180 lines
5.0 KiB
YAML
180 lines
5.0 KiB
YAML
server:
|
|
address: 0.0.0.0:9091
|
|
|
|
log:
|
|
level: info
|
|
|
|
totp:
|
|
issuer: kolpacksoftware.com
|
|
|
|
webauthn:
|
|
disable: true
|
|
|
|
authentication_backend:
|
|
file:
|
|
path: /config/users_database.yaml
|
|
password:
|
|
algorithm: argon2id
|
|
|
|
access_control:
|
|
default_policy: deny
|
|
rules:
|
|
- domain: auth.kolpacksoftware.com
|
|
policy: bypass
|
|
- domain: ultralytics.kolpacksoftware.com
|
|
policy: one_factor
|
|
- domain: "*.kolpacksoftware.com"
|
|
policy: one_factor
|
|
subject: "group:admins"
|
|
|
|
session:
|
|
cookies:
|
|
- domain: kolpacksoftware.com
|
|
authelia_url: https://auth.kolpacksoftware.com
|
|
default_redirection_url: https://kolpacksoftware.com
|
|
name: authelia_session
|
|
expiration: 1h
|
|
inactivity: 5m
|
|
redis:
|
|
host: authelia-redis
|
|
port: 6379
|
|
|
|
storage:
|
|
local:
|
|
path: /config/db.sqlite3
|
|
|
|
notifier:
|
|
filesystem:
|
|
filename: /config/notifications.txt
|
|
|
|
regulation:
|
|
max_retries: 3
|
|
find_time: 2m
|
|
ban_time: 5m
|
|
|
|
identity_providers:
|
|
oidc:
|
|
hmac_secret: ${AUTHELIA_IDENTITY_PROVIDERS_OIDC_HMAC_SECRET}
|
|
cors:
|
|
endpoints:
|
|
- authorization
|
|
- token
|
|
- revocation
|
|
- introspection
|
|
- userinfo
|
|
allowed_origins_from_client_redirect_uris: true
|
|
jwks:
|
|
- key_id: main
|
|
algorithm: RS256
|
|
use: sig
|
|
# key is host-managed — never commit to git
|
|
# Host copy inlines the PEM content as a YAML block scalar (key: |)
|
|
# using Python to avoid shell $ interpolation of the PEM content.
|
|
# Generate with: openssl genpkey -algorithm RSA -pkeyopt rsa_keygen_bits:4096 -out /srv/authelia/config/oidc.key
|
|
clients:
|
|
- client_id: open-webui
|
|
client_name: Open WebUI
|
|
client_secret: '{{ secret "/config/secrets/oidc_open_webui" }}'
|
|
public: false
|
|
authorization_policy: one_factor
|
|
token_endpoint_auth_method: client_secret_basic
|
|
redirect_uris:
|
|
- https://open-webui.kolpacksoftware.com/oauth/oidc/callback
|
|
scopes:
|
|
- openid
|
|
- profile
|
|
- email
|
|
userinfo_signed_response_alg: none
|
|
|
|
- client_id: immich
|
|
client_name: Immich
|
|
client_secret: '{{ secret "/config/secrets/oidc_immich" }}'
|
|
public: false
|
|
authorization_policy: one_factor
|
|
token_endpoint_auth_method: client_secret_post
|
|
redirect_uris:
|
|
- https://immich.kolpacksoftware.com/auth/login
|
|
- app.immich:///oauth-callback
|
|
scopes:
|
|
- openid
|
|
- profile
|
|
- email
|
|
userinfo_signed_response_alg: none
|
|
|
|
- client_id: linkding
|
|
client_name: Linkding
|
|
client_secret: '{{ secret "/config/secrets/oidc_linkding" }}'
|
|
public: false
|
|
authorization_policy: one_factor
|
|
token_endpoint_auth_method: client_secret_post
|
|
redirect_uris:
|
|
- https://linkding.kolpacksoftware.com/oidc/callback/
|
|
scopes:
|
|
- openid
|
|
- profile
|
|
- email
|
|
- groups
|
|
userinfo_signed_response_alg: none
|
|
|
|
- client_id: ocis
|
|
client_name: ownCloud Infinite Scale
|
|
public: true
|
|
require_pkce: true
|
|
pkce_challenge_method: S256
|
|
authorization_policy: one_factor
|
|
redirect_uris:
|
|
- https://cloud.kolpacksoftware.com/
|
|
- https://cloud.kolpacksoftware.com/oidc-callback.html
|
|
- https://cloud.kolpacksoftware.com/oidc-silent-redirect.html
|
|
- https://cloud.kolpacksoftware.com/apps/openidconnect/redirect
|
|
scopes:
|
|
- openid
|
|
- profile
|
|
- email
|
|
- groups
|
|
- offline_access
|
|
userinfo_signed_response_alg: none
|
|
- client_id: mxd5OQDk6es5LzOzRvidJNfXLUZS2oN3oUFeXPP8LpPrhx3UroJFduGEYIBOxkY1
|
|
client_name: ownCloud iOS
|
|
client_secret: '{{ secret "/config/secrets/oidc_ocis_ios" }}'
|
|
public: false
|
|
require_pkce: true
|
|
pkce_challenge_method: S256
|
|
token_endpoint_auth_method: client_secret_basic
|
|
authorization_policy: one_factor
|
|
response_types:
|
|
- code
|
|
grant_types:
|
|
- authorization_code
|
|
- refresh_token
|
|
redirect_uris:
|
|
- oc://ios.owncloud.com
|
|
scopes:
|
|
- openid
|
|
- profile
|
|
- email
|
|
- offline_access
|
|
userinfo_signed_response_alg: none
|
|
|
|
- client_id: xdXOt13JKxym1B1QcEncf2XDkLAexMBFwiT9j6EfhhHFJhs2KM9jbjTmf8JBXE69
|
|
client_name: ownCloud Desktop
|
|
client_secret: '{{ secret "/config/secrets/oidc_ocis_desktop" }}'
|
|
public: false
|
|
require_pkce: true
|
|
pkce_challenge_method: S256
|
|
token_endpoint_auth_method: client_secret_basic
|
|
authorization_policy: one_factor
|
|
response_types:
|
|
- code
|
|
grant_types:
|
|
- authorization_code
|
|
- refresh_token
|
|
redirect_uris:
|
|
- http://127.0.0.1
|
|
scopes:
|
|
- openid
|
|
- profile
|
|
- email
|
|
- offline_access
|
|
userinfo_signed_response_alg: none
|