authelia/internal/suites/OIDCTraefik/configuration.yml

86 lines
2.3 KiB
YAML

---
certificates_directory: '/certs/'
server:
address: 'tcp://:9091'
tls:
certificate: '/pki/public.backend.crt'
key: '/pki/private.backend.pem'
log:
level: 'debug'
storage:
encryption_key: 'a_not_so_secure_encryption_key'
local:
path: '/config/db.sqlite'
notifier:
smtp:
address: 'smtp://mail.example.com:1025'
sender: 'admin@example.com'
identity_validation:
reset_password:
jwt_secret: 'unsecure_secret'
session:
secret: 'unsecure_session_secret'
cookies:
- domain: 'example.com'
authelia_url: 'https://login.example.com:8080'
expiration: '1 hour'
inactivity: '5 minutes'
remember_me: '1 year'
redis:
host: 'redis'
port: 6379
authentication_backend:
file:
path: '/config/users.yml'
totp:
disable_reuse_security_policy: true
webauthn:
disable: false
identity_providers:
oidc:
enable_client_debug_messages: true
hmac_secret: 'IVPWBkAdJHje3uz7LtFTDU2pFUfh39Xm'
jwks:
- key: {{ secret "/pki/private.oidc.pem" | mindent 10 "|" | msquote }}
certificate_chain: {{ secret "/pki/public.oidc.chain.pem" | mindent 10 "|" | msquote }}
clients:
- client_id: 'oidc-tester-app'
client_secret: '$pbkdf2-sha512$310000$EniFUo2z8Yjw3op3lrtuyA$xhopyOyffx2TqsQvEhoMSo1sxywIvJV8HZw/zdf62xtyryY/nkNkdcUV82r.xtd5NuyvZo7DPkOlcffM/Wvsmw' # yamllint disable-line rule:line-length
authorization_policy: 'two_factor'
redirect_uris:
- 'https://oidc.example.com:8080/oauth2/callback'
- client_id: 'oidc-tester-app-public'
client_secret: '$pbkdf2-sha512$310000$EniFUo2z8Yjw3op3lrtuyA$xhopyOyffx2TqsQvEhoMSo1sxywIvJV8HZw/zdf62xtyryY/nkNkdcUV82r.xtd5NuyvZo7DPkOlcffM/Wvsmw' # yamllint disable-line rule:line-length
authorization_policy: 'one_factor'
redirect_uris:
- 'https://oidc-public.example.com:8080/oauth2/callback'
access_control:
default_policy: 'deny'
rules:
- domain: 'home.example.com'
policy: 'bypass'
- domain: 'public.example.com'
policy: 'bypass'
- domain: 'admin.example.com'
policy: 'two_factor'
- domain: 'secure.example.com'
policy: 'two_factor'
- domain: 'singlefactor.example.com'
policy: 'one_factor'
- domain: 'oidc.example.com'
policy: 'two_factor'
- domain: 'oidc-public.example.com'
policy: 'bypass'
...