kratos:
  enabled: False
  oidc:
    enabled: false
    config:
      id: SSO
      mapper_url: file:///kratos-conf/oidc.jsonnet
      subject_source: userinfo
      scope:
        - email
        - profile
      requested_claims:
        id_token:
          email:
            essential: true
  config:
    session:
      lifespan: 24h
      whoami:
        required_aal: highest_available
    selfservice:
      methods:
        webauthn:
          enabled: true
          config:
            passwordless: true
            rp:
              id: URL_BASE
              origin: https://URL_BASE
              display_name: Security Onion (URL_BASE)
        password:
          enabled: true
          config:
            haveibeenpwned_enabled: false
        totp:
          enabled: true
          config:
            issuer: Security Onion
      flows:
        settings:
          privileged_session_max_age: 5m
          ui_url: https://URL_BASE/?r=/settings
          required_aal: highest_available
        verification:
          ui_url: https://URL_BASE/
        login:
          ui_url: https://URL_BASE/login/
        error:
          ui_url: https://URL_BASE/login/
        registration:
          ui_url: https://URL_BASE/login/
      default_browser_return_url: https://URL_BASE/
      allowed_return_urls:
        - http://127.0.0.1
    log:
      level: debug
      format: json
    secrets:
      default: []
    serve:
      public:
        base_url: https://URL_BASE/auth/
      admin:
        base_url: https://URL_BASE/kratos/
    hashers:
      bcrypt:
        cost: 12
    identity:
      default_schema_id: default
      schemas:
        - id: default
          url: file:///kratos-conf/schema.json
    courier:
      smtp:
        connection_uri: smtps://URL_BASE:25