Documentation ¶
Index ¶
- Constants
- Variables
- type ACLNetwork
- type ACLRule
- type AccessControlConfiguration
- type AuthenticationBackendConfiguration
- type Configuration
- type DuoAPIConfiguration
- type ErrorContainer
- type FileAuthenticationBackendConfiguration
- type FileSystemNotifierConfiguration
- type IdentityProvidersConfiguration
- type LDAPAuthenticationBackendConfiguration
- type LocalStorageConfiguration
- type LogConfiguration
- type MySQLStorageConfiguration
- type NTPConfiguration
- type NotifierConfiguration
- type OpenIDConnectClientConfiguration
- type OpenIDConnectConfiguration
- type PasswordConfiguration
- type PostgreSQLSSLStorageConfiguration
- type PostgreSQLStorageConfiguration
- type RedisHighAvailabilityConfiguration
- type RedisNode
- type RedisSessionConfiguration
- type RegulationConfiguration
- type SMTPNotifierConfiguration
- type SQLStorageConfiguration
- type ServerConfiguration
- type ServerHeadersConfiguration
- type ServerTLSConfiguration
- type SessionConfiguration
- type StorageConfiguration
- type StructValidator
- func (v *StructValidator) Clear()
- func (v *StructValidator) Errors() []error
- func (v *StructValidator) HasErrors() bool
- func (v *StructValidator) HasWarnings() bool
- func (v *StructValidator) Push(err error)
- func (v *StructValidator) PushWarning(err error)
- func (v *StructValidator) Warnings() []error
- type TLSConfig
- type TOTPConfiguration
- type WebauthnConfiguration
Constants ¶
const ( TOTPAlgorithmSHA1 = "SHA1" TOTPAlgorithmSHA256 = "SHA256" TOTPAlgorithmSHA512 = "SHA512" )
TOTP Algorithm.
const LDAPImplementationActiveDirectory = "activedirectory"
LDAPImplementationActiveDirectory is the string for the Active Directory LDAP implementation.
const LDAPImplementationCustom = "custom"
LDAPImplementationCustom is the string for the custom LDAP implementation.
const ProfileRefreshAlways = "always"
ProfileRefreshAlways represents a value for refresh_interval that's the same as 0ms.
const ProfileRefreshDisabled = "disable"
ProfileRefreshDisabled represents a value for refresh_interval that disables the check entirely.
const RefreshIntervalAlways = 0 * time.Millisecond
RefreshIntervalAlways represents the duration value refresh interval should have if set to always.
const RefreshIntervalDefault = "5m"
RefreshIntervalDefault represents the default value of refresh_interval.
Variables ¶
var DefaultACLNetwork = []ACLNetwork{ { Name: "localhost", Networks: []string{"127.0.0.1"}, }, { Name: "internal", Networks: []string{"10.0.0.0/8"}, }, }
DefaultACLNetwork represents the default configuration related to access control network group configuration.
var DefaultACLRule = []ACLRule{ { Domains: []string{"public.example.com"}, Policy: "bypass", }, { Domains: []string{"singlefactor.example.com"}, Policy: "one_factor", }, { Domains: []string{"secure.example.com"}, Policy: "two_factor", }, }
DefaultACLRule represents the default configuration related to access control rule configuration.
var DefaultCIPasswordConfiguration = PasswordConfiguration{
Iterations: 1,
KeyLength: 32,
SaltLength: 16,
Algorithm: argon2id,
Memory: 64,
Parallelism: 8,
}
DefaultCIPasswordConfiguration represents the default configuration related to Argon2id hashing for CI.
var DefaultLDAPAuthenticationBackendConfiguration = LDAPAuthenticationBackendConfiguration{ Implementation: LDAPImplementationCustom, UsernameAttribute: "uid", MailAttribute: "mail", DisplayNameAttribute: "displayName", GroupNameAttribute: "cn", Timeout: time.Second * 5, TLS: &TLSConfig{ MinimumVersion: "TLS1.2", }, }
DefaultLDAPAuthenticationBackendConfiguration represents the default LDAP config.
var DefaultLDAPAuthenticationBackendImplementationActiveDirectoryConfiguration = LDAPAuthenticationBackendConfiguration{
UsersFilter: "(&(|({username_attribute}={input})({mail_attribute}={input}))(sAMAccountType=805306368)(!(userAccountControl:1.2.840.113556.1.4.803:=2))(!(pwdLastSet=0)))",
UsernameAttribute: "sAMAccountName",
MailAttribute: "mail",
DisplayNameAttribute: "displayName",
GroupsFilter: "(&(member={dn})(objectClass=group))",
GroupNameAttribute: "cn",
}
DefaultLDAPAuthenticationBackendImplementationActiveDirectoryConfiguration represents the default LDAP config for the MSAD Implementation.
var DefaultLoggingConfiguration = LogConfiguration{
Level: "info",
Format: "text",
}
DefaultLoggingConfiguration is the default logging configuration.
var DefaultNTPConfiguration = NTPConfiguration{ Address: "time.cloudflare.com:123", Version: 4, MaximumDesync: time.Second * 3, }
DefaultNTPConfiguration represents default configuration parameters for the NTP server.
var DefaultOpenIDConnectClientConfiguration = OpenIDConnectClientConfiguration{ Policy: "two_factor", Scopes: []string{"openid", "groups", "profile", "email"}, GrantTypes: []string{"refresh_token", "authorization_code"}, ResponseTypes: []string{"code"}, ResponseModes: []string{"form_post", "query", "fragment"}, UserinfoSigningAlgorithm: "none", }
DefaultOpenIDConnectClientConfiguration contains defaults for OIDC Clients.
var DefaultOpenIDConnectConfiguration = OpenIDConnectConfiguration{ AccessTokenLifespan: time.Hour, AuthorizeCodeLifespan: time.Minute, IDTokenLifespan: time.Hour, RefreshTokenLifespan: time.Minute * 90, EnforcePKCE: "public_clients_only", }
DefaultOpenIDConnectConfiguration contains defaults for OIDC.
var DefaultPasswordConfiguration = PasswordConfiguration{
Iterations: 1,
KeyLength: 32,
SaltLength: 16,
Algorithm: argon2id,
Memory: 64,
Parallelism: 8,
}
DefaultPasswordConfiguration represents the default configuration related to Argon2id hashing.
var DefaultPasswordSHA512Configuration = PasswordConfiguration{
Iterations: 50000,
SaltLength: 16,
Algorithm: "sha512",
}
DefaultPasswordSHA512Configuration represents the default configuration related to SHA512 hashing.
var DefaultPostgreSQLStorageConfiguration = PostgreSQLStorageConfiguration{ Schema: "public", SSL: PostgreSQLSSLStorageConfiguration{ Mode: "disable", }, }
DefaultPostgreSQLStorageConfiguration represents the default PostgreSQL configuration.
var DefaultRegulationConfiguration = RegulationConfiguration{ MaxRetries: 3, FindTime: time.Minute * 2, BanTime: time.Minute * 5, }
DefaultRegulationConfiguration represents default configuration parameters for the regulator.
var DefaultSMTPNotifierConfiguration = SMTPNotifierConfiguration{ Timeout: time.Second * 5, Subject: "[Authelia] {title}", Identifier: "localhost", StartupCheckAddress: "test@authelia.com", TLS: &TLSConfig{ MinimumVersion: "TLS1.2", }, }
DefaultSMTPNotifierConfiguration represents default configuration parameters for the SMTP notifier.
var DefaultSQLStorageConfiguration = SQLStorageConfiguration{ Timeout: 5 * time.Second, }
DefaultSQLStorageConfiguration represents the default SQL configuration.
var DefaultServerConfiguration = ServerConfiguration{
Host: "0.0.0.0",
Port: 9091,
ReadBufferSize: 4096,
WriteBufferSize: 4096,
}
DefaultServerConfiguration represents the default values of the ServerConfiguration.
var DefaultSessionConfiguration = SessionConfiguration{ Name: "authelia_session", Expiration: time.Hour, Inactivity: time.Minute * 5, RememberMeDuration: time.Hour * 24 * 30, SameSite: "lax", }
DefaultSessionConfiguration is the default session configuration.
var DefaultTOTPConfiguration = TOTPConfiguration{ Issuer: "Authelia", Algorithm: TOTPAlgorithmSHA1, Digits: 6, Period: 30, Skew: &defaultOtpSkew, }
DefaultTOTPConfiguration represents default configuration parameters for TOTP generation.
var DefaultWebauthnConfiguration = WebauthnConfiguration{ DisplayName: "Authelia", Timeout: time.Second * 60, ConveyancePreference: protocol.PreferIndirectAttestation, UserVerification: protocol.VerificationPreferred, }
DefaultWebauthnConfiguration describes the default values for the WebauthnConfiguration.
var ( // TOTPPossibleAlgorithms is a list of valid TOTP Algorithms. TOTPPossibleAlgorithms = []string{TOTPAlgorithmSHA1, TOTPAlgorithmSHA256, TOTPAlgorithmSHA512} )
Functions ¶
This section is empty.
Types ¶
type ACLNetwork ¶
ACLNetwork represents one ACL network group entry; "weak" coerces a single value into slice.
type ACLRule ¶
type ACLRule struct { Domains []string `koanf:"domain"` Policy string `koanf:"policy"` Subjects [][]string `koanf:"subject"` Networks []string `koanf:"networks"` Resources []string `koanf:"resources"` Methods []string `koanf:"methods"` }
ACLRule represents one ACL rule entry; "weak" coerces a single value into slice.
type AccessControlConfiguration ¶
type AccessControlConfiguration struct { DefaultPolicy string `koanf:"default_policy"` Networks []ACLNetwork `koanf:"networks"` Rules []ACLRule `koanf:"rules"` }
AccessControlConfiguration represents the configuration related to ACLs.
type AuthenticationBackendConfiguration ¶
type AuthenticationBackendConfiguration struct { DisableResetPassword bool `koanf:"disable_reset_password"` RefreshInterval string `koanf:"refresh_interval"` LDAP *LDAPAuthenticationBackendConfiguration `koanf:"ldap"` File *FileAuthenticationBackendConfiguration `koanf:"file"` }
AuthenticationBackendConfiguration represents the configuration related to the authentication backend.
type Configuration ¶
type Configuration struct { Theme string `koanf:"theme"` CertificatesDirectory string `koanf:"certificates_directory"` JWTSecret string `koanf:"jwt_secret"` DefaultRedirectionURL string `koanf:"default_redirection_url"` Log LogConfiguration `koanf:"log"` IdentityProviders IdentityProvidersConfiguration `koanf:"identity_providers"` AuthenticationBackend AuthenticationBackendConfiguration `koanf:"authentication_backend"` Session SessionConfiguration `koanf:"session"` TOTP TOTPConfiguration `koanf:"totp"` DuoAPI *DuoAPIConfiguration `koanf:"duo_api"` AccessControl AccessControlConfiguration `koanf:"access_control"` NTP NTPConfiguration `koanf:"ntp"` Regulation RegulationConfiguration `koanf:"regulation"` Storage StorageConfiguration `koanf:"storage"` Notifier *NotifierConfiguration `koanf:"notifier"` Server ServerConfiguration `koanf:"server"` Webauthn WebauthnConfiguration `koanf:"webauthn"` }
Configuration object extracted from YAML configuration file.
type DuoAPIConfiguration ¶
type DuoAPIConfiguration struct { Hostname string `koanf:"hostname"` EnableSelfEnrollment bool `koanf:"enable_self_enrollment"` IntegrationKey string `koanf:"integration_key"` SecretKey string `koanf:"secret_key"` }
DuoAPIConfiguration represents the configuration related to Duo API.
type ErrorContainer ¶
type ErrorContainer interface { Push(err error) PushWarning(err error) HasErrors() bool HasWarnings() bool Errors() []error Warnings() []error }
ErrorContainer represents a container where we can add errors and retrieve them.
type FileAuthenticationBackendConfiguration ¶
type FileAuthenticationBackendConfiguration struct { Path string `koanf:"path"` Password *PasswordConfiguration `koanf:"password"` }
FileAuthenticationBackendConfiguration represents the configuration related to file-based backend.
type FileSystemNotifierConfiguration ¶
type FileSystemNotifierConfiguration struct {
Filename string `koanf:"filename"`
}
FileSystemNotifierConfiguration represents the configuration of the notifier writing emails in a file.
type IdentityProvidersConfiguration ¶
type IdentityProvidersConfiguration struct {
OIDC *OpenIDConnectConfiguration `koanf:"oidc"`
}
IdentityProvidersConfiguration represents the IdentityProviders 2.0 configuration for Authelia.
type LDAPAuthenticationBackendConfiguration ¶
type LDAPAuthenticationBackendConfiguration struct { Implementation string `koanf:"implementation"` URL string `koanf:"url"` Timeout time.Duration `koanf:"timeout"` StartTLS bool `koanf:"start_tls"` TLS *TLSConfig `koanf:"tls"` BaseDN string `koanf:"base_dn"` AdditionalUsersDN string `koanf:"additional_users_dn"` UsersFilter string `koanf:"users_filter"` AdditionalGroupsDN string `koanf:"additional_groups_dn"` GroupsFilter string `koanf:"groups_filter"` GroupNameAttribute string `koanf:"group_name_attribute"` UsernameAttribute string `koanf:"username_attribute"` MailAttribute string `koanf:"mail_attribute"` DisplayNameAttribute string `koanf:"display_name_attribute"` User string `koanf:"user"` Password string `koanf:"password"` }
LDAPAuthenticationBackendConfiguration represents the configuration related to LDAP server.
type LocalStorageConfiguration ¶
type LocalStorageConfiguration struct {
Path string `koanf:"path"`
}
LocalStorageConfiguration represents the configuration when using local storage.
type LogConfiguration ¶
type LogConfiguration struct { Level string `koanf:"level"` Format string `koanf:"format"` FilePath string `koanf:"file_path"` KeepStdout bool `koanf:"keep_stdout"` }
LogConfiguration represents the logging configuration.
type MySQLStorageConfiguration ¶
type MySQLStorageConfiguration struct {
SQLStorageConfiguration `koanf:",squash"`
}
MySQLStorageConfiguration represents the configuration of a MySQL database.
type NTPConfiguration ¶ added in v4.31.0
type NTPConfiguration struct { Address string `koanf:"address"` Version int `koanf:"version"` MaximumDesync time.Duration `koanf:"max_desync"` DisableStartupCheck bool `koanf:"disable_startup_check"` DisableFailure bool `koanf:"disable_failure"` }
NTPConfiguration represents the configuration related to ntp server.
type NotifierConfiguration ¶
type NotifierConfiguration struct { DisableStartupCheck bool `koanf:"disable_startup_check"` FileSystem *FileSystemNotifierConfiguration `koanf:"filesystem"` SMTP *SMTPNotifierConfiguration `koanf:"smtp"` }
NotifierConfiguration represents the configuration of the notifier to use when sending notifications to users.
type OpenIDConnectClientConfiguration ¶
type OpenIDConnectClientConfiguration struct { ID string `koanf:"id"` Description string `koanf:"description"` Secret string `koanf:"secret"` Public bool `koanf:"public"` Policy string `koanf:"authorization_policy"` Audience []string `koanf:"audience"` Scopes []string `koanf:"scopes"` RedirectURIs []string `koanf:"redirect_uris"` GrantTypes []string `koanf:"grant_types"` ResponseTypes []string `koanf:"response_types"` ResponseModes []string `koanf:"response_modes"` UserinfoSigningAlgorithm string `koanf:"userinfo_signing_algorithm"` }
OpenIDConnectClientConfiguration configuration for an OpenID Connect client.
type OpenIDConnectConfiguration ¶
type OpenIDConnectConfiguration struct { // This secret must be 32 bytes long. HMACSecret string `koanf:"hmac_secret"` IssuerPrivateKey string `koanf:"issuer_private_key"` AccessTokenLifespan time.Duration `koanf:"access_token_lifespan"` AuthorizeCodeLifespan time.Duration `koanf:"authorize_code_lifespan"` IDTokenLifespan time.Duration `koanf:"id_token_lifespan"` RefreshTokenLifespan time.Duration `koanf:"refresh_token_lifespan"` EnableClientDebugMessages bool `koanf:"enable_client_debug_messages"` MinimumParameterEntropy int `koanf:"minimum_parameter_entropy"` EnforcePKCE string `koanf:"enforce_pkce"` EnablePKCEPlainChallenge bool `koanf:"enable_pkce_plain_challenge"` Clients []OpenIDConnectClientConfiguration `koanf:"clients"` }
OpenIDConnectConfiguration configuration for OpenID Connect.
type PasswordConfiguration ¶
type PasswordConfiguration struct { Iterations int `koanf:"iterations"` KeyLength int `koanf:"key_length"` SaltLength int `koanf:"salt_length"` Algorithm string `mapstrucutre:"algorithm"` Memory int `koanf:"memory"` Parallelism int `koanf:"parallelism"` }
PasswordConfiguration represents the configuration related to password hashing.
type PostgreSQLSSLStorageConfiguration ¶ added in v4.33.0
type PostgreSQLSSLStorageConfiguration struct { Mode string `koanf:"mode"` RootCertificate string `koanf:"root_certificate"` Certificate string `koanf:"certificate"` Key string `koanf:"key"` }
PostgreSQLSSLStorageConfiguration represents the SSL configuration of a PostgreSQL database.
type PostgreSQLStorageConfiguration ¶
type PostgreSQLStorageConfiguration struct { SQLStorageConfiguration `koanf:",squash"` Schema string `koanf:"schema"` SSL PostgreSQLSSLStorageConfiguration `koanf:"ssl"` // Deprecated. TODO: Remove in v4.36.0. SSLMode string `koanf:"sslmode"` }
PostgreSQLStorageConfiguration represents the configuration of a PostgreSQL database.
type RedisHighAvailabilityConfiguration ¶
type RedisHighAvailabilityConfiguration struct { SentinelName string `koanf:"sentinel_name"` SentinelUsername string `koanf:"sentinel_username"` SentinelPassword string `koanf:"sentinel_password"` Nodes []RedisNode `koanf:"nodes"` RouteByLatency bool `koanf:"route_by_latency"` RouteRandomly bool `koanf:"route_randomly"` }
RedisHighAvailabilityConfiguration holds configuration variables for Redis Cluster/Sentinel.
type RedisSessionConfiguration ¶
type RedisSessionConfiguration struct { Host string `koanf:"host"` Port int `koanf:"port"` Username string `koanf:"username"` Password string `koanf:"password"` DatabaseIndex int `koanf:"database_index"` MaximumActiveConnections int `koanf:"maximum_active_connections"` MinimumIdleConnections int `koanf:"minimum_idle_connections"` TLS *TLSConfig `koanf:"tls"` HighAvailability *RedisHighAvailabilityConfiguration `koanf:"high_availability"` }
RedisSessionConfiguration represents the configuration related to redis session store.
type RegulationConfiguration ¶
type RegulationConfiguration struct { MaxRetries int `koanf:"max_retries"` FindTime time.Duration `koanf:"find_time,weak"` BanTime time.Duration `koanf:"ban_time,weak"` }
RegulationConfiguration represents the configuration related to regulation.
type SMTPNotifierConfiguration ¶
type SMTPNotifierConfiguration struct { Host string `koanf:"host"` Port int `koanf:"port"` Timeout time.Duration `koanf:"timeout"` Username string `koanf:"username"` Password string `koanf:"password"` Identifier string `koanf:"identifier"` Sender mail.Address `koanf:"sender"` Subject string `koanf:"subject"` StartupCheckAddress string `koanf:"startup_check_address"` DisableRequireTLS bool `koanf:"disable_require_tls"` DisableHTMLEmails bool `koanf:"disable_html_emails"` TLS *TLSConfig `koanf:"tls"` }
SMTPNotifierConfiguration represents the configuration of the SMTP server to send emails with.
type SQLStorageConfiguration ¶
type SQLStorageConfiguration struct { Host string `koanf:"host"` Port int `koanf:"port"` Database string `koanf:"database"` Username string `koanf:"username"` Password string `koanf:"password"` Timeout time.Duration `koanf:"timeout"` }
SQLStorageConfiguration represents the configuration of the SQL database.
type ServerConfiguration ¶
type ServerConfiguration struct { Host string `koanf:"host"` Port int `koanf:"port"` Path string `koanf:"path"` AssetPath string `koanf:"asset_path"` ReadBufferSize int `koanf:"read_buffer_size"` WriteBufferSize int `koanf:"write_buffer_size"` EnablePprof bool `koanf:"enable_endpoint_pprof"` EnableExpvars bool `koanf:"enable_endpoint_expvars"` DisableHealthcheck bool `koanf:"disable_healthcheck"` TLS ServerTLSConfiguration `koanf:"tls"` Headers ServerHeadersConfiguration `koanf:"headers"` }
ServerConfiguration represents the configuration of the http server.
type ServerHeadersConfiguration ¶ added in v4.34.0
type ServerHeadersConfiguration struct {
CSPTemplate string `koanf:"csp_template"`
}
ServerHeadersConfiguration represents the customization of the http server headers.
type ServerTLSConfiguration ¶
type ServerTLSConfiguration struct { Certificate string `koanf:"certificate"` Key string `koanf:"key"` }
ServerTLSConfiguration represents the configuration of the http servers TLS options.
type SessionConfiguration ¶
type SessionConfiguration struct { Name string `koanf:"name"` Domain string `koanf:"domain"` SameSite string `koanf:"same_site"` Secret string `koanf:"secret"` Expiration time.Duration `koanf:"expiration"` Inactivity time.Duration `koanf:"inactivity"` RememberMeDuration time.Duration `koanf:"remember_me_duration"` Redis *RedisSessionConfiguration `koanf:"redis"` }
SessionConfiguration represents the configuration related to user sessions.
type StorageConfiguration ¶
type StorageConfiguration struct { Local *LocalStorageConfiguration `koanf:"local"` MySQL *MySQLStorageConfiguration `koanf:"mysql"` PostgreSQL *PostgreSQLStorageConfiguration `koanf:"postgres"` EncryptionKey string `koanf:"encryption_key"` }
StorageConfiguration represents the configuration of the storage backend.
type StructValidator ¶
type StructValidator struct {
// contains filtered or unexported fields
}
StructValidator is a validator for structs.
func NewStructValidator ¶
func NewStructValidator() *StructValidator
NewStructValidator is a constructor of struct validator.
func (*StructValidator) Errors ¶
func (v *StructValidator) Errors() []error
Errors returns the errors.
func (*StructValidator) HasErrors ¶
func (v *StructValidator) HasErrors() bool
HasErrors checks whether the validator contains errors.
func (*StructValidator) HasWarnings ¶
func (v *StructValidator) HasWarnings() bool
HasWarnings checks whether the validator contains warning errors.
func (*StructValidator) Push ¶
func (v *StructValidator) Push(err error)
Push an error to the validator.
func (*StructValidator) PushWarning ¶
func (v *StructValidator) PushWarning(err error)
PushWarning error to the validator.
func (*StructValidator) Warnings ¶
func (v *StructValidator) Warnings() []error
Warnings returns the warnings.
type TLSConfig ¶
type TLSConfig struct { MinimumVersion string `koanf:"minimum_version"` SkipVerify bool `koanf:"skip_verify"` ServerName string `koanf:"server_name"` }
TLSConfig is a representation of the TLS configuration.
type TOTPConfiguration ¶
type TOTPConfiguration struct { Disable bool `koanf:"disable"` Issuer string `koanf:"issuer"` Algorithm string `koanf:"algorithm"` Digits uint `koanf:"digits"` Period uint `koanf:"period"` Skew *uint `koanf:"skew"` }
TOTPConfiguration represents the configuration related to TOTP options.
type WebauthnConfiguration ¶ added in v4.34.0
type WebauthnConfiguration struct { Disable bool `koanf:"disable"` DisplayName string `koanf:"display_name"` ConveyancePreference protocol.ConveyancePreference `koanf:"attestation_conveyance_preference"` UserVerification protocol.UserVerificationRequirement `koanf:"user_verification"` Timeout time.Duration `koanf:"timeout"` }
WebauthnConfiguration represents the webauthn config.