: disable: true ntp: address: 'udp://time.cloudflare.com:123'