CSEC_PUBLIC/securityonion
1
0
Fork 0
mirror of https://github.com/Security-Onion-Solutions/securityonion.git synced 2026-01-15 20:51:28 +01:00
Code Issues Packages Projects Releases Wiki Activity
Files
ff855eb8f7d96d630be332dcda262bbf546fa56e
securityonion/salt/kratos/files/kratos.yaml
Jason Ertel d97423e9f8 Enable MFA support
2022-02-15 07:49:12 -05:00

66 lines
1.4 KiB
YAML
Raw Blame History

{%- set WEBACCESS = salt['pillar.get']('global:url_base', '') -%}
{%- set KRATOSKEY = salt['pillar.get']('kratos:kratoskey', '') -%}
{%- set SESSIONTIMEOUT = salt['pillar.get']('kratos:sessiontimeout', '24h') -%}
{%- set MFA_ISSUER = salt['pillar.get']('kratos:mfa_issuer', 'Security Onion') -%}
session:
lifespan: {{ SESSIONTIMEOUT }}
whoami:
required_aal: highest_available
selfservice:
methods:
password:
enabled: true
config:
haveibeenpwned_enabled: false
totp:
enabled: true
config:
issuer: {{ MFA_ISSUER }}
flows:
settings:
ui_url: https://{{ WEBACCESS }}/?r=/settings
required_aal: highest_available
verification:
ui_url: https://{{ WEBACCESS }}/
login:
ui_url: https://{{ WEBACCESS }}/login/
error:
ui_url: https://{{ WEBACCESS }}/login/
registration:
ui_url: https://{{ WEBACCESS }}/login/
default_browser_return_url: https://{{ WEBACCESS }}/
whitelisted_return_urls:
- http://127.0.0.1
log:
level: debug
format: json
secrets:
default:
- {{ KRATOSKEY }}
serve:
public:
base_url: https://{{ WEBACCESS }}/auth/
admin:
base_url: https://{{ WEBACCESS }}/kratos/
hashers:
bcrypt:
cost: 12
identity:
default_schema_url: file:///kratos-conf/schema.json
courier:
smtp:
connection_uri: smtps://{{ WEBACCESS }}:25
Reference in New Issue View Git Blame Copy Permalink