Documentation ¶
Index ¶
- Constants
- Variables
- func DecodeAlgorithmDigest(encodedDigest string) (digest algorithm.Digest, err error)
- type AccessControl
- type AccessControlNetwork
- type AccessControlNetworkNetworks
- type AccessControlRule
- type AccessControlRuleDomains
- type AccessControlRuleMethods
- type AccessControlRuleNetworks
- type AccessControlRuleQuery
- type AccessControlRuleRegex
- type AccessControlRuleSubjects
- type Address
- func NewAddress(value string) (address *Address, err error)
- func NewAddressDefault(value, schemeDefault, schemeDefaultPath string) (address *Address, err error)
- func NewAddressFromNetworkPathValues(network, host string, port uint16, path string) Address
- func NewAddressFromNetworkValues(network, host string, port uint16) Address
- func NewAddressFromNetworkValuesDefault(value string, port uint16, schemeDefault, schemeDefaultPath string) (address *Address, err error)
- func NewAddressFromURL(u *url.URL) (addr *Address, err error)
- func NewAddressUnix(path string) Address
- func (a *Address) Dial() (net.Conn, error)
- func (a *Address) Host() string
- func (a *Address) Hostname() string
- func (a *Address) IsExplicitlySecure() bool
- func (a *Address) IsTCP() bool
- func (a *Address) IsUDP() bool
- func (a *Address) IsUnixDomainSocket() bool
- func (Address) JSONSchema() *jsonschema.Schema
- func (a *Address) Listener() (ln net.Listener, err error)
- func (a *Address) Network() string
- func (a *Address) NetworkAddress() string
- func (a *Address) Path() string
- func (a *Address) Port() uint16
- func (a *Address) RouterPath() string
- func (a *Address) Scheme() string
- func (a *Address) SetHostname(hostname string)
- func (a *Address) SetPath(path string)
- func (a *Address) SetPort(port uint16)
- func (a *Address) SocketHostname() string
- func (a *Address) String() string
- func (a *Address) Umask() string
- func (a *Address) Valid() bool
- func (a *Address) ValidateHTTP() error
- func (a *Address) ValidateLDAP() error
- func (a *Address) ValidateListener() error
- func (a *Address) ValidateSMTP() error
- func (a *Address) ValidateSQL() error
- type AddressLDAP
- type AddressSMTP
- type AddressTCP
- type AddressUDP
- type AuthenticationBackend
- type AuthenticationBackendFile
- type AuthenticationBackendFilePassword
- type AuthenticationBackendFilePasswordArgon2
- type AuthenticationBackendFilePasswordBCrypt
- type AuthenticationBackendFilePasswordPBKDF2
- type AuthenticationBackendFilePasswordSCrypt
- type AuthenticationBackendFilePasswordSHA2Crypt
- type AuthenticationBackendFileSearch
- type AuthenticationBackendLDAP
- type AuthenticationBackendLDAPAttributes
- type AuthenticationBackendPasswordReset
- type CSPTemplate
- type Configuration
- type CryptographicKey
- type CryptographicPrivateKey
- type DuoAPI
- type ErrorContainer
- type IdentityProviders
- type IdentityProvidersOpenIDConnect
- type IdentityProvidersOpenIDConnectCORS
- type IdentityProvidersOpenIDConnectClient
- type IdentityProvidersOpenIDConnectClientURIs
- type IdentityProvidersOpenIDConnectDiscovery
- type IdentityProvidersOpenIDConnectLifespan
- type IdentityProvidersOpenIDConnectLifespanGrants
- type IdentityProvidersOpenIDConnectLifespanToken
- type IdentityProvidersOpenIDConnectLifespans
- type IdentityProvidersOpenIDConnectPolicy
- type IdentityProvidersOpenIDConnectPolicyRule
- type IdentityValidation
- type IdentityValidationElevatedSession
- type IdentityValidationResetPassword
- type JWK
- type Log
- type NTP
- type Notifier
- type NotifierFileSystem
- type NotifierSMTP
- type PasswordDigest
- func (d *PasswordDigest) GetPlainTextValue() (value []byte, err error)
- func (d *PasswordDigest) IsPlainText() (is bool)
- func (PasswordDigest) JSONSchema() *jsonschema.Schema
- func (d *PasswordDigest) PlainText() (digest *plaintext.Digest, ok bool)
- func (d *PasswordDigest) UnmarshalYAML(value *yaml.Node) (err error)
- func (d *PasswordDigest) Valid() (valid bool)
- type PasswordPolicy
- type PasswordPolicyStandard
- type PasswordPolicyZXCVBN
- type PrivacyPolicy
- type RefreshIntervalDuration
- func (d RefreshIntervalDuration) Always() bool
- func (RefreshIntervalDuration) JSONSchema() *jsonschema.Schema
- func (d RefreshIntervalDuration) Never() bool
- func (d RefreshIntervalDuration) Update() bool
- func (d RefreshIntervalDuration) Valid() bool
- func (d RefreshIntervalDuration) Value() time.Duration
- type Regulation
- type Server
- type ServerBuffers
- type ServerEndpoints
- type ServerEndpointsAuthz
- type ServerEndpointsAuthzAuthnStrategy
- type ServerHeaders
- type ServerTLS
- type ServerTimeouts
- type Session
- type SessionCookie
- type SessionCookieCommon
- type SessionRedis
- type SessionRedisHighAvailability
- type SessionRedisHighAvailabilityNode
- type Storage
- type StorageLocal
- type StorageMySQL
- type StoragePostgreSQL
- type StoragePostgreSQLSSL
- type StorageSQL
- type StructValidator
- func (v *StructValidator) Clear()
- func (v *StructValidator) Errors() []error
- func (v *StructValidator) HasErrors() bool
- func (v *StructValidator) HasWarnings() bool
- func (v *StructValidator) Push(err error)
- func (v *StructValidator) PushWarning(err error)
- func (v *StructValidator) Warnings() []error
- type TLS
- type TLSVersion
- type TOTP
- type Telemetry
- type TelemetryMetrics
- type WebAuthn
- type X509CertificateChain
- func (c *X509CertificateChain) Certificates() (certificates []*x509.Certificate)
- func (c *X509CertificateChain) CertificatesRaw() (certificates [][]byte)
- func (c *X509CertificateChain) EncodePEM() (encoded []byte, err error)
- func (c *X509CertificateChain) Equal(other *x509.Certificate) (equal bool)
- func (c *X509CertificateChain) EqualKey(other any) (equal bool)
- func (c *X509CertificateChain) HasCertificates() (has bool)
- func (X509CertificateChain) JSONSchema() *jsonschema.Schema
- func (c *X509CertificateChain) Leaf() (leaf *x509.Certificate)
- func (c *X509CertificateChain) Thumbprint(hash crypto.Hash) []byte
- func (c *X509CertificateChain) Validate() (err error)
Constants ¶
const ( // TLSVersion13 is the textual representation of TLS 1.3. TLSVersion13 = "TLS1.3" // TLSVersion12 is the textual representation of TLS 1.2. TLSVersion12 = "TLS1.2" // TLSVersion11 is the textual representation of TLS 1.1. TLSVersion11 = "TLS1.1" // TLSVersion10 is the textual representation of TLS 1.0. TLSVersion10 = "TLS1.0" // SSLVersion30 is the textual representation of SSL 3.0. SSLVersion30 = "SSL3.0" // Version13 is the textual representation of version 1.3. Version13 = "1.3" // Version12 is the textual representation of version 1.2. Version12 = "1.2" // Version11 is the textual representation of version 1.1. Version11 = "1.1" // Version10 is the textual representation of version 1.0. Version10 = "1.0" )
const ( // ProfileRefreshAlways represents a value for refresh_interval that's the same as 0ms. ProfileRefreshAlways = "always" // ProfileRefreshDisabled represents a Value for refresh_interval that disables the check entirely. ProfileRefreshDisabled = "disable" // RefreshIntervalDefault represents the default value of refresh_interval. RefreshIntervalDefault = time.Minute * 5 )
const ( // LDAPImplementationCustom is the string for the custom LDAP implementation. LDAPImplementationCustom = "custom" // LDAPImplementationActiveDirectory is the string for the Active Directory LDAP implementation. LDAPImplementationActiveDirectory = "activedirectory" // LDAPImplementationRFC2307bis is the string for the RFC2307bis LDAP implementation. LDAPImplementationRFC2307bis = "rfc2307bis" // LDAPImplementationFreeIPA is the string for the FreeIPA LDAP implementation. LDAPImplementationFreeIPA = "freeipa" // LDAPImplementationLLDAP is the string for the lldap LDAP implementation. LDAPImplementationLLDAP = "lldap" // LDAPImplementationGLAuth is the string for the GLAuth LDAP implementation. LDAPImplementationGLAuth = "glauth" )
const ( // LDAPGroupSearchModeFilter is the string for the filter group search mode. LDAPGroupSearchModeFilter = "filter" // LDAPGroupSearchModeMemberOf is the string for the memberOf group search mode. LDAPGroupSearchModeMemberOf = "memberof" )
const ( TOTPAlgorithmSHA1 = "SHA1" TOTPAlgorithmSHA256 = "SHA256" TOTPAlgorithmSHA512 = "SHA512" )
TOTP Algorithm.
const ( // TOTPSecretSizeDefault is the default secret size. TOTPSecretSizeDefault = 32 // TOTPSecretSizeMinimum is the minimum secret size. TOTPSecretSizeMinimum = 20 )
const ( SchemeBasic = "basic" SchemeBearer = "bearer" )
Authorization Schemes.
const ( AuthzEndpointNameLegacy = "legacy" AuthzEndpointNameAuthRequest = "auth-request" AuthzEndpointNameExtAuthz = "ext-authz" AuthzEndpointNameForwardAuth = "forward-auth" AuthzImplementationLegacy = "Legacy" AuthzImplementationAuthRequest = "AuthRequest" AuthzImplementationExtAuthz = "ExtAuthz" AuthzImplementationForwardAuth = "ForwardAuth" AuthzStrategyHeaderCookieSession = "CookieSession" AuthzStrategyHeaderAuthorization = "HeaderAuthorization" AuthzStrategyHeaderProxyAuthorization = "HeaderProxyAuthorization" AuthzStrategyHeaderAuthRequestProxyAuthorization = "HeaderAuthRequestProxyAuthorization" AuthzStrategyHeaderLegacy = "HeaderLegacy" )
Authz values.
const ( AddressSchemeTCP = "tcp" AddressSchemeTCP4 = "tcp4" AddressSchemeTCP6 = "tcp6" AddressSchemeUDP = "udp" AddressSchemeUDP4 = "udp4" AddressSchemeUDP6 = "udp6" AddressSchemeUnix = "unix" AddressSchemeLDAP = "ldap" AddressSchemeLDAPS = "ldaps" AddressSchemeLDAPI = "ldapi" AddressSchemeSMTP = "smtp" AddressSchemeSUBMISSION = "submission" AddressSchemeSUBMISSIONS = "submissions" )
Address Schemes.
const ( // RememberMeDisabled represents the duration for a disabled remember me session configuration. RememberMeDisabled = time.Second * -1 )
Variables ¶
var DefaultACLNetwork = []AccessControlNetwork{ { Name: "localhost", Networks: []string{"127.0.0.1"}, }, { Name: "internal", Networks: []string{"10.0.0.0/8"}, }, }
DefaultACLNetwork represents the default configuration related to access control network group configuration.
var DefaultACLRule = []AccessControlRule{ { Domains: []string{"public.example.com"}, Policy: "bypass", }, { Domains: []string{"singlefactor.example.com"}, Policy: "one_factor", }, { Domains: []string{"secure.example.com"}, Policy: policyTwoFactor, }, }
DefaultACLRule represents the default configuration related to access control rule configuration.
var DefaultAuthenticationBackendConfig = AuthenticationBackend{ RefreshInterval: NewRefreshIntervalDuration(time.Minute * 5), }
var DefaultCIPasswordConfig = AuthenticationBackendFilePassword{ Algorithm: argon2, Argon2: AuthenticationBackendFilePasswordArgon2{ Iterations: 3, Memory: 64, Parallelism: 4, KeyLength: 32, SaltLength: 16, }, SHA2Crypt: AuthenticationBackendFilePasswordSHA2Crypt{ Variant: sha512, Iterations: 50000, SaltLength: 16, }, }
DefaultCIPasswordConfig represents the default configuration related to Argon2id hashing for CI.
var DefaultIdentityValidation = IdentityValidation{ ResetPassword: IdentityValidationResetPassword{ JWTExpiration: time.Minute * 5, JWTAlgorithm: "HS256", }, ElevatedSession: IdentityValidationElevatedSession{ CodeLifespan: time.Minute * 5, ElevationLifespan: time.Minute * 10, Characters: 8, }, }
DefaultIdentityValidation has the default values for the IdentityValidation configuration.
var DefaultLDAPAuthenticationBackendConfigurationImplementationActiveDirectory = AuthenticationBackendLDAP{ UsersFilter: "(&(|({username_attribute}={input})({mail_attribute}={input}))(sAMAccountType=805306368)(!(userAccountControl:1.2.840.113556.1.4.803:=2))(!(pwdLastSet=0))(|(!(accountExpires=*))(accountExpires=0)(accountExpires>={date-time:microsoft-nt})))", GroupsFilter: "(&(member={dn})(|(sAMAccountType=268435456)(sAMAccountType=536870912)))", GroupSearchMode: ldapGroupSearchModeFilter, Attributes: AuthenticationBackendLDAPAttributes{ DistinguishedName: ldapAttrDistinguishedName, Username: ldapAttrSAMAccountName, DisplayName: ldapAttrDisplayName, Mail: ldapAttrMail, MemberOf: ldapAttrMemberOf, GroupName: ldapAttrCommonName, }, Timeout: time.Second * 5, TLS: &TLS{ MinimumVersion: TLSVersion{tls.VersionTLS12}, }, }
DefaultLDAPAuthenticationBackendConfigurationImplementationActiveDirectory represents the default LDAP config for the LDAPImplementationActiveDirectory Implementation.
var DefaultLDAPAuthenticationBackendConfigurationImplementationCustom = AuthenticationBackendLDAP{ GroupSearchMode: ldapGroupSearchModeFilter, Attributes: AuthenticationBackendLDAPAttributes{ Username: ldapAttrUserID, DisplayName: ldapAttrDisplayName, Mail: ldapAttrMail, GroupName: ldapAttrCommonName, }, Timeout: time.Second * 5, TLS: &TLS{ MinimumVersion: TLSVersion{tls.VersionTLS12}, }, }
DefaultLDAPAuthenticationBackendConfigurationImplementationCustom represents the default LDAP config.
var DefaultLDAPAuthenticationBackendConfigurationImplementationFreeIPA = AuthenticationBackendLDAP{ UsersFilter: "(&(|({username_attribute}={input})({mail_attribute}={input}))(objectClass=person)(!(nsAccountLock=TRUE))(krbPasswordExpiration>={date-time:generalized})(|(!(krbPrincipalExpiration=*))(krbPrincipalExpiration>={date-time:generalized})))", GroupsFilter: "(&(member={dn})(objectClass=groupOfNames))", GroupSearchMode: ldapGroupSearchModeFilter, Attributes: AuthenticationBackendLDAPAttributes{ Username: ldapAttrUserID, DisplayName: ldapAttrDisplayName, Mail: ldapAttrMail, MemberOf: ldapAttrMemberOf, GroupName: ldapAttrCommonName, }, Timeout: time.Second * 5, TLS: &TLS{ MinimumVersion: TLSVersion{tls.VersionTLS12}, }, }
DefaultLDAPAuthenticationBackendConfigurationImplementationFreeIPA represents the default LDAP config for the LDAPImplementationFreeIPA Implementation.
var DefaultLDAPAuthenticationBackendConfigurationImplementationGLAuth = AuthenticationBackendLDAP{ UsersFilter: "(&(|({username_attribute}={input})({mail_attribute}={input}))(objectClass=posixAccount)(!(accountStatus=inactive)))", GroupsFilter: "(&(uniqueMember={dn})(objectClass=posixGroup))", GroupSearchMode: ldapGroupSearchModeFilter, Attributes: AuthenticationBackendLDAPAttributes{ Username: ldapAttrCommonName, DisplayName: ldapAttrDescription, Mail: ldapAttrMail, MemberOf: ldapAttrMemberOf, GroupName: ldapAttrCommonName, }, Timeout: time.Second * 5, TLS: &TLS{ MinimumVersion: TLSVersion{tls.VersionTLS12}, }, }
DefaultLDAPAuthenticationBackendConfigurationImplementationGLAuth represents the default LDAP config for the LDAPImplementationGLAuth Implementation.
var DefaultLDAPAuthenticationBackendConfigurationImplementationLLDAP = AuthenticationBackendLDAP{ AdditionalUsersDN: "OU=people", AdditionalGroupsDN: "OU=groups", UsersFilter: "(&(|({username_attribute}={input})({mail_attribute}={input}))(objectClass=person))", GroupsFilter: "(&(member={dn})(objectClass=groupOfUniqueNames))", GroupSearchMode: ldapGroupSearchModeFilter, Attributes: AuthenticationBackendLDAPAttributes{ Username: ldapAttrUserID, DisplayName: ldapAttrCommonName, Mail: ldapAttrMail, MemberOf: ldapAttrMemberOf, GroupName: ldapAttrCommonName, }, Timeout: time.Second * 5, TLS: &TLS{ MinimumVersion: TLSVersion{tls.VersionTLS12}, }, }
DefaultLDAPAuthenticationBackendConfigurationImplementationLLDAP represents the default LDAP config for the LDAPImplementationLLDAP Implementation.
var DefaultLDAPAuthenticationBackendConfigurationImplementationRFC2307bis = AuthenticationBackendLDAP{ UsersFilter: "(&(|({username_attribute}={input})({mail_attribute}={input}))(|(objectClass=inetOrgPerson)(objectClass=organizationalPerson)))", GroupsFilter: "(&(|(member={dn})(uniqueMember={dn}))(|(objectClass=groupOfNames)(objectClass=groupOfUniqueNames)(objectClass=groupOfMembers))(!(pwdReset=TRUE)))", GroupSearchMode: ldapGroupSearchModeFilter, Attributes: AuthenticationBackendLDAPAttributes{ Username: ldapAttrUserID, DisplayName: ldapAttrDisplayName, Mail: ldapAttrMail, MemberOf: ldapAttrMemberOf, GroupName: ldapAttrCommonName, }, Timeout: time.Second * 5, TLS: &TLS{ MinimumVersion: TLSVersion{tls.VersionTLS12}, }, }
DefaultLDAPAuthenticationBackendConfigurationImplementationRFC2307bis represents the default LDAP config for the LDAPImplementationRFC2307bis Implementation.
var DefaultLoggingConfiguration = Log{
Level: "info",
Format: "text",
}
DefaultLoggingConfiguration is the default logging configuration.
var DefaultMySQLStorageConfiguration = StorageMySQL{ StorageSQL: StorageSQL{ Address: &AddressTCP{Address{true, false, -1, 3306, &url.URL{Scheme: AddressSchemeTCP, Host: "localhost:3306"}}}, }, TLS: &TLS{ MinimumVersion: TLSVersion{tls.VersionTLS12}, }, }
DefaultMySQLStorageConfiguration represents the default MySQL configuration.
var DefaultNTPConfiguration = NTP{ Address: &AddressUDP{Address{valid: true, socket: false, port: 123, url: &url.URL{Scheme: AddressSchemeUDP, Host: "time.cloudflare.com:123"}}}, Version: 4, MaximumDesync: time.Second * 3, }
DefaultNTPConfiguration represents default configuration parameters for the NTP server.
var DefaultOpenIDConnectClientConfiguration = IdentityProvidersOpenIDConnectClient{ AuthorizationPolicy: policyTwoFactor, Scopes: []string{"openid", "groups", "profile", "email"}, ResponseTypes: []string{"code"}, ResponseModes: []string{"form_post"}, AuthorizationSignedResponseAlg: "none", IDTokenSignedResponseAlg: "RS256", AccessTokenSignedResponseAlg: "none", UserinfoSignedResponseAlg: "none", IntrospectionSignedResponseAlg: "none", RequestedAudienceMode: "explicit", ConsentMode: "auto", ConsentPreConfiguredDuration: &defaultOIDCClientConsentPreConfiguredDuration, }
DefaultOpenIDConnectClientConfiguration contains defaults for OIDC Clients.
var DefaultOpenIDConnectConfiguration = IdentityProvidersOpenIDConnect{ Lifespans: IdentityProvidersOpenIDConnectLifespans{ IdentityProvidersOpenIDConnectLifespanToken: IdentityProvidersOpenIDConnectLifespanToken{ AccessToken: time.Hour, AuthorizeCode: time.Minute, IDToken: time.Hour, RefreshToken: time.Minute * 90, }, }, EnforcePKCE: "public_clients_only", }
DefaultOpenIDConnectConfiguration contains defaults for OIDC.
var DefaultOpenIDConnectPolicyConfiguration = IdentityProvidersOpenIDConnectPolicy{
DefaultPolicy: policyTwoFactor,
}
var DefaultPasswordConfig = AuthenticationBackendFilePassword{ Algorithm: argon2, Argon2: AuthenticationBackendFilePasswordArgon2{ Variant: argon2id, Iterations: 3, Memory: 64 * 1024, Parallelism: 4, KeyLength: 32, SaltLength: 16, }, SHA2Crypt: AuthenticationBackendFilePasswordSHA2Crypt{ Variant: sha512, Iterations: 50000, SaltLength: 16, }, PBKDF2: AuthenticationBackendFilePasswordPBKDF2{ Variant: sha512, Iterations: 310000, SaltLength: 16, }, BCrypt: AuthenticationBackendFilePasswordBCrypt{ Variant: "standard", Cost: 12, }, SCrypt: AuthenticationBackendFilePasswordSCrypt{ Iterations: 16, BlockSize: 8, Parallelism: 1, KeyLength: 32, SaltLength: 16, }, }
DefaultPasswordConfig represents the default configuration related to Argon2id hashing.
var DefaultPasswordPolicyConfiguration = PasswordPolicy{ Standard: PasswordPolicyStandard{ MinLength: 8, MaxLength: 0, }, ZXCVBN: PasswordPolicyZXCVBN{ MinScore: 3, }, }
DefaultPasswordPolicyConfiguration is the default password policy configuration.
var DefaultPostgreSQLStorageConfiguration = StoragePostgreSQL{ StorageSQL: StorageSQL{ Address: &AddressTCP{Address{true, false, -1, 5432, &url.URL{Scheme: AddressSchemeTCP, Host: "localhost:5432"}}}, }, Schema: "public", TLS: &TLS{ MinimumVersion: TLSVersion{tls.VersionTLS12}, }, SSL: &StoragePostgreSQLSSL{ Mode: "disable", }, }
DefaultPostgreSQLStorageConfiguration represents the default PostgreSQL configuration.
var DefaultRedisConfiguration = SessionRedis{ Port: 6379, MaximumActiveConnections: 8, TLS: &TLS{ MinimumVersion: TLSVersion{Value: tls.VersionTLS12}, }, }
DefaultRedisConfiguration is the default redis configuration.
var DefaultRedisHighAvailabilityConfiguration = SessionRedis{ Port: 26379, MaximumActiveConnections: 8, TLS: &TLS{ MinimumVersion: TLSVersion{Value: tls.VersionTLS12}, }, }
DefaultRedisHighAvailabilityConfiguration is the default redis configuration.
var DefaultRegulationConfiguration = Regulation{ MaxRetries: 3, FindTime: time.Minute * 2, BanTime: time.Minute * 5, }
DefaultRegulationConfiguration represents default configuration parameters for the regulator.
var DefaultSMTPNotifierConfiguration = NotifierSMTP{ Address: &AddressSMTP{Address{true, false, -1, 25, &url.URL{Scheme: AddressSchemeSMTP, Host: "localhost:25"}}}, Timeout: time.Second * 5, Subject: "[Authelia] {title}", Identifier: "localhost", StartupCheckAddress: mail.Address{Name: "Authelia Test", Address: "test@authelia.com"}, TLS: &TLS{ MinimumVersion: TLSVersion{tls.VersionTLS12}, }, }
DefaultSMTPNotifierConfiguration represents default configuration parameters for the SMTP notifier.
var DefaultSQLStorageConfiguration = StorageSQL{ Timeout: 5 * time.Second, }
DefaultSQLStorageConfiguration represents the default SQL configuration.
var DefaultServerConfiguration = Server{ Address: &AddressTCP{Address{true, false, -1, 9091, &url.URL{Scheme: AddressSchemeTCP, Host: ":9091", Path: "/"}}}, Buffers: ServerBuffers{ Read: 4096, Write: 4096, }, Timeouts: ServerTimeouts{ Read: time.Second * 6, Write: time.Second * 6, Idle: time.Second * 30, }, Endpoints: ServerEndpoints{ Authz: map[string]ServerEndpointsAuthz{ AuthzEndpointNameLegacy: { Implementation: AuthzImplementationLegacy, AuthnStrategies: []ServerEndpointsAuthzAuthnStrategy{ { Name: AuthzStrategyHeaderLegacy, }, { Name: AuthzStrategyHeaderCookieSession, }, }, }, AuthzEndpointNameAuthRequest: { Implementation: AuthzImplementationAuthRequest, AuthnStrategies: []ServerEndpointsAuthzAuthnStrategy{ { Name: AuthzStrategyHeaderAuthorization, Schemes: []string{SchemeBasic}, }, { Name: AuthzStrategyHeaderCookieSession, }, }, }, AuthzEndpointNameExtAuthz: { Implementation: AuthzImplementationExtAuthz, AuthnStrategies: []ServerEndpointsAuthzAuthnStrategy{ { Name: AuthzStrategyHeaderAuthorization, Schemes: []string{SchemeBasic}, }, { Name: AuthzStrategyHeaderCookieSession, }, }, }, AuthzEndpointNameForwardAuth: { Implementation: AuthzImplementationForwardAuth, AuthnStrategies: []ServerEndpointsAuthzAuthnStrategy{ { Name: AuthzStrategyHeaderAuthorization, Schemes: []string{SchemeBasic}, }, { Name: AuthzStrategyHeaderCookieSession, }, }, }, }, }, }
DefaultServerConfiguration represents the default values of the Server.
var DefaultSessionConfiguration = Session{ SessionCookieCommon: SessionCookieCommon{ Name: "authelia_session", Expiration: time.Hour, Inactivity: time.Minute * 5, RememberMe: time.Hour * 24 * 30, SameSite: "lax", }, }
DefaultSessionConfiguration is the default session configuration.
var DefaultTOTPConfiguration = TOTP{ Issuer: "Authelia", DefaultAlgorithm: TOTPAlgorithmSHA1, DefaultDigits: 6, DefaultPeriod: 30, Skew: &defaultTOTPSkew, SecretSize: TOTPSecretSizeDefault, AllowedAlgorithms: []string{TOTPAlgorithmSHA1}, AllowedDigits: []int{6}, AllowedPeriods: []int{30}, }
DefaultTOTPConfiguration represents default configuration parameters for TOTP generation.
var DefaultTelemetryConfig = Telemetry{ Metrics: TelemetryMetrics{ Address: &AddressTCP{Address{true, false, -1, 9959, &url.URL{Scheme: AddressSchemeTCP, Host: ":9959", Path: "/metrics"}}}, Buffers: ServerBuffers{ Read: 4096, Write: 4096, }, Timeouts: ServerTimeouts{ Read: time.Second * 6, Write: time.Second * 6, Idle: time.Second * 30, }, }, }
DefaultTelemetryConfig is the default telemetry configuration.
var DefaultWebAuthnConfiguration = WebAuthn{ DisplayName: "Authelia", Timeout: time.Second * 60, ConveyancePreference: protocol.PreferIndirectAttestation, UserVerification: protocol.VerificationPreferred, }
DefaultWebAuthnConfiguration describes the default values for the WebAuthn.
var ErrTLSVersionNotSupported = errors.New("supplied tls version isn't supported")
ErrTLSVersionNotSupported returned when an unknown TLS version supplied.
var Keys = []string{}/* 348 elements not displayed */
Keys is a list of valid schema keys detected by reflecting over a schema.Configuration struct.
var ( // TOTPPossibleAlgorithms is a list of valid TOTP Algorithms. TOTPPossibleAlgorithms = []string{TOTPAlgorithmSHA1, TOTPAlgorithmSHA256, TOTPAlgorithmSHA512} )
Functions ¶
Types ¶
type AccessControl ¶ added in v4.38.0
type AccessControl struct { // The default policy if no other policy matches the request. DefaultPolicy string `` /* 262-byte string literal not displayed */ // Represents a list of named network groups. Networks []AccessControlNetwork `` /* 155-byte string literal not displayed */ // The ACL rules list. Rules []AccessControlRule `` /* 130-byte string literal not displayed */ }
AccessControl represents the configuration related to ACLs.
type AccessControlNetwork ¶ added in v4.38.0
type AccessControlNetwork struct { Name string `` /* 172-byte string literal not displayed */ Networks AccessControlNetworkNetworks `` /* 172-byte string literal not displayed */ }
AccessControlNetwork represents one ACL network group entry.
type AccessControlNetworkNetworks ¶ added in v4.38.0
type AccessControlNetworkNetworks []string
AccessControlNetworkNetworks represents the ACL AccessControlNetworkNetworks type.
func (AccessControlNetworkNetworks) JSONSchema ¶ added in v4.38.0
func (AccessControlNetworkNetworks) JSONSchema() *jsonschema.Schema
type AccessControlRule ¶ added in v4.38.0
type AccessControlRule struct { Domains AccessControlRuleDomains `` /* 197-byte string literal not displayed */ DomainsRegex AccessControlRuleRegex `` /* 208-byte string literal not displayed */ Policy string `` /* 201-byte string literal not displayed */ Subjects AccessControlRuleSubjects `` /* 147-byte string literal not displayed */ Networks AccessControlRuleNetworks `` /* 179-byte string literal not displayed */ Resources AccessControlRuleRegex `` /* 171-byte string literal not displayed */ Methods AccessControlRuleMethods `` /* 298-byte string literal not displayed */ Query [][]AccessControlRuleQuery `` /* 138-byte string literal not displayed */ }
AccessControlRule represents one ACL rule entry.
type AccessControlRuleDomains ¶ added in v4.38.0
type AccessControlRuleDomains []string
func (AccessControlRuleDomains) JSONSchema ¶ added in v4.38.0
func (AccessControlRuleDomains) JSONSchema() *jsonschema.Schema
type AccessControlRuleMethods ¶ added in v4.38.0
type AccessControlRuleMethods []string
func (AccessControlRuleMethods) JSONSchema ¶ added in v4.38.0
func (AccessControlRuleMethods) JSONSchema() *jsonschema.Schema
type AccessControlRuleNetworks ¶ added in v4.38.0
type AccessControlRuleNetworks []string
func (AccessControlRuleNetworks) JSONSchema ¶ added in v4.38.0
func (AccessControlRuleNetworks) JSONSchema() *jsonschema.Schema
type AccessControlRuleQuery ¶ added in v4.38.0
type AccessControlRuleQuery struct { Operator string `` /* 222-byte string literal not displayed */ Key string `koanf:"key" json:"key" jsonschema:"required,title=Key" jsonschema_description:"The Query Parameter key this rule applies to."` Value any `koanf:"value" json:"value" jsonschema:"title=Value" jsonschema_description:"The Query Parameter value for this rule."` }
AccessControlRuleQuery represents the ACL query criteria.
type AccessControlRuleRegex ¶ added in v4.38.0
AccessControlRuleRegex represents the ACL AccessControlRuleSubjects type.
func (AccessControlRuleRegex) JSONSchema ¶ added in v4.38.0
func (AccessControlRuleRegex) JSONSchema() *jsonschema.Schema
type AccessControlRuleSubjects ¶ added in v4.38.0
type AccessControlRuleSubjects [][]string
AccessControlRuleSubjects represents the ACL AccessControlRuleSubjects type.
func (AccessControlRuleSubjects) JSONSchema ¶ added in v4.38.0
func (AccessControlRuleSubjects) JSONSchema() *jsonschema.Schema
type Address ¶ added in v4.36.0
type Address struct {
// contains filtered or unexported fields
}
Address represents an address.
func NewAddress ¶ added in v4.36.0
NewAddress returns an *Address and error depending on the ability to parse the string as an Address. It also assumes any value without a scheme which looks like a path is the 'unix' scheme, and everything else without a scheme is the 'tcp' scheme.
func NewAddressDefault ¶ added in v4.38.0
func NewAddressDefault(value, schemeDefault, schemeDefaultPath string) (address *Address, err error)
NewAddressDefault returns an *Address and error depending on the ability to parse the string as an Address. It also assumes any value without a scheme which looks like a path is the schemeDefaultPath scheme, and everything else without a scheme is the schemeDefault scheme.
func NewAddressFromNetworkPathValues ¶ added in v4.38.0
NewAddressFromNetworkPathValues returns an *Address from network values and a path.
func NewAddressFromNetworkValues ¶ added in v4.38.0
NewAddressFromNetworkValues returns an *Address from network values.
func NewAddressFromNetworkValuesDefault ¶ added in v4.38.0
func NewAddressFromNetworkValuesDefault(value string, port uint16, schemeDefault, schemeDefaultPath string) (address *Address, err error)
NewAddressFromNetworkValuesDefault returns an *Address and error depending on the ability to parse the string as an Address. It also assumes any value without a scheme which looks like a path is the schemeDefaultPath scheme, and everything else without a scheme is the schemeDefault scheme.
func NewAddressFromURL ¶ added in v4.36.2
NewAddressFromURL returns an *Address and error depending on the ability to parse the *url.URL as an Address.
func NewAddressUnix ¶ added in v4.38.0
NewAddressUnix returns an *Address from a path value.
func (*Address) Hostname ¶ added in v4.38.0
Hostname returns the output of the *url.URL Hostname func.
func (*Address) IsExplicitlySecure ¶ added in v4.38.0
IsExplicitlySecure returns true if the address is an explicitly secure.
func (*Address) IsTCP ¶ added in v4.38.0
IsTCP returns true if the address is one of the TCP schemes (not including application schemes that use TCP).
func (*Address) IsUDP ¶ added in v4.38.0
IsUDP returns true if the address is one of the UDP schemes (not including application schemes that use UDP).
func (*Address) IsUnixDomainSocket ¶ added in v4.38.0
IsUnixDomainSocket returns true if the address has been determined to be a Unix Domain Socket.
func (Address) JSONSchema ¶ added in v4.38.0
func (Address) JSONSchema() *jsonschema.Schema
JSONSchema returns the appropriate *jsonschema.Schema for this type.
func (*Address) Network ¶ added in v4.38.0
Network returns the Scheme() if it's appropriate for the net packages network arguments otherwise it returns tcp.
func (*Address) NetworkAddress ¶ added in v4.38.0
NetworkAddress returns a string representation of the Address with just the host and port.
func (*Address) RouterPath ¶ added in v4.38.0
RouterPath returns the path the server router uses for serving up requests. Should be the same as Path unless the path query parameter has been set.
func (*Address) SetHostname ¶ added in v4.38.0
SetHostname sets the hostname preserving the port.
func (*Address) SocketHostname ¶ added in v4.38.0
SocketHostname returns the correct hostname for a socket connection.
func (*Address) ValidateHTTP ¶ added in v4.38.0
ValidateHTTP returns true if the Address is valid for a HTTP connection listener.
func (*Address) ValidateLDAP ¶ added in v4.38.0
ValidateLDAP returns true if the Address has a value Scheme for an LDAP connection opener.
func (*Address) ValidateListener ¶ added in v4.38.0
ValidateListener returns true if the Address is valid for a connection listener.
func (*Address) ValidateSMTP ¶ added in v4.38.0
ValidateSMTP returns true if the Address is valid for a remote SMTP connection opener.
func (*Address) ValidateSQL ¶ added in v4.38.0
ValidateSQL returns true if the Address is valid for a remote SQL connection opener.
type AddressLDAP ¶ added in v4.38.0
type AddressLDAP struct {
Address
}
AddressLDAP is just a type with an underlying type of Address.
func (AddressLDAP) JSONSchema ¶ added in v4.38.0
func (AddressLDAP) JSONSchema() *jsonschema.Schema
JSONSchema returns the appropriate *jsonschema.Schema for this type.
type AddressSMTP ¶ added in v4.38.0
type AddressSMTP struct {
Address
}
AddressSMTP is just a type with an underlying type of Address.
func NewSMTPAddress ¶ added in v4.38.0
func NewSMTPAddress(scheme, host string, port uint16) *AddressSMTP
NewSMTPAddress returns an *AddressSMTP from SMTP values.
func (AddressSMTP) JSONSchema ¶ added in v4.38.0
func (AddressSMTP) JSONSchema() *jsonschema.Schema
JSONSchema returns the appropriate *jsonschema.Schema for this type.
type AddressTCP ¶ added in v4.38.0
type AddressTCP struct {
Address
}
AddressTCP is just a type with an underlying type of Address.
func (AddressTCP) JSONSchema ¶ added in v4.38.0
func (AddressTCP) JSONSchema() *jsonschema.Schema
JSONSchema returns the appropriate *jsonschema.Schema for this type.
type AddressUDP ¶ added in v4.38.0
type AddressUDP struct {
Address
}
AddressUDP is just a type with an underlying type of Address.
func (AddressUDP) JSONSchema ¶ added in v4.38.0
func (AddressUDP) JSONSchema() *jsonschema.Schema
JSONSchema returns the appropriate *jsonschema.Schema for this type.
type AuthenticationBackend ¶ added in v4.37.0
type AuthenticationBackend struct { PasswordReset AuthenticationBackendPasswordReset `` /* 157-byte string literal not displayed */ RefreshInterval RefreshIntervalDuration `` /* 191-byte string literal not displayed */ // The file authentication backend configuration. File *AuthenticationBackendFile `` /* 128-byte string literal not displayed */ LDAP *AuthenticationBackendLDAP `` /* 128-byte string literal not displayed */ }
AuthenticationBackend represents the configuration related to the authentication backend.
type AuthenticationBackendFile ¶ added in v4.38.0
type AuthenticationBackendFile struct { Path string `koanf:"path" json:"path" jsonschema:"title=Path" jsonschema_description:"The file path to the user database."` Watch bool `` /* 177-byte string literal not displayed */ Password AuthenticationBackendFilePassword `` /* 204-byte string literal not displayed */ Search AuthenticationBackendFileSearch `koanf:"search" json:"search" jsonschema:"title=Search" jsonschema_description:"Configures the user searching behaviour."` }
AuthenticationBackendFile represents the configuration related to file-based backend.
type AuthenticationBackendFilePassword ¶ added in v4.38.0
type AuthenticationBackendFilePassword struct { Algorithm string `` /* 205-byte string literal not displayed */ Argon2 AuthenticationBackendFilePasswordArgon2 `` /* 129-byte string literal not displayed */ SHA2Crypt AuthenticationBackendFilePasswordSHA2Crypt `` /* 141-byte string literal not displayed */ PBKDF2 AuthenticationBackendFilePasswordPBKDF2 `` /* 129-byte string literal not displayed */ BCrypt AuthenticationBackendFilePasswordBCrypt `` /* 129-byte string literal not displayed */ SCrypt AuthenticationBackendFilePasswordSCrypt `` /* 129-byte string literal not displayed */ // Deprecated: Use individual password options instead. Iterations int `koanf:"iterations" json:"iterations" jsonschema:"deprecated,title=Iterations"` // Deprecated: Use individual password options instead. Memory int `koanf:"memory" json:"memory" jsonschema:"deprecated,title=Memory"` // Deprecated: Use individual password options instead. Parallelism int `koanf:"parallelism" json:"parallelism" jsonschema:"deprecated,title=Parallelism"` // Deprecated: Use individual password options instead. KeyLength int `koanf:"key_length" json:"key_length" jsonschema:"deprecated,title=Key Length"` // Deprecated: Use individual password options instead. SaltLength int `koanf:"salt_length" json:"salt_length" jsonschema:"deprecated,title=Salt Length"` }
AuthenticationBackendFilePassword represents the configuration related to password hashing.
type AuthenticationBackendFilePasswordArgon2 ¶ added in v4.38.0
type AuthenticationBackendFilePasswordArgon2 struct { Variant string `` /* 170-byte string literal not displayed */ Iterations int `` /* 159-byte string literal not displayed */ Memory int `` /* 189-byte string literal not displayed */ Parallelism int `` /* 190-byte string literal not displayed */ KeyLength int `` /* 161-byte string literal not displayed */ SaltLength int `` /* 158-byte string literal not displayed */ }
AuthenticationBackendFilePasswordArgon2 represents the argon2 hashing settings.
type AuthenticationBackendFilePasswordBCrypt ¶ added in v4.38.0
type AuthenticationBackendFilePasswordBCrypt struct { Variant string `` /* 156-byte string literal not displayed */ Cost int `` /* 134-byte string literal not displayed */ }
AuthenticationBackendFilePasswordBCrypt represents the bcrypt hashing settings.
type AuthenticationBackendFilePasswordPBKDF2 ¶ added in v4.38.0
type AuthenticationBackendFilePasswordPBKDF2 struct { Variant string `` /* 186-byte string literal not displayed */ Iterations int `` /* 174-byte string literal not displayed */ SaltLength int `` /* 169-byte string literal not displayed */ }
AuthenticationBackendFilePasswordPBKDF2 represents the PBKDF2 hashing settings.
type AuthenticationBackendFilePasswordSCrypt ¶ added in v4.38.0
type AuthenticationBackendFilePasswordSCrypt struct { Iterations int `` /* 157-byte string literal not displayed */ BlockSize int `` /* 171-byte string literal not displayed */ Parallelism int `` /* 174-byte string literal not displayed */ KeyLength int `` /* 167-byte string literal not displayed */ SaltLength int `` /* 163-byte string literal not displayed */ }
AuthenticationBackendFilePasswordSCrypt represents the scrypt hashing settings.
type AuthenticationBackendFilePasswordSHA2Crypt ¶ added in v4.38.0
type AuthenticationBackendFilePasswordSHA2Crypt struct { Variant string `` /* 155-byte string literal not displayed */ Iterations int `` /* 192-byte string literal not displayed */ SaltLength int `` /* 164-byte string literal not displayed */ }
AuthenticationBackendFilePasswordSHA2Crypt represents the sha2crypt hashing settings.
type AuthenticationBackendFileSearch ¶ added in v4.38.0
type AuthenticationBackendFileSearch struct { Email bool `` /* 183-byte string literal not displayed */ CaseInsensitive bool `` /* 184-byte string literal not displayed */ }
AuthenticationBackendFileSearch represents the configuration related to file-based backend searching.
type AuthenticationBackendLDAP ¶ added in v4.38.0
type AuthenticationBackendLDAP struct { Address *AddressLDAP `koanf:"address" json:"address" jsonschema:"title=Address" jsonschema_description:"The address of the LDAP directory server."` Implementation string `` /* 263-byte string literal not displayed */ Timeout time.Duration `` /* 146-byte string literal not displayed */ StartTLS bool `` /* 130-byte string literal not displayed */ TLS *TLS `koanf:"tls" json:"tls" jsonschema:"title=TLS" jsonschema_description:"The LDAP directory server TLS connection properties."` BaseDN string `` /* 128-byte string literal not displayed */ AdditionalUsersDN string `` /* 202-byte string literal not displayed */ UsersFilter string `` /* 146-byte string literal not displayed */ AdditionalGroupsDN string `` /* 206-byte string literal not displayed */ GroupsFilter string `` /* 150-byte string literal not displayed */ GroupSearchMode string `` /* 215-byte string literal not displayed */ Attributes AuthenticationBackendLDAPAttributes `koanf:"attributes" json:"attributes"` PermitReferrals bool `` /* 155-byte string literal not displayed */ PermitUnauthenticatedBind bool `` /* 225-byte string literal not displayed */ PermitFeatureDetectionFailure bool `` /* 256-byte string literal not displayed */ User string `koanf:"user" json:"user" jsonschema:"title=User" jsonschema_description:"The user distinguished name for LDAP binding."` Password string `` /* 130-byte string literal not displayed */ }
AuthenticationBackendLDAP represents the configuration related to LDAP server.
type AuthenticationBackendLDAPAttributes ¶ added in v4.38.0
type AuthenticationBackendLDAPAttributes struct { DistinguishedName string `` /* 212-byte string literal not displayed */ Username string `` /* 175-byte string literal not displayed */ DisplayName string `` /* 191-byte string literal not displayed */ Mail string `` /* 178-byte string literal not displayed */ MemberOf string `` /* 171-byte string literal not displayed */ GroupName string `` /* 179-byte string literal not displayed */ }
AuthenticationBackendLDAPAttributes represents the configuration related to LDAP server attributes.
type AuthenticationBackendPasswordReset ¶ added in v4.38.0
type AuthenticationBackendPasswordReset struct { Disable bool `` /* 132-byte string literal not displayed */ CustomURL url.URL `` /* 186-byte string literal not displayed */ }
AuthenticationBackendPasswordReset represents the configuration related to password reset functionality.
type CSPTemplate ¶ added in v4.38.0
type CSPTemplate string
type Configuration ¶
type Configuration struct { Theme string `` /* 182-byte string literal not displayed */ CertificatesDirectory string `` /* 218-byte string literal not displayed */ Default2FAMethod string `` /* 239-byte string literal not displayed */ Log Log `koanf:"log" json:"log" jsonschema:"title=Log" jsonschema_description:"Logging Configuration."` IdentityProviders IdentityProviders `` /* 149-byte string literal not displayed */ AuthenticationBackend AuthenticationBackend `` /* 165-byte string literal not displayed */ Session Session `koanf:"session" json:"session" jsonschema:"title=Session" jsonschema_description:"Session Configuration."` TOTP TOTP `koanf:"totp" json:"totp" jsonschema:"title=TOTP" jsonschema_description:"Time-based One-Time Password Configuration."` DuoAPI DuoAPI `koanf:"duo_api" json:"duo_api" jsonschema:"title=Duo API" jsonschema_description:"Duo API Configuration."` AccessControl AccessControl `` /* 133-byte string literal not displayed */ NTP NTP `koanf:"ntp" json:"ntp" jsonschema:"title=NTP" jsonschema_description:"Network Time Protocol Configuration."` Regulation Regulation `koanf:"regulation" json:"regulation" jsonschema:"title=Regulation" jsonschema_description:"Regulation Configuration."` Storage Storage `koanf:"storage" json:"storage" jsonschema:"title=Storage" jsonschema_description:"Storage Configuration."` Notifier Notifier `koanf:"notifier" json:"notifier" jsonschema:"title=Notifier" jsonschema_description:"Notifier Configuration."` Server Server `koanf:"server" json:"server" jsonschema:"title=Server" jsonschema_description:"Server Configuration."` Telemetry Telemetry `koanf:"telemetry" json:"telemetry" jsonschema:"title=Telemetry" jsonschema_description:"Telemetry Configuration."` WebAuthn WebAuthn `koanf:"webauthn" json:"webauthn" jsonschema:"title=WebAuthn" jsonschema_description:"WebAuthn Configuration."` PasswordPolicy PasswordPolicy `` /* 137-byte string literal not displayed */ PrivacyPolicy PrivacyPolicy `` /* 133-byte string literal not displayed */ IdentityValidation IdentityValidation `` /* 153-byte string literal not displayed */ // Deprecated: Use the session cookies option with the same name instead. DefaultRedirectionURL *url.URL `` /* 131-byte string literal not displayed */ }
Configuration object extracted from YAML configuration file.
type CryptographicKey ¶ added in v4.38.0
type CryptographicKey any
CryptographicKey represents an artificial cryptographic public or private key.
type CryptographicPrivateKey ¶ added in v4.37.0
type CryptographicPrivateKey interface { Public() crypto.PublicKey Equal(x crypto.PrivateKey) bool }
CryptographicPrivateKey represents the actual crypto.PrivateKey interface.
type DuoAPI ¶ added in v4.38.0
type DuoAPI struct { Disable bool `` /* 129-byte string literal not displayed */ Hostname string `` /* 150-byte string literal not displayed */ IntegrationKey string `` /* 162-byte string literal not displayed */ SecretKey string `` /* 142-byte string literal not displayed */ EnableSelfEnrollment bool `` /* 174-byte string literal not displayed */ }
DuoAPI represents the configuration related to Duo API.
type ErrorContainer ¶
type ErrorContainer interface { Push(err error) PushWarning(err error) HasErrors() bool HasWarnings() bool Errors() []error Warnings() []error }
ErrorContainer represents a container where we can add errors and retrieve them.
type IdentityProviders ¶ added in v4.38.0
type IdentityProviders struct {
OIDC *IdentityProvidersOpenIDConnect `koanf:"oidc" json:"oidc"`
}
IdentityProviders represents the Identity Providers configuration for Authelia.
type IdentityProvidersOpenIDConnect ¶ added in v4.38.0
type IdentityProvidersOpenIDConnect struct { HMACSecret string `` /* 138-byte string literal not displayed */ JSONWebKeys []JWK `` /* 160-byte string literal not displayed */ EnableClientDebugMessages bool `` /* 206-byte string literal not displayed */ MinimumParameterEntropy int `` /* 201-byte string literal not displayed */ EnforcePKCE string `` /* 252-byte string literal not displayed */ EnablePKCEPlainChallenge bool `` /* 233-byte string literal not displayed */ EnableJWTAccessTokenStatelessIntrospection bool `` /* 291-byte string literal not displayed */ DiscoverySignedResponseAlg string `` /* 365-byte string literal not displayed */ DiscoverySignedResponseKeyID string `` /* 291-byte string literal not displayed */ RequirePushedAuthorizationRequests bool `` /* 244-byte string literal not displayed */ CORS IdentityProvidersOpenIDConnectCORS `` /* 129-byte string literal not displayed */ Clients []IdentityProvidersOpenIDConnectClient `koanf:"clients" json:"clients" jsonschema:"title=Clients" jsonschema_description:"OpenID Connect 1.0 clients registry."` AuthorizationPolicies map[string]IdentityProvidersOpenIDConnectPolicy `` /* 165-byte string literal not displayed */ Lifespans IdentityProvidersOpenIDConnectLifespans `koanf:"lifespans" json:"lifespans" jsonschema:"title=Lifespans" jsonschema_description:"Token lifespans configuration."` Discovery IdentityProvidersOpenIDConnectDiscovery `json:"-"` // MetaData value. Not configurable by users. IssuerCertificateChain X509CertificateChain `` /* 220-byte string literal not displayed */ IssuerPrivateKey *rsa.PrivateKey `` /* 197-byte string literal not displayed */ }
IdentityProvidersOpenIDConnect represents the configuration for OpenID Connect 1.0.
type IdentityProvidersOpenIDConnectCORS ¶ added in v4.38.0
type IdentityProvidersOpenIDConnectCORS struct { Endpoints []string `` /* 260-byte string literal not displayed */ AllowedOrigins []*url.URL `` /* 170-byte string literal not displayed */ AllowedOriginsFromClientRedirectURIs bool `` /* 267-byte string literal not displayed */ }
IdentityProvidersOpenIDConnectCORS represents an OpenID Connect 1.0 CORS config.
type IdentityProvidersOpenIDConnectClient ¶ added in v4.38.0
type IdentityProvidersOpenIDConnectClient struct { ID string `koanf:"client_id" json:"client_id" jsonschema:"required,minLength=1,title=Client ID" jsonschema_description:"The Client ID."` Name string `` /* 134-byte string literal not displayed */ Secret *PasswordDigest `` /* 145-byte string literal not displayed */ SectorIdentifierURI *url.URL `` /* 207-byte string literal not displayed */ Public bool `koanf:"public" json:"public" jsonschema:"default=false,title=Public" jsonschema_description:"Enables the Public Client Type."` RedirectURIs IdentityProvidersOpenIDConnectClientURIs `` /* 135-byte string literal not displayed */ RequestURIs IdentityProvidersOpenIDConnectClientURIs `` /* 131-byte string literal not displayed */ Audience []string `` /* 127-byte string literal not displayed */ Scopes []string `` /* 253-byte string literal not displayed */ GrantTypes []string `` /* 262-byte string literal not displayed */ ResponseTypes []string `` /* 286-byte string literal not displayed */ ResponseModes []string `` /* 270-byte string literal not displayed */ AuthorizationPolicy string `` /* 171-byte string literal not displayed */ Lifespan string `` /* 150-byte string literal not displayed */ RequestedAudienceMode string `` /* 208-byte string literal not displayed */ ConsentMode string `` /* 194-byte string literal not displayed */ ConsentPreConfiguredDuration *time.Duration `` /* 261-byte string literal not displayed */ RequirePushedAuthorizationRequests bool `` /* 270-byte string literal not displayed */ RequirePKCE bool `` /* 174-byte string literal not displayed */ PKCEChallengeMethod string `` /* 196-byte string literal not displayed */ AuthorizationSignedResponseAlg string `` /* 352-byte string literal not displayed */ AuthorizationSignedResponseKeyID string `` /* 287-byte string literal not displayed */ IDTokenSignedResponseAlg string `` /* 312-byte string literal not displayed */ IDTokenSignedResponseKeyID string `` /* 232-byte string literal not displayed */ AccessTokenSignedResponseAlg string `` /* 337-byte string literal not displayed */ AccessTokenSignedResponseKeyID string `` /* 260-byte string literal not displayed */ UserinfoSignedResponseAlg string `` /* 332-byte string literal not displayed */ UserinfoSignedResponseKeyID string `` /* 262-byte string literal not displayed */ IntrospectionSignedResponseAlg string `` /* 352-byte string literal not displayed */ IntrospectionSignedResponseKeyID string `` /* 287-byte string literal not displayed */ RequestObjectSigningAlg string `` /* 319-byte string literal not displayed */ TokenEndpointAuthSigningAlg string `` /* 372-byte string literal not displayed */ TokenEndpointAuthMethod string `` /* 315-byte string literal not displayed */ AllowMultipleAuthenticationMethods bool `` /* 320-byte string literal not displayed */ JSONWebKeysURI *url.URL `` /* 255-byte string literal not displayed */ JSONWebKeys []JWK `` /* 217-byte string literal not displayed */ Discovery IdentityProvidersOpenIDConnectDiscovery `json:"-"` // MetaData value. Not configurable by users. }
IdentityProvidersOpenIDConnectClient represents a configuration for an OpenID Connect 1.0 client.
type IdentityProvidersOpenIDConnectClientURIs ¶ added in v4.38.7
type IdentityProvidersOpenIDConnectClientURIs []string
func (IdentityProvidersOpenIDConnectClientURIs) JSONSchema ¶ added in v4.38.7
func (IdentityProvidersOpenIDConnectClientURIs) JSONSchema() *jsonschema.Schema
type IdentityProvidersOpenIDConnectDiscovery ¶ added in v4.38.0
type IdentityProvidersOpenIDConnectDiscovery struct { AuthorizationPolicies []string Lifespans []string DefaultKeyIDs map[string]string DefaultKeyID string ResponseObjectSigningKeyIDs []string ResponseObjectSigningAlgs []string RequestObjectSigningAlgs []string JWTResponseAccessTokens bool BearerAuthorization bool }
IdentityProvidersOpenIDConnectDiscovery is information discovered during validation reused for the discovery handlers.
type IdentityProvidersOpenIDConnectLifespan ¶ added in v4.38.0
type IdentityProvidersOpenIDConnectLifespan struct { IdentityProvidersOpenIDConnectLifespanToken `koanf:",squash"` Grants IdentityProvidersOpenIDConnectLifespanGrants `` /* 146-byte string literal not displayed */ }
IdentityProvidersOpenIDConnectLifespan allows tuning the lifespans for OpenID Connect 1.0 issued tokens.
type IdentityProvidersOpenIDConnectLifespanGrants ¶ added in v4.38.0
type IdentityProvidersOpenIDConnectLifespanGrants struct { AuthorizeCode IdentityProvidersOpenIDConnectLifespanToken `` /* 173-byte string literal not displayed */ Implicit IdentityProvidersOpenIDConnectLifespanToken `` /* 158-byte string literal not displayed */ ClientCredentials IdentityProvidersOpenIDConnectLifespanToken `` /* 189-byte string literal not displayed */ RefreshToken IdentityProvidersOpenIDConnectLifespanToken `` /* 169-byte string literal not displayed */ JWTBearer IdentityProvidersOpenIDConnectLifespanToken `` /* 157-byte string literal not displayed */ }
IdentityProvidersOpenIDConnectLifespanGrants allows tuning the lifespans for each grant type.
type IdentityProvidersOpenIDConnectLifespanToken ¶ added in v4.38.0
type IdentityProvidersOpenIDConnectLifespanToken struct { AccessToken time.Duration `` /* 168-byte string literal not displayed */ AuthorizeCode time.Duration `` /* 178-byte string literal not displayed */ IDToken time.Duration `` /* 152-byte string literal not displayed */ RefreshToken time.Duration `` /* 171-byte string literal not displayed */ }
IdentityProvidersOpenIDConnectLifespanToken allows tuning the lifespans for each token type.
type IdentityProvidersOpenIDConnectLifespans ¶ added in v4.38.0
type IdentityProvidersOpenIDConnectLifespans struct { IdentityProvidersOpenIDConnectLifespanToken `koanf:",squash"` JWTSecuredAuthorization time.Duration `` /* 222-byte string literal not displayed */ Custom map[string]IdentityProvidersOpenIDConnectLifespan `` /* 156-byte string literal not displayed */ }
type IdentityProvidersOpenIDConnectPolicy ¶ added in v4.38.0
type IdentityProvidersOpenIDConnectPolicy struct { DefaultPolicy string `` /* 188-byte string literal not displayed */ Rules []IdentityProvidersOpenIDConnectPolicyRule `koanf:"rules" json:"rules" jsonschema:"title=Rules" jsonschema_description:"The list of rules for this policy."` }
IdentityProvidersOpenIDConnectPolicy configuration for OpenID Connect 1.0 authorization policies.
type IdentityProvidersOpenIDConnectPolicyRule ¶ added in v4.38.0
type IdentityProvidersOpenIDConnectPolicyRule struct { Policy string `` /* 155-byte string literal not displayed */ Subjects AccessControlRuleSubjects `` /* 146-byte string literal not displayed */ }
IdentityProvidersOpenIDConnectPolicyRule configuration for OpenID Connect 1.0 authorization policies rules.
type IdentityValidation ¶ added in v4.38.0
type IdentityValidation struct { ResetPassword IdentityValidationResetPassword `` /* 160-byte string literal not displayed */ ElevatedSession IdentityValidationElevatedSession `` /* 222-byte string literal not displayed */ }
IdentityValidation represents the configuration for identity verification actions/flows.
type IdentityValidationElevatedSession ¶ added in v4.38.0
type IdentityValidationElevatedSession struct { CodeLifespan time.Duration `` /* 208-byte string literal not displayed */ ElevationLifespan time.Duration `` /* 228-byte string literal not displayed */ Characters int `` /* 179-byte string literal not displayed */ RequireSecondFactor bool `` /* 222-byte string literal not displayed */ SkipSecondFactor bool `` /* 229-byte string literal not displayed */ }
IdentityValidationElevatedSession represents the tunable aspects of the credential control identity verification action/flow.
type IdentityValidationResetPassword ¶ added in v4.38.0
type IdentityValidationResetPassword struct { JWTExpiration time.Duration `` /* 218-byte string literal not displayed */ JWTAlgorithm string `` /* 237-byte string literal not displayed */ JWTSecret string `` /* 161-byte string literal not displayed */ }
IdentityValidationResetPassword represents the tunable aspects of the reset password identity verification action/flow.
type JWK ¶ added in v4.38.0
type JWK struct { KeyID string `koanf:"key_id" json:"key_id" jsonschema:"maxLength=100,title=Key ID" jsonschema_description:"The ID of this JWK."` Use string `koanf:"use" json:"use" jsonschema:"default=sig,enum=sig,title=Use" jsonschema_description:"The Use of this JWK."` Algorithm string `` /* 247-byte string literal not displayed */ Key CryptographicKey `koanf:"key" json:"key" jsonschema_description:"The Private/Public key material of this JWK in Base64 PEM format."` CertificateChain X509CertificateChain `` /* 203-byte string literal not displayed */ }
JWK represents a JWK.
type Log ¶ added in v4.38.0
type Log struct { Level string `` /* 199-byte string literal not displayed */ Format string `` /* 127-byte string literal not displayed */ FilePath string `` /* 244-byte string literal not displayed */ KeepStdout bool `` /* 164-byte string literal not displayed */ }
Log represents the logging configuration.
type NTP ¶ added in v4.38.0
type NTP struct { Address *AddressUDP `koanf:"address" json:"address" jsonschema:"title=NTP Address" jsonschema_description:"The remote address of the NTP server."` Version int `koanf:"version" json:"version" jsonschema:"enum=3,enum=4,title=NTP Version" jsonschema_description:"The NTP Version to use."` MaximumDesync time.Duration `` /* 176-byte string literal not displayed */ DisableStartupCheck bool `` /* 179-byte string literal not displayed */ DisableFailure bool `` /* 207-byte string literal not displayed */ }
NTP represents the configuration related to ntp server.
type Notifier ¶ added in v4.38.0
type Notifier struct { DisableStartupCheck bool `` /* 176-byte string literal not displayed */ FileSystem *NotifierFileSystem `koanf:"filesystem" json:"filesystem" jsonschema:"title=File System" jsonschema_description:"The File System notifier."` SMTP *NotifierSMTP `koanf:"smtp" json:"smtp" jsonschema:"title=SMTP" jsonschema_description:"The SMTP notifier."` TemplatePath string `` /* 142-byte string literal not displayed */ }
Notifier represents the configuration of the notifier to use when sending notifications to users.
type NotifierFileSystem ¶ added in v4.38.0
type NotifierFileSystem struct {
Filename string `koanf:"filename" json:"filename" jsonschema:"title=Filename" jsonschema_description:"The file path of the notifications."`
}
NotifierFileSystem represents the configuration of the notifier writing emails in a file.
type NotifierSMTP ¶ added in v4.38.0
type NotifierSMTP struct { Address *AddressSMTP `` /* 135-byte string literal not displayed */ Timeout time.Duration `` /* 136-byte string literal not displayed */ Username string `koanf:"username" json:"username" jsonschema:"title=Username" jsonschema_description:"The username for SMTP authentication."` Password string `koanf:"password" json:"password" jsonschema:"title=Password" jsonschema_description:"The password for SMTP authentication."` Identifier string `` /* 159-byte string literal not displayed */ Sender mail.Address `koanf:"sender" json:"sender" jsonschema:"title=Sender" jsonschema_description:"The sender used for SMTP."` Subject string `` /* 134-byte string literal not displayed */ StartupCheckAddress mail.Address `` /* 223-byte string literal not displayed */ DisableRequireTLS bool `` /* 169-byte string literal not displayed */ DisableHTMLEmails bool `` /* 212-byte string literal not displayed */ DisableStartTLS bool `` /* 272-byte string literal not displayed */ TLS *TLS `koanf:"tls" json:"tls" jsonschema:"title=TLS" jsonschema_description:"The SMTP server TLS connection properties."` // Deprecated: use address instead. Host string `koanf:"host" json:"host" jsonschema:"deprecated"` // Deprecated: use address instead. Port int `koanf:"port" json:"port" jsonschema:"deprecated"` }
NotifierSMTP represents the configuration of the SMTP server to send emails with.
type PasswordDigest ¶ added in v4.37.0
PasswordDigest is a configuration type for the crypt.Digest.
func DecodePasswordDigest ¶ added in v4.37.3
func DecodePasswordDigest(encodedDigest string) (digest *PasswordDigest, err error)
DecodePasswordDigest returns a new PasswordDigest if it can be decoded.
func NewPasswordDigest ¶ added in v4.37.0
func NewPasswordDigest(digest algorithm.Digest) *PasswordDigest
NewPasswordDigest returns a new *PasswordDigest from an algorithm.Digest.
func (*PasswordDigest) GetPlainTextValue ¶ added in v4.38.0
func (d *PasswordDigest) GetPlainTextValue() (value []byte, err error)
GetPlainTextValue returns a *plaintext.Digest's byte value from Key() and an error. If the PasswordDigest is not a plaintext.Digest then it returns nil and an error, otherwise it returns the value and nil.
func (*PasswordDigest) IsPlainText ¶ added in v4.38.0
func (d *PasswordDigest) IsPlainText() (is bool)
IsPlainText returns true if the underlying algorithm.Digest is a *plaintext.Digest.
func (PasswordDigest) JSONSchema ¶ added in v4.38.0
func (PasswordDigest) JSONSchema() *jsonschema.Schema
JSONSchema returns the JSON Schema information for the PasswordDigest type.
func (*PasswordDigest) PlainText ¶ added in v4.38.0
func (d *PasswordDigest) PlainText() (digest *plaintext.Digest, ok bool)
PlainText returns a *plaintext.Digest and boolean. If the PasswordDigest is not a plaintext.Digest then it returns nil, false, otherwise it returns the value and true.
func (*PasswordDigest) UnmarshalYAML ¶ added in v4.38.0
func (d *PasswordDigest) UnmarshalYAML(value *yaml.Node) (err error)
func (*PasswordDigest) Valid ¶ added in v4.38.8
func (d *PasswordDigest) Valid() (valid bool)
Valid returns true if this digest has a value.
type PasswordPolicy ¶ added in v4.38.0
type PasswordPolicy struct { Standard PasswordPolicyStandard `koanf:"standard" json:"standard" jsonschema:"title=Standard" jsonschema_description:"The standard password policy engine."` ZXCVBN PasswordPolicyZXCVBN `koanf:"zxcvbn" json:"zxcvbn" jsonschema:"title=ZXCVBN" jsonschema_description:"The ZXCVBN password policy engine."` }
PasswordPolicy represents the configuration related to password policy.
type PasswordPolicyStandard ¶ added in v4.38.0
type PasswordPolicyStandard struct { Enabled bool `` /* 141-byte string literal not displayed */ MinLength int `koanf:"min_length" json:"min_length" jsonschema:"title=Minimum Length" jsonschema_description:"Minimum password length."` MaxLength int `` /* 130-byte string literal not displayed */ RequireUppercase bool `` /* 156-byte string literal not displayed */ RequireLowercase bool `` /* 156-byte string literal not displayed */ RequireNumber bool `` /* 145-byte string literal not displayed */ RequireSpecial bool `` /* 149-byte string literal not displayed */ }
PasswordPolicyStandard represents the configuration related to standard parameters of password policy.
type PasswordPolicyZXCVBN ¶ added in v4.38.0
type PasswordPolicyZXCVBN struct { Enabled bool `` /* 139-byte string literal not displayed */ MinScore int `` /* 136-byte string literal not displayed */ }
PasswordPolicyZXCVBN represents the configuration related to ZXCVBN parameters of password policy.
type PrivacyPolicy ¶ added in v4.38.0
type PrivacyPolicy struct { Enabled bool `` /* 138-byte string literal not displayed */ RequireUserAcceptance bool `` /* 200-byte string literal not displayed */ PolicyURL *url.URL `koanf:"policy_url" json:"policy_url" jsonschema:"title=Policy URL" jsonschema_description:"The URL of the privacy policy."` }
PrivacyPolicy is the privacy policy configuration.
type RefreshIntervalDuration ¶ added in v4.38.0
type RefreshIntervalDuration struct {
// contains filtered or unexported fields
}
RefreshIntervalDuration is a special time.Duration for the refresh interval.
func NewRefreshIntervalDuration ¶ added in v4.38.0
func NewRefreshIntervalDuration(value time.Duration) RefreshIntervalDuration
NewRefreshIntervalDuration returns a RefreshIntervalDuration given a time.Duration.
func NewRefreshIntervalDurationAlways ¶ added in v4.38.0
func NewRefreshIntervalDurationAlways() RefreshIntervalDuration
NewRefreshIntervalDurationAlways returns a RefreshIntervalDuration with an always value.
func NewRefreshIntervalDurationNever ¶ added in v4.38.0
func NewRefreshIntervalDurationNever() RefreshIntervalDuration
NewRefreshIntervalDurationNever returns a RefreshIntervalDuration with a never value.
func (RefreshIntervalDuration) Always ¶ added in v4.38.0
func (d RefreshIntervalDuration) Always() bool
Always returns true if the interval is always.
func (RefreshIntervalDuration) JSONSchema ¶ added in v4.38.0
func (RefreshIntervalDuration) JSONSchema() *jsonschema.Schema
JSONSchema provides the json-schema formatting.
func (RefreshIntervalDuration) Never ¶ added in v4.38.0
func (d RefreshIntervalDuration) Never() bool
Never returns true if the interval is never.
func (RefreshIntervalDuration) Update ¶ added in v4.38.0
func (d RefreshIntervalDuration) Update() bool
Update returns true if the session could require updates.
func (RefreshIntervalDuration) Valid ¶ added in v4.38.0
func (d RefreshIntervalDuration) Valid() bool
Valid returns true if the value was correctly newed up.
func (RefreshIntervalDuration) Value ¶ added in v4.38.0
func (d RefreshIntervalDuration) Value() time.Duration
Value returns the time.Duration.
type Regulation ¶ added in v4.38.0
type Regulation struct { MaxRetries int `` /* 179-byte string literal not displayed */ FindTime time.Duration `` /* 185-byte string literal not displayed */ BanTime time.Duration `` /* 202-byte string literal not displayed */ }
Regulation represents the configuration related to regulation.
type Server ¶ added in v4.38.0
type Server struct { Address *AddressTCP `` /* 129-byte string literal not displayed */ AssetPath string `` /* 146-byte string literal not displayed */ DisableHealthcheck bool `` /* 172-byte string literal not displayed */ TLS ServerTLS `koanf:"tls" json:"tls" jsonschema:"title=TLS" jsonschema_description:"The server TLS configuration."` Headers ServerHeaders `koanf:"headers" json:"headers" jsonschema:"title=Headers" jsonschema_description:"The server headers configuration."` Endpoints ServerEndpoints `koanf:"endpoints" json:"endpoints" jsonschema:"title=Endpoints" jsonschema_description:"The server endpoints configuration."` Buffers ServerBuffers `koanf:"buffers" json:"buffers" jsonschema:"title=Buffers" jsonschema_description:"The server buffers configuration."` Timeouts ServerTimeouts `koanf:"timeouts" json:"timeouts" jsonschema:"title=Timeouts" jsonschema_description:"The server timeouts configuration."` }
Server represents the configuration of the http server.
type ServerBuffers ¶ added in v4.36.4
type ServerBuffers struct { Read int `koanf:"read" json:"read" jsonschema:"default=4096,title=Read" jsonschema_description:"The read buffer size."` Write int `koanf:"write" json:"write" jsonschema:"default=4096,title=Write" jsonschema_description:"The write buffer size."` }
ServerBuffers represents server buffer configurations.
type ServerEndpoints ¶ added in v4.38.0
type ServerEndpoints struct { EnablePprof bool `` /* 235-byte string literal not displayed */ EnableExpvars bool `` /* 243-byte string literal not displayed */ Authz map[string]ServerEndpointsAuthz `koanf:"authz" json:"authz" jsonschema:"title=Authz" jsonschema_description:"Configures the Authorization endpoints."` }
ServerEndpoints is the endpoints configuration for the HTTP server.
type ServerEndpointsAuthz ¶ added in v4.38.0
type ServerEndpointsAuthz struct { Implementation string `` /* 231-byte string literal not displayed */ AuthnStrategies []ServerEndpointsAuthzAuthnStrategy `` /* 173-byte string literal not displayed */ }
ServerEndpointsAuthz is the Authz endpoints configuration for the HTTP server.
type ServerEndpointsAuthzAuthnStrategy ¶ added in v4.38.0
type ServerEndpointsAuthzAuthnStrategy struct { Name string `` /* 253-byte string literal not displayed */ Schemes []string `` /* 208-byte string literal not displayed */ }
ServerEndpointsAuthzAuthnStrategy is the Authz endpoints configuration for the HTTP server.
type ServerHeaders ¶ added in v4.38.0
type ServerHeaders struct {
CSPTemplate CSPTemplate `` /* 135-byte string literal not displayed */
}
ServerHeaders represents the customization of the http server headers.
type ServerTLS ¶ added in v4.38.0
type ServerTLS struct { Certificate string `koanf:"certificate" json:"certificate" jsonschema:"title=Certificate" jsonschema_description:"Path to the Certificate."` Key string `koanf:"key" json:"key" jsonschema:"title=Key" jsonschema_description:"Path to the Private Key."` ClientCertificates []string `` /* 181-byte string literal not displayed */ }
ServerTLS represents the configuration of the http servers TLS options.
type ServerTimeouts ¶ added in v4.36.4
type ServerTimeouts struct { Read time.Duration `koanf:"read" json:"read" jsonschema:"default=6 seconds,title=Read" jsonschema_description:"The read timeout."` Write time.Duration `koanf:"write" json:"write" jsonschema:"default=6 seconds,title=Write" jsonschema_description:"The write timeout."` Idle time.Duration `koanf:"idle" json:"idle" jsonschema:"default=30 seconds,title=Idle" jsonschema_description:"The idle timeout."` }
ServerTimeouts represents server timeout configurations.
type Session ¶ added in v4.38.0
type Session struct { SessionCookieCommon `koanf:",squash"` Secret string `koanf:"secret" json:"secret" jsonschema:"title=Secret" jsonschema_description:"Secret used to encrypt the session data."` Cookies []SessionCookie `koanf:"cookies" json:"cookies" jsonschema:"title=Cookies" jsonschema_description:"List of cookie domain configurations."` Redis *SessionRedis `koanf:"redis" json:"redis" jsonschema:"title=Redis" jsonschema_description:"Redis Session Provider configuration."` // Deprecated: Use the session cookies option with the same name instead. Domain string `koanf:"domain" json:"domain" jsonschema:"deprecated,title=Domain"` }
Session represents the configuration related to user sessions.
type SessionCookie ¶ added in v4.38.0
type SessionCookie struct { SessionCookieCommon `koanf:",squash"` Domain string `` /* 145-byte string literal not displayed */ AutheliaURL *url.URL `` /* 190-byte string literal not displayed */ DefaultRedirectionURL *url.URL `` /* 208-byte string literal not displayed */ Legacy bool `json:"-"` }
SessionCookie represents the configuration for a cookie domain.
type SessionCookieCommon ¶ added in v4.38.0
type SessionCookieCommon struct { Name string `koanf:"name" json:"name" jsonschema:"default=authelia_session" jsonschema_description:"The session cookie name."` SameSite string `` /* 151-byte string literal not displayed */ Expiration time.Duration `` /* 152-byte string literal not displayed */ Inactivity time.Duration `koanf:"inactivity" json:"inactivity" jsonschema:"default=5 minutes" jsonschema_description:"The session inactivity timeout."` RememberMe time.Duration `` /* 151-byte string literal not displayed */ DisableRememberMe bool `json:"-"` }
type SessionRedis ¶ added in v4.38.0
type SessionRedis struct { Host string `koanf:"host" json:"host" jsonschema:"title=Host" jsonschema_description:"The redis server host."` Port int `koanf:"port" json:"port" jsonschema:"default=6379,title=Host" jsonschema_description:"The redis server port."` Username string `koanf:"username" json:"username" jsonschema:"title=Username" jsonschema_description:"The redis username."` Password string `koanf:"password" json:"password" jsonschema:"title=Password" jsonschema_description:"The redis password."` DatabaseIndex int `` /* 139-byte string literal not displayed */ MaximumActiveConnections int `` /* 212-byte string literal not displayed */ MinimumIdleConnections int `` /* 192-byte string literal not displayed */ TLS *TLS `koanf:"tls" json:"tls"` HighAvailability *SessionRedisHighAvailability `koanf:"high_availability" json:"high_availability"` }
SessionRedis represents the configuration related to redis session store.
type SessionRedisHighAvailability ¶ added in v4.38.0
type SessionRedisHighAvailability struct { SentinelName string `` /* 135-byte string literal not displayed */ SentinelUsername string `` /* 152-byte string literal not displayed */ SentinelPassword string `` /* 152-byte string literal not displayed */ RouteByLatency bool `` /* 155-byte string literal not displayed */ RouteRandomly bool `` /* 147-byte string literal not displayed */ Nodes []SessionRedisHighAvailabilityNode `` /* 135-byte string literal not displayed */ }
SessionRedisHighAvailability holds configuration variables for Redis Cluster/Sentinel.
type SessionRedisHighAvailabilityNode ¶ added in v4.38.0
type SessionRedisHighAvailabilityNode struct { Host string `koanf:"host" json:"host" jsonschema:"title=Host" jsonschema_description:"The redis sentinel node host."` Port int `koanf:"port" json:"port" jsonschema:"default=26379,title=Port" jsonschema_description:"The redis sentinel node port."` }
SessionRedisHighAvailabilityNode Represents a Node.
type Storage ¶ added in v4.38.0
type Storage struct { Local *StorageLocal `` /* 126-byte string literal not displayed */ MySQL *StorageMySQL `` /* 126-byte string literal not displayed */ PostgreSQL *StoragePostgreSQL `` /* 134-byte string literal not displayed */ EncryptionKey string `` /* 194-byte string literal not displayed */ }
Storage represents the configuration of the storage backend.
type StorageLocal ¶ added in v4.38.0
type StorageLocal struct {
Path string `koanf:"path" json:"path" jsonschema:"title=Path" jsonschema_description:"The Path for the SQLite3 database file."`
}
StorageLocal represents the configuration when using local storage.
type StorageMySQL ¶ added in v4.38.0
type StorageMySQL struct { StorageSQL `koanf:",squash"` TLS *TLS `koanf:"tls" json:"tls"` }
StorageMySQL represents the configuration of a MySQL database.
type StoragePostgreSQL ¶ added in v4.38.0
type StoragePostgreSQL struct { StorageSQL `koanf:",squash"` Schema string `` /* 126-byte string literal not displayed */ TLS *TLS `koanf:"tls" json:"tls"` // Deprecated: Use the TLS configuration instead. SSL *StoragePostgreSQLSSL `koanf:"ssl" json:"ssl" jsonschema:"deprecated,title=SSL"` }
StoragePostgreSQL represents the configuration of a PostgreSQL database.
type StoragePostgreSQLSSL ¶ added in v4.38.0
type StoragePostgreSQLSSL struct { Mode string `` /* 209-byte string literal not displayed */ RootCertificate string `` /* 203-byte string literal not displayed */ Certificate string `` /* 183-byte string literal not displayed */ Key string `` /* 159-byte string literal not displayed */ }
StoragePostgreSQLSSL represents the SSL configuration of a PostgreSQL database.
type StorageSQL ¶ added in v4.38.0
type StorageSQL struct { Address *AddressTCP `koanf:"address" json:"address" jsonschema:"title=Address" jsonschema_description:"The address of the database."` Database string `` /* 140-byte string literal not displayed */ Username string `koanf:"username" json:"username" jsonschema:"title=Username" jsonschema_description:"The username to use to authenticate."` Password string `koanf:"password" json:"password" jsonschema:"title=Password" jsonschema_description:"The password to use to authenticate."` Timeout time.Duration `` /* 141-byte string literal not displayed */ }
StorageSQL represents the configuration of the SQL database.
type StructValidator ¶
type StructValidator struct {
// contains filtered or unexported fields
}
StructValidator is a validator for structs.
func NewStructValidator ¶
func NewStructValidator() *StructValidator
NewStructValidator is a constructor of struct validator.
func (*StructValidator) Errors ¶
func (v *StructValidator) Errors() []error
Errors returns the errors.
func (*StructValidator) HasErrors ¶
func (v *StructValidator) HasErrors() bool
HasErrors checks whether the validator contains errors.
func (*StructValidator) HasWarnings ¶
func (v *StructValidator) HasWarnings() bool
HasWarnings checks whether the validator contains warning errors.
func (*StructValidator) Push ¶
func (v *StructValidator) Push(err error)
Push an error to the validator.
func (*StructValidator) PushWarning ¶
func (v *StructValidator) PushWarning(err error)
PushWarning error to the validator.
func (*StructValidator) Warnings ¶
func (v *StructValidator) Warnings() []error
Warnings returns the warnings.
type TLS ¶ added in v4.38.0
type TLS struct { MinimumVersion TLSVersion `` /* 155-byte string literal not displayed */ MaximumVersion TLSVersion `` /* 155-byte string literal not displayed */ SkipVerify bool `` /* 156-byte string literal not displayed */ ServerName string `` /* 169-byte string literal not displayed */ PrivateKey CryptographicPrivateKey `koanf:"private_key" json:"private_key" jsonschema:"title=Private Key" jsonschema_description:"The private key."` CertificateChain X509CertificateChain `` /* 135-byte string literal not displayed */ }
TLS is a representation of the TLS configuration.
type TLSVersion ¶ added in v4.37.0
type TLSVersion struct {
Value uint16
}
TLSVersion is a struct which handles tls.Config versions.
func NewTLSVersion ¶ added in v4.37.0
func NewTLSVersion(input string) (version *TLSVersion, err error)
NewTLSVersion returns a new TLSVersion given a string.
func (TLSVersion) JSONSchema ¶ added in v4.38.0
func (TLSVersion) JSONSchema() *jsonschema.Schema
JSONSchema returns the JSON Schema information for the TLSVersion type.
func (*TLSVersion) MaxVersion ¶ added in v4.37.0
func (v *TLSVersion) MaxVersion() uint16
MaxVersion returns the value of this as a MaxVersion value.
func (*TLSVersion) MinVersion ¶ added in v4.37.0
func (v *TLSVersion) MinVersion() uint16
MinVersion returns the value of this as a MinVersion value.
func (*TLSVersion) String ¶ added in v4.37.0
func (v *TLSVersion) String() string
String provides the Stringer.
type TOTP ¶ added in v4.38.0
type TOTP struct { Disable bool `` /* 133-byte string literal not displayed */ Issuer string `` /* 138-byte string literal not displayed */ DefaultAlgorithm string `` /* 180-byte string literal not displayed */ DefaultDigits int `` /* 145-byte string literal not displayed */ DefaultPeriod int `` /* 132-byte string literal not displayed */ Skew *int `` /* 127-byte string literal not displayed */ SecretSize int `` /* 157-byte string literal not displayed */ AllowedAlgorithms []string `` /* 239-byte string literal not displayed */ AllowedDigits []int `` /* 200-byte string literal not displayed */ AllowedPeriods []int `` /* 191-byte string literal not displayed */ DisableReuseSecurityPolicy bool `` /* 227-byte string literal not displayed */ }
TOTP represents the configuration related to TOTP options.
type Telemetry ¶ added in v4.38.0
type Telemetry struct {
Metrics TelemetryMetrics `` /* 126-byte string literal not displayed */
}
Telemetry represents the telemetry config.
type TelemetryMetrics ¶ added in v4.38.0
type TelemetryMetrics struct { Enabled bool `koanf:"enabled" json:"enabled" jsonschema:"default=false,title=Enabled" jsonschema_description:"Enables the metrics server."` Address *AddressTCP `` /* 152-byte string literal not displayed */ Buffers ServerBuffers `` /* 139-byte string literal not displayed */ Timeouts ServerTimeouts `` /* 143-byte string literal not displayed */ }
TelemetryMetrics represents the telemetry metrics config.
type WebAuthn ¶ added in v4.38.0
type WebAuthn struct { Disable bool `` /* 137-byte string literal not displayed */ DisplayName string `` /* 173-byte string literal not displayed */ ConveyancePreference protocol.ConveyancePreference `` /* 265-byte string literal not displayed */ UserVerification protocol.UserVerificationRequirement `` /* 247-byte string literal not displayed */ Timeout time.Duration `` /* 150-byte string literal not displayed */ }
WebAuthn represents the webauthn config.
type X509CertificateChain ¶ added in v4.37.0
type X509CertificateChain struct {
// contains filtered or unexported fields
}
X509CertificateChain is a helper struct that holds a list of *x509.Certificate's.
func NewX509CertificateChain ¶ added in v4.37.0
func NewX509CertificateChain(in string) (chain *X509CertificateChain, err error)
NewX509CertificateChain creates a new *X509CertificateChain from a given string, parsing each PEM block one by one.
func NewX509CertificateChainFromCerts ¶ added in v4.38.0
func NewX509CertificateChainFromCerts(in []*x509.Certificate) (chain X509CertificateChain)
NewX509CertificateChainFromCerts returns a chain from a given list of certificates without validation.
func (*X509CertificateChain) Certificates ¶ added in v4.37.0
func (c *X509CertificateChain) Certificates() (certificates []*x509.Certificate)
Certificates for this X509CertificateChain.
func (*X509CertificateChain) CertificatesRaw ¶ added in v4.37.0
func (c *X509CertificateChain) CertificatesRaw() (certificates [][]byte)
CertificatesRaw for this X509CertificateChain.
func (*X509CertificateChain) EncodePEM ¶ added in v4.38.0
func (c *X509CertificateChain) EncodePEM() (encoded []byte, err error)
EncodePEM encodes the entire chain as PEM bytes.
func (*X509CertificateChain) Equal ¶ added in v4.37.0
func (c *X509CertificateChain) Equal(other *x509.Certificate) (equal bool)
Equal checks if the provided *x509.Certificate is equal to the first *x509.Certificate in the chain.
func (*X509CertificateChain) EqualKey ¶ added in v4.37.0
func (c *X509CertificateChain) EqualKey(other any) (equal bool)
EqualKey checks if the provided key (public or private) has a public key equal to the first public key in this chain.
func (*X509CertificateChain) HasCertificates ¶ added in v4.37.0
func (c *X509CertificateChain) HasCertificates() (has bool)
HasCertificates returns true if the chain has any certificates.
func (X509CertificateChain) JSONSchema ¶ added in v4.38.0
func (X509CertificateChain) JSONSchema() *jsonschema.Schema
JSONSchema returns the JSON Schema information for the X509CertificateChain type.
func (*X509CertificateChain) Leaf ¶ added in v4.37.0
func (c *X509CertificateChain) Leaf() (leaf *x509.Certificate)
Leaf returns the first certificate if available for use with tls.Certificate.
func (*X509CertificateChain) Thumbprint ¶ added in v4.37.0
func (c *X509CertificateChain) Thumbprint(hash crypto.Hash) []byte
Thumbprint returns the Thumbprint for the first certificate.
func (*X509CertificateChain) Validate ¶ added in v4.37.0
func (c *X509CertificateChain) Validate() (err error)
Validate the X509CertificateChain ensuring the certificates were provided in the correct order (with nth being signed by the nth+1), and that all of the certificates are valid based on the current time.
Source Files ¶
- access_control.go
- authentication.go
- configuration.go
- const.go
- duo.go
- identity_providers.go
- identity_validation.go
- keys.go
- log.go
- notifier.go
- ntp.go
- password_policy.go
- privacy_policy.go
- regulation.go
- server.go
- session.go
- shared.go
- storage.go
- telemetry.go
- totp.go
- types.go
- types_address.go
- types_addresses_nix.go
- validator.go
- webauthn.go