mirror of
https://github.com/Luzifer/nginx-sso.git
synced 2024-12-20 12:51:17 +00:00
87d719367d
* Initial draft * HCL does not support int64 * Add http stubs * Login does not need to return user details * Fields should have a label * Add example configuration * Add stub for "Simple" authenticator * Add debug logging * Implement configuration loading * Implement user detection * Fix error names in doc strings * Implement session store * Implement "Token" provider * Add login frontend * Implement login and logout * Do not show tabs when there is no choice * Fix multi-tab errors, sorting * Implement "Yubikey" authenticator * Lint: Rename error to naming convention * Apply cookie security * Prevent double-login * Adjust parameters for crowd * Implement ACL * Replace HCL config with YAML config * Remove config debug output * Remove crowd config Signed-off-by: Knut Ahlers <knut@ahlers.me>
65 lines
1.5 KiB
YAML
65 lines
1.5 KiB
YAML
---
|
|
|
|
login:
|
|
title: "luzifer.io - Login"
|
|
default_method: "simple"
|
|
names:
|
|
simple: "Username / Password"
|
|
yubikey: "Yubikey"
|
|
|
|
cookie:
|
|
domain: ".example.com"
|
|
authentication_key: "Ff1uWJcLouKu9kwxgbnKcU3ps47gps72sxEz79TGHFCpJNCPtiZAFDisM4MWbstH"
|
|
expire: 3600 # Optional, default: 3600
|
|
prefix: "nginx-sso" # Optional, default: nginx-sso
|
|
secure: true # Optional, default: false
|
|
|
|
# Optional, default: 127.0.0.1:8082
|
|
listen:
|
|
addr: "127.0.0.1"
|
|
port: 8082
|
|
|
|
acl:
|
|
rule_sets:
|
|
- rules:
|
|
- field: "host"
|
|
equals: "test.example.com"
|
|
- field: "x-origin-uri"
|
|
regexp: "^/api"
|
|
allow: ["luzifer", "@admins"]
|
|
|
|
providers:
|
|
# Authentication against embedded user database
|
|
# Supports: Users, Groups
|
|
simple:
|
|
# Unique username mapped to bcrypt hashed password
|
|
users:
|
|
luzifer: "$2a$10$FSGAF8qDWX52aBID8.WpxOyCvfSQ3JIUVFiwyd1jolb4jM3BzJmNu"
|
|
|
|
# Groupname to users mapping
|
|
groups:
|
|
admins: ["luzifer"]
|
|
|
|
# Authentication against embedded token directory
|
|
# Supports: Users
|
|
token:
|
|
# Mapping of unique token names to the token
|
|
tokens:
|
|
tokenname: "MYTOKEN"
|
|
|
|
# Authentication against Yubikey cloud validation servers
|
|
# Supports: Users, Groups
|
|
yubikey:
|
|
# Get your client / secret from https://upgrade.yubico.com/getapikey/
|
|
client_id: "12345"
|
|
secret_key: "foobar"
|
|
|
|
# First 12 characters of the OTP string mapped to the username
|
|
devices:
|
|
ccccccfcvuul: "luzifer"
|
|
|
|
# Groupname to users mapping
|
|
groups:
|
|
admins: ["luzifer"]
|
|
|
|
...
|