1
0
Fork 0
mirror of https://github.com/Luzifer/nginx-sso.git synced 2024-12-20 12:51:17 +00:00
nginx-sso/config.yaml
Knut Ahlers 64bf3d17cd
Allow grouping of tokens for simpler ACL
Signed-off-by: Knut Ahlers <knut@ahlers.me>
2018-02-04 11:36:13 +01:00

71 lines
1.6 KiB
YAML

---
login:
title: "luzifer.io - Login"
default_method: "simple"
names:
simple: "Username / Password"
yubikey: "Yubikey"
cookie:
domain: ".example.com"
authentication_key: "Ff1uWJcLouKu9kwxgbnKcU3ps47gps72sxEz79TGHFCpJNCPtiZAFDisM4MWbstH"
expire: 3600 # Optional, default: 3600
prefix: "nginx-sso" # Optional, default: nginx-sso
secure: true # Optional, default: false
# Optional, default: 127.0.0.1:8082
listen:
addr: "127.0.0.1"
port: 8082
acl:
rule_sets:
- rules:
- field: "host"
equals: "test.example.com"
- field: "x-origin-uri"
regexp: "^/api"
allow: ["luzifer", "@admins"]
providers:
# Authentication against embedded user database
# Supports: Users, Groups
simple:
enable_basic_auth: false
# Unique username mapped to bcrypt hashed password
users:
luzifer: "$2a$10$FSGAF8qDWX52aBID8.WpxOyCvfSQ3JIUVFiwyd1jolb4jM3BzJmNu"
# Groupname to users mapping
groups:
admins: ["luzifer"]
# Authentication against embedded token directory
# Supports: Users, Groups
token:
# Mapping of unique token names to the token
tokens:
tokenname: "MYTOKEN"
# Groupname to token mapping
groups:
mytokengroup: ["tokenname"]
# Authentication against Yubikey cloud validation servers
# Supports: Users, Groups
yubikey:
# Get your client / secret from https://upgrade.yubico.com/getapikey/
client_id: "12345"
secret_key: "foobar"
# First 12 characters of the OTP string mapped to the username
devices:
ccccccfcvuul: "luzifer"
# Groupname to users mapping
groups:
admins: ["luzifer"]
...