91 lines
No EOL
2.5 KiB
YAML
91 lines
No EOL
2.5 KiB
YAML
authentik_domain: authentik.local.test
|
|
authentik_secret_key: "vagrant-test-secret-key-change-in-production"
|
|
authentik_postgres_password: "vagrant-test-password"
|
|
|
|
authentik_proxy_apps:
|
|
- slug: httpbin
|
|
name: httpbin
|
|
internal_host: "http://httbin.local.test:80"
|
|
external_host: "https://httbin.local.test"
|
|
skip_path_regex: |
|
|
^/healthz$
|
|
flows:
|
|
authentication_slug: default-authentication-flow
|
|
authorization_slug: default-provider-authorization-implicit-consent
|
|
invalidation_slug: default-provider-invalidation-flow
|
|
|
|
authentik_proxy_outposts:
|
|
- name: "proxy-main"
|
|
type: "proxy"
|
|
service_connection: null
|
|
providers:
|
|
- httpbin
|
|
config:
|
|
authentik_host: "https://authentik.local.test/"
|
|
authentik_host_browser: "https://authentik.local.test/"
|
|
log_level: "info"
|
|
|
|
authentik_ldap_apps:
|
|
- slug: ldap
|
|
name: LDAP
|
|
base_dn: "dc=local,dc=test"
|
|
search_group: admins
|
|
|
|
authentik_ldap_outpost:
|
|
name: "ldap-outpost"
|
|
token: "vagrant-ldap-outpost-token-change-in-production"
|
|
config:
|
|
authentik_host: "https://authentik.local.test/"
|
|
log_level: "info"
|
|
|
|
authentik_oidc_apps:
|
|
- slug: nextcloud
|
|
name: Nextcloud
|
|
client_id: test1234
|
|
client_secret: test1234
|
|
redirect_uris:
|
|
- url: "https://nextcloud.local.test/apps/user_oidc/code"
|
|
matching_mode: strict
|
|
signing_key_name: "authentik Self-signed Certificate"
|
|
flows:
|
|
authorization_slug: default-provider-authorization-implicit-consent
|
|
invalidation_slug: default-provider-invalidation-flow
|
|
scopes: [openid, email, profile, offline_access]
|
|
- slug: opencloud
|
|
name: OpenCloud
|
|
client_type: public
|
|
client_id: opencloud
|
|
redirect_uris:
|
|
- url: "https://opencloud.local.test/oidc-callback.html"
|
|
matching_mode: strict
|
|
- url: "https://opencloud.local.test/"
|
|
matching_mode: strict
|
|
scopes: [openid, email, profile, offline_access]
|
|
|
|
authentik_entra_sources:
|
|
- slug: entra-id
|
|
name: "Login with Entra"
|
|
tenant_mode: multi # Use 'single' with real tenant ID in production
|
|
# tenant_id: "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx" # Not needed for multi-tenant mode
|
|
client_id: "placeholder-change-in-production"
|
|
client_secret: "placeholder-change-in-production"
|
|
scopes:
|
|
- openid
|
|
- profile
|
|
- email
|
|
|
|
authentik_login_sources:
|
|
- slug: entra-id
|
|
|
|
authentik_groups:
|
|
- name: admins
|
|
|
|
authentik_local_users:
|
|
- username: akadmin
|
|
name: "Authentik Admin"
|
|
email: "admin@local.test"
|
|
password: "admin"
|
|
is_active: true
|
|
groups:
|
|
- authentik Admins
|
|
- admins |