authentik/passbook/lib/default.yml

# This is the default configuration file
databases:
  default:
    engine: 'django.db.backends.sqlite3'
    name: 'db.sqlite3'
log:
  level:
    console: DEBUG
    file: DEBUG
  file: /dev/null
  syslog:
    host: 127.0.0.1
    port: 514
email:
  host: localhost
  port: 25
  user: ''
  password: ''
  use_tls: false
  use_ssl: false
  from: passbook <passbook@domain.tld>
web:
  listen: 0.0.0.0
  port: 8000
  threads: 30
debug: true
secure_proxy_header:
  HTTP_X_FORWARDED_PROTO: https
redis: localhost
# Error reporting, sends stacktrace to sentry.services.beryju.org
error_report_enabled: true
secret_key: 9$@r!d^1^jrn#fk#1#@ks#9&i$^s#1)_13%$rwjrhd=e8jfi_s

passbook:
  sign_up:
    # Enables signup, created users are stored in internal Database and created in LDAP if ldap.create_users is true
    enabled: true
  password_reset:
    # Enable password reset, passwords are reset in internal Database and in LDAP if ldap.reset_password is true
    enabled: true
    # Verification the user has to provide in order to be able to reset passwords. Can be any combination of `email`, `2fa`, `security_questions`
    verification:
      - email
  # Text used in title, on login page and multiple other places
  branding: passbook
  login:
    # Override URL used for logo
    logo_url: null
    # Override URL used for Background on Login page
    bg_url: null
    # Optionally add a subtext, placed below logo on the login page
    subtext: null
  footer:
    links:
      # Optionally add links to the footer on the login page
      #  - name: test
      #    href: https://test
  # Specify which fields can be used to authenticate. Can be any combination of `username` and `email`
  uid_fields:
    - username
    - email
  session:
    remember_age: 2592000 # 60 * 60 * 24 * 30, one month
# Provider-specific settings
ldap:
  # # Completely enable or disable LDAP provider
  # enabled: false
  # # AD Domain, used to generate `userPrincipalName`
  # domain: corp.contoso.com
  # # Base DN in which passbook should look for users
  # base_dn: dn=corp,dn=contoso,dn=com
  # # LDAP field which is used to set the django username
  # username_field: sAMAccountName
  # # LDAP server to connect to, can be set to `<domain_name>`
  # server:
  #   name: corp.contoso.com
  #   use_tls: false
  # # Bind credentials, used for account creation
  # bind:
  #   username: Administraotr@corp.contoso.com
  #   password: VerySecurePassword!
  # Which field from `uid_fields` maps to which LDAP Attribute
  login_field_map:
    username: sAMAccountName
    email: mail # or userPrincipalName
  user_attribute_map:
    active_directory:
      sAMAccountName: username
      mail: email
      given_name: first_name
      name: last_name
  # # Create new users in LDAP upon sign-up
  # create_users: true
  # # Reset LDAP password when user reset their password
  # reset_password: true
oauth_client:
  # List of python packages with sources types to load.
  types:
    - passbook.oauth_client.source_types.discord
    - passbook.oauth_client.source_types.facebook
    - passbook.oauth_client.source_types.github
    - passbook.oauth_client.source_types.google
    - passbook.oauth_client.source_types.reddit
    - passbook.oauth_client.source_types.supervisr
    - passbook.oauth_client.source_types.twitter
saml_idp:
  signing: true
  autosubmit: false
  issuer: passbook
  assertion_valid_for: 86400
  # List of python packages with provider types to load.
  types:
    - passbook.saml_idp.processors.generic
    - passbook.saml_idp.processors.gitlab
    - passbook.saml_idp.processors.nextcloud
    - passbook.saml_idp.processors.salesforce
    - passbook.saml_idp.processors.shibboleth
    - passbook.saml_idp.processors.wordpress_orange