1
0
Fork 0
mirror of https://github.com/Luzifer/nginx-sso.git synced 2024-12-20 12:51:17 +00:00
nginx-sso/config.yaml
Knut Ahlers 87d719367d
Initial version (#1)
* Initial draft
* HCL does not support int64
* Add http stubs
* Login does not need to return user details
* Fields should have a label
* Add example configuration
* Add stub for "Simple" authenticator
* Add debug logging
* Implement configuration loading
* Implement user detection
* Fix error names in doc strings
* Implement session store
* Implement "Token" provider
* Add login frontend
* Implement login and logout
* Do not show tabs when there is no choice
* Fix multi-tab errors, sorting
* Implement "Yubikey" authenticator
* Lint: Rename error to naming convention
* Apply cookie security
* Prevent double-login
* Adjust parameters for crowd
* Implement ACL
* Replace HCL config with YAML config
* Remove config debug output
* Remove crowd config

Signed-off-by: Knut Ahlers <knut@ahlers.me>
2018-01-28 15:16:52 +01:00

65 lines
1.5 KiB
YAML

---
login:
title: "luzifer.io - Login"
default_method: "simple"
names:
simple: "Username / Password"
yubikey: "Yubikey"
cookie:
domain: ".example.com"
authentication_key: "Ff1uWJcLouKu9kwxgbnKcU3ps47gps72sxEz79TGHFCpJNCPtiZAFDisM4MWbstH"
expire: 3600 # Optional, default: 3600
prefix: "nginx-sso" # Optional, default: nginx-sso
secure: true # Optional, default: false
# Optional, default: 127.0.0.1:8082
listen:
addr: "127.0.0.1"
port: 8082
acl:
rule_sets:
- rules:
- field: "host"
equals: "test.example.com"
- field: "x-origin-uri"
regexp: "^/api"
allow: ["luzifer", "@admins"]
providers:
# Authentication against embedded user database
# Supports: Users, Groups
simple:
# Unique username mapped to bcrypt hashed password
users:
luzifer: "$2a$10$FSGAF8qDWX52aBID8.WpxOyCvfSQ3JIUVFiwyd1jolb4jM3BzJmNu"
# Groupname to users mapping
groups:
admins: ["luzifer"]
# Authentication against embedded token directory
# Supports: Users
token:
# Mapping of unique token names to the token
tokens:
tokenname: "MYTOKEN"
# Authentication against Yubikey cloud validation servers
# Supports: Users, Groups
yubikey:
# Get your client / secret from https://upgrade.yubico.com/getapikey/
client_id: "12345"
secret_key: "foobar"
# First 12 characters of the OTP string mapped to the username
devices:
ccccccfcvuul: "luzifer"
# Groupname to users mapping
groups:
admins: ["luzifer"]
...