diff --git a/authelia/authelia.yaml b/authelia/authelia.yaml index f9e0bfa..c2b8fdb 100644 --- a/authelia/authelia.yaml +++ b/authelia/authelia.yaml @@ -54,7 +54,7 @@ spec: - name: authelia image: ghcr.io/authelia/authelia env: - - name: AUTHELIA_JWT_SECRET_FILE + - name: AUTHELIA_IDENTITY_VALIDATION_RESET_PASSWORD_JWT_SECRET_FILE value: /run/authelia/secrets/jwt.secret - name: AUTHELIA_AUTHENTICATION_BACKEND_LDAP_PASSWORD_FILE value: /run/authelia/secrets/ldap.password diff --git a/authelia/configuration.yml b/authelia/configuration.yml index cd90b39..fd9fa97 100644 --- a/authelia/configuration.yml +++ b/authelia/configuration.yml @@ -74,20 +74,30 @@ authentication_backend: implementation: activedirectory tls: minimum_version: TLS1.2 - url: ldaps://pyrocufflink.blue + address: ldaps://pyrocufflink.blue user: CN=svc.authelia,CN=Users,DC=pyrocufflink,DC=blue certificates_directory: /run/authelia/certs identity_providers: oidc: + claims_policies: + default: + id_token: + - groups + - email + - email_verified + - preferred_username + - name clients: - - id: e20a50c2-55eb-4cb1-96ce-fe71c61c1d89 - description: Jenkins - secret: >- + - client_id: e20a50c2-55eb-4cb1-96ce-fe71c61c1d89 + client_name: Jenkins + client_secret: >- $argon2id$v=19$m=65536,t=3,p=4$qoo6+3ToLbsZOI/BxcppGw$srNBfpIHqpxLh+VfVNNe27A1Ci9dCKLfB8rWXLNkv44 redirect_uris: - https://jenkins.pyrocufflink.blue/securityRealm/finishLogin + response_types: + - code scopes: - openid - groups @@ -97,51 +107,58 @@ identity_providers: authorization_policy: one_factor pre_configured_consent_duration: 8h token_endpoint_auth_method: client_secret_post - - id: kubernetes - description: Kubernetes + - client_id: kubernetes + client_name: Kubernetes public: true + claims_policy: default redirect_uris: - http://localhost:8000 - http://localhost:18000 authorization_policy: one_factor pre_configured_consent_duration: 8h - - id: 1b6adbfc-d9e0-4cab-b780-e410639dc420 - description: MinIO - secret: >- + - client_id: 1b6adbfc-d9e0-4cab-b780-e410639dc420 + client_name: MinIO + client_secret: >- $pbkdf2-sha512$310000$TkQ1BwLrr.d8AVGWk2rLhA$z4euAPhkkZdjcxKFD3tZRtNQ/R78beW7epJ.BGFWSwQdAme5TugNj9Ba.aL5TEqrBDmXRW0xiI9EbxSszckG5A redirect_uris: - https://burp.pyrocufflink.blue:9090/oauth_callback - https://minio.backups.pyrocufflink.blue/oauth_callback - - id: step-ca - description: step-ca + - client_id: step-ca + client_name: step-ca public: true + claims_policy: default redirect_uris: - http://127.0.0.1 pre_configured_consent_duration: 8h - - id: argocd - description: Argo CD + - client_id: argocd + client_name: Argo CD + claims_policy: default pre_configured_consent_duration: 8h redirect_uris: - https://argocd.pyrocufflink.blue/auth/callback - secret: >- + client_secret: >- $pbkdf2-sha512$310000$l/uOezgWjqe3boGLYAnKcg$uqn1FC8Lj2y1NG5Q91PeLfLLUQ.qtlKFLd0AWJ56owLME9mV/Zx8kQ2x7OS/MOoMLmUgKd4zogYKab2HGFr0kw - - id: argocd-cli - description: argocd CLI + - client_id: argocd-cli + client_name: argocd CLI public: true + claims_policy: default pre_configured_consent_duration: 8h audience: - argocd-cli redirect_uris: - http://localhost:8085/auth/callback + response_types: + - code scopes: - openid + - groups - profile - email - - groups - offline_access - - id: sshca - description: SSHCA + - client_id: sshca + client_name: SSHCA public: true + claims_policy: default pre_configured_consent_duration: 4h redirect_uris: - http://127.0.0.1 @@ -157,17 +174,18 @@ log: notifier: smtp: disable_require_tls: true - host: mail.pyrocufflink.blue - port: 25 + address: 'mail.pyrocufflink.blue:25' sender: auth@pyrocufflink.net session: - domain: pyrocufflink.blue expiration: 1d inactivity: 4h redis: host: redis port: 6379 + cookies: + - domain: pyrocufflink.blue + authelia_url: 'https://auth.pyrocufflink.blue' server: buffers: @@ -175,7 +193,7 @@ server: storage: postgres: - host: postgresql.pyrocufflink.blue + address: postgresql.pyrocufflink.blue database: authelia username: authelia password: unused