poprhythm
696398a863
path:// scheme not supported for key field in Authelia 4.38. Host copy inlines the PEM as a YAML block scalar written via Python.
95 lines
2.3 KiB
YAML
95 lines
2.3 KiB
YAML
server:
|
|
address: 0.0.0.0:9091
|
|
|
|
log:
|
|
level: info
|
|
|
|
totp:
|
|
issuer: kolpacksoftware.com
|
|
|
|
webauthn:
|
|
disable: true
|
|
|
|
authentication_backend:
|
|
file:
|
|
path: /config/users_database.yaml
|
|
password:
|
|
algorithm: argon2id
|
|
|
|
access_control:
|
|
default_policy: deny
|
|
rules:
|
|
- domain: auth.kolpacksoftware.com
|
|
policy: bypass
|
|
- domain: ultralytics.kolpacksoftware.com
|
|
policy: one_factor
|
|
- domain: "*.kolpacksoftware.com"
|
|
policy: one_factor
|
|
subject: "group:admins"
|
|
|
|
session:
|
|
cookies:
|
|
- domain: kolpacksoftware.com
|
|
authelia_url: https://auth.kolpacksoftware.com
|
|
default_redirection_url: https://kolpacksoftware.com
|
|
name: authelia_session
|
|
expiration: 1h
|
|
inactivity: 5m
|
|
redis:
|
|
host: authelia-redis
|
|
port: 6379
|
|
|
|
storage:
|
|
local:
|
|
path: /config/db.sqlite3
|
|
|
|
notifier:
|
|
filesystem:
|
|
filename: /config/notifications.txt
|
|
|
|
regulation:
|
|
max_retries: 3
|
|
find_time: 2m
|
|
ban_time: 5m
|
|
|
|
identity_providers:
|
|
oidc:
|
|
hmac_secret: ${AUTHELIA_IDENTITY_PROVIDERS_OIDC_HMAC_SECRET}
|
|
jwks:
|
|
- key_id: main
|
|
algorithm: RS256
|
|
use: sig
|
|
# key is host-managed — never commit to git
|
|
# Host copy inlines the PEM content as a YAML block scalar (key: |)
|
|
# using Python to avoid shell $ interpolation of the PEM content.
|
|
# Generate with: openssl genpkey -algorithm RSA -pkeyopt rsa_keygen_bits:4096 -out /srv/authelia/config/oidc.key
|
|
clients:
|
|
- client_id: open-webui
|
|
client_name: Open WebUI
|
|
client_secret: '{{ secret "/config/secrets/oidc_open_webui" }}'
|
|
public: false
|
|
authorization_policy: one_factor
|
|
token_endpoint_auth_method: client_secret_post
|
|
redirect_uris:
|
|
- https://open-webui.kolpacksoftware.com/oauth/oidc/callback
|
|
scopes:
|
|
- openid
|
|
- profile
|
|
- email
|
|
userinfo_signed_response_alg: none
|
|
|
|
- client_id: linkding
|
|
client_name: Linkding
|
|
client_secret: '{{ secret "/config/secrets/oidc_linkding" }}'
|
|
public: false
|
|
authorization_policy: one_factor
|
|
token_endpoint_auth_method: client_secret_post
|
|
redirect_uris:
|
|
- https://linkding.kolpacksoftware.com/oidc/callback/
|
|
scopes:
|
|
- openid
|
|
- profile
|
|
- email
|
|
- groups
|
|
userinfo_signed_response_alg: none
|