Authelia – Une solution de SSO pour vos microservices

Je vous ai présenté, à travers plusieurs articles, Keycloak, comme étant une solution de SSO pour des applications, utilisant notamment le standard OIDC (OpenID Connect).

Nous allons voir aujourd'hui une solution similaire, que je trouve, pour ma part, plus léger et plus simple à mettre en place. Et cette solution se nomme : Authelia !

Authelia agit comme une "extension" à un reverse proxy, en voici les principaux :

• Traefik

• Nginx

• HAProxy

 

À l'heure actuelle l'intégration avec Apache2 n'est malheureusement pas possible, voici l'explication fournie par la documentation :

Apache has no module that supports this kind of authentication method. It’s not certain this would even be possible, however if anyone did something like this in the past we’d be interested in a contribution.

Dans cet article nous allons installer Authelia en conteneur, avec Traefik. À noter que la version de Traefik utilisée est la suivante : traefik:2.4.

Installation

Vous aurez besoin de quatre entrées DNS à faire, pointant sur votre instance :

• authelia.yourdomain.fr.

• public.yourdomain.fr.

• traefik.yourdomain.fr.

• secure.yourdomain.fr.

Cloner le projet GitHub :

```bash

git clone https://github.com/authelia/authelia.git
cd authelia/examples/compose/lite
git checkout $(git describe --tags 'git rev-list --tags --max-count=1')

```

Préparer le fichier de configuration authelia/examples/compose/lite/authelia/configuration.yml avec notamment :

[/fusion_text][fusion_syntax_highlighter theme="" language="x-sh" line_numbers="" line_wrapping="" copy_to_clipboard="" copy_to_clipboard_text="" hide_on_mobile="small-visibility,medium-visibility,large-visibility" class="" id="" font_size="" border_size="" border_color="" border_style="" background_color="" line_number_background_color="" line_number_text_color="" margin_top="" margin_right="" margin_bottom="" margin_left=""]ZGVmYXVsdF9yZWRpcmVjdGlvbl91cmw6IGh0dHBzOi8vcHVibGljLnlvdXJkb21haW4uZnI=[/fusion_syntax_highlighter][fusion_syntax_highlighter theme="" language="x-sh" line_numbers="" line_wrapping="" copy_to_clipboard="" copy_to_clipboard_text="" hide_on_mobile="small-visibility,medium-visibility,large-visibility" class="" id="" font_size="" border_size="" border_color="" border_style="" background_color="" line_number_background_color="" line_number_text_color="" margin_top="" margin_right="" margin_bottom="" margin_left=""]YWNjZXNzX2NvbnRyb2w6CiAgZGVmYXVsdF9wb2xpY3k6IGRlbnkKICBydWxlczoKICAgICMgUnVsZXMgYXBwbGllZCB0byBldmVyeW9uZQogICAgLSBkb21haW46IHB1YmxpYy55b3VyZG9tYWluLmZyCiAgICAgIHBvbGljeTogYnlwYXNzCiAgICAtIGRvbWFpbjogdHJhZWZpay55b3VyZG9tYWluLmZyCiAgICAgIHBvbGljeTogb25lX2ZhY3RvcgogICAgLSBkb21haW46IHNlY3VyZS55b3VyZG9tYWluLmZyCiAgICAgIHBvbGljeTogdHdvX2ZhY3Rvcg==[/fusion_syntax_highlighter][fusion_syntax_highlighter theme="" language="x-sh" line_numbers="" line_wrapping="" copy_to_clipboard="" copy_to_clipboard_text="" hide_on_mobile="small-visibility,medium-visibility,large-visibility" class="" id="" font_size="" border_size="" border_color="" border_style="" background_color="" line_number_background_color="" line_number_text_color="" margin_top="" margin_right="" margin_bottom="" margin_left=""]c2Vzc2lvbjoKLi4uCiAgZG9tYWluOiB5b3VyZG9tYWluLmZy[/fusion_syntax_highlighter][fusion_syntax_highlighter theme="" language="x-sh" line_numbers="" line_wrapping="" copy_to_clipboard="" copy_to_clipboard_text="" hide_on_mobile="small-visibility,medium-visibility,large-visibility" class="" id="" font_size="" border_size="" border_color="" border_style="" background_color="" line_number_background_color="" line_number_text_color="" margin_top="" margin_right="" margin_bottom="" margin_left=""]IyMjIFNpIHZvdXMgbidhdmV6IHBhcyBkZSBTTVRQIGNvbmZpZ3Vyw6kgOgpub3RpZmllcjoKICBkaXNhYmxlX3N0YXJ0dXBfY2hlY2s6IGZhbHNlCiAgZmlsZXN5c3RlbToKICAgIGZpbGVuYW1lOiAvY29uZmlnL25vdGlmaWNhdGlvbi50eHQ=[/fusion_syntax_highlighter][fusion_text columns="" column_min_width="" column_spacing="" rule_style="default" rule_size="" rule_color="" content_alignment_medium="" content_alignment_small="" content_alignment="" hide_on_mobile="small-visibility,medium-visibility,large-visibility" sticky_display="normal,sticky" class="" id="" margin_top="" margin_right="" margin_bottom="" margin_left="" font_size="" fusion_font_family_text_font="" fusion_font_variant_text_font="" line_height="" letter_spacing="" text_color="" animation_type="" animation_direction="left" animation_speed="0.3" animation_offset=""]

Et voici le joli docker-compose.yml :

[/fusion_text][fusion_syntax_highlighter theme="" language="x-sh" line_numbers="" line_wrapping="" copy_to_clipboard="" copy_to_clipboard_text="" hide_on_mobile="small-visibility,medium-visibility,large-visibility" class="" id="" font_size="" border_size="" border_color="" border_style="" background_color="" line_number_background_color="" line_number_text_color="" margin_top="" margin_right="" margin_bottom="" margin_left=""]LS0tCnZlcnNpb246ICczLjMnCgpuZXR3b3JrczoKICBuZXQ6CiAgICBkcml2ZXI6IGJyaWRnZQoKc2VydmljZXM6CiAgYXV0aGVsaWE6CiAgICBpbWFnZTogYXV0aGVsaWEvYXV0aGVsaWEKICAgIGNvbnRhaW5lcl9uYW1lOiBhdXRoZWxpYQogICAgdm9sdW1lczoKICAgICAgLSAuL2F1dGhlbGlhOi9jb25maWcKICAgIG5ldHdvcmtzOgogICAgICAtIG5ldAogICAgbGFiZWxzOgogICAgICAtICd0cmFlZmlrLmVuYWJsZT10cnVlJwogICAgICAtICd0cmFlZmlrLmh0dHAucm91dGVycy5hdXRoZWxpYS5ydWxlPUhvc3QoYGF1dGhlbGlhLnlvdXJkb21haW4uZnJgKScKICAgICAgLSAndHJhZWZpay5odHRwLnJvdXRlcnMuYXV0aGVsaWEuZW50cnlwb2ludHM9aHR0cHMnCiAgICAgIC0gJ3RyYWVmaWsuaHR0cC5yb3V0ZXJzLmF1dGhlbGlhLnRscz10cnVlJwogICAgICAtICd0cmFlZmlrLmh0dHAucm91dGVycy5hdXRoZWxpYS50bHMuY2VydHJlc29sdmVyPWxldHNlbmNyeXB0JwogICAgICAtICd0cmFlZmlrLmh0dHAubWlkZGxld2FyZXMuYXV0aGVsaWEuZm9yd2FyZGF1dGguYWRkcmVzcz1odHRwOi8vYXV0aGVsaWE6OTA5MS9hcGkvdmVyaWZ5P3JkPWh0dHBzOi8vYXV0aGVsaWEueW91cmRvbWFpbi5mcicgICMgeWFtbGxpbnQgZGlzYWJsZS1saW5lIHJ1bGU6bGluZS1sZW5ndGgKICAgICAgLSAndHJhZWZpay5odHRwLm1pZGRsZXdhcmVzLmF1dGhlbGlhLmZvcndhcmRhdXRoLnRydXN0Rm9yd2FyZEhlYWRlcj10cnVlJwogICAgICAtICd0cmFlZmlrLmh0dHAubWlkZGxld2FyZXMuYXV0aGVsaWEuZm9yd2FyZGF1dGguYXV0aFJlc3BvbnNlSGVhZGVycz1SZW1vdGUtVXNlcixSZW1vdGUtR3JvdXBzLFJlbW90ZS1OYW1lLFJlbW90ZS1FbWFpbCcgICMgeWFtbGxpbnQgZGlzYWJsZS1saW5lIHJ1bGU6bGluZS1sZW5ndGgKICAgIGV4cG9zZToKICAgICAgLSA5MDkxCiAgICByZXN0YXJ0OiB1bmxlc3Mtc3RvcHBlZAogICAgaGVhbHRoY2hlY2s6CiAgICAgIGRpc2FibGU6IHRydWUKICAgIGVudmlyb25tZW50OgogICAgICAtIFRaPUF1c3RyYWxpYS9NZWxib3VybmUKCiAgcmVkaXM6CiAgICBpbWFnZTogcmVkaXM6YWxwaW5lCiAgICBjb250YWluZXJfbmFtZTogcmVkaXMKICAgIHZvbHVtZXM6CiAgICAgIC0gLi9yZWRpczovZGF0YQogICAgbmV0d29ya3M6CiAgICAgIC0gbmV0CiAgICBleHBvc2U6CiAgICAgIC0gNjM3OQogICAgcmVzdGFydDogdW5sZXNzLXN0b3BwZWQKICAgIGVudmlyb25tZW50OgogICAgICAtIFRaPUF1c3RyYWxpYS9NZWxib3VybmUKCiAgdHJhZWZpazoKICAgIGltYWdlOiB0cmFlZmlrOjIuNAogICAgY29udGFpbmVyX25hbWU6IHRyYWVmaWsKICAgIHZvbHVtZXM6CiAgICAgIC0gLi90cmFlZmlrOi9ldGMvdHJhZWZpawogICAgICAtIC92YXIvcnVuL2RvY2tlci5zb2NrOi92YXIvcnVuL2RvY2tlci5zb2NrCiAgICBuZXR3b3JrczoKICAgICAgLSBuZXQKICAgIGxhYmVsczoKICAgICAgLSAndHJhZWZpay5lbmFibGU9dHJ1ZScKICAgICAgLSAndHJhZWZpay5odHRwLnJvdXRlcnMuYXBpLnJ1bGU9SG9zdChgdHJhZWZpay55b3VyZG9tYWluLmZyYCknCiAgICAgIC0gJ3RyYWVmaWsuaHR0cC5yb3V0ZXJzLmFwaS5lbnRyeXBvaW50cz1odHRwcycKICAgICAgLSAndHJhZWZpay5odHRwLnJvdXRlcnMuYXBpLnNlcnZpY2U9YXBpQGludGVybmFsJwogICAgICAtICd0cmFlZmlrLmh0dHAucm91dGVycy5hcGkudGxzPXRydWUnCiAgICAgIC0gJ3RyYWVmaWsuaHR0cC5yb3V0ZXJzLmFwaS50bHMuY2VydHJlc29sdmVyPWxldHNlbmNyeXB0JwogICAgICAtICd0cmFlZmlrLmh0dHAucm91dGVycy5hcGkubWlkZGxld2FyZXM9YXV0aGVsaWFAZG9ja2VyJwogICAgcG9ydHM6CiAgICAgIC0gODA6ODAKICAgICAgLSA0NDM6NDQzCiAgICBjb21tYW5kOgogICAgICAtICctLWFwaScKICAgICAgLSAnLS1wcm92aWRlcnMuZG9ja2VyPXRydWUnCiAgICAgIC0gJy0tcHJvdmlkZXJzLmRvY2tlci5leHBvc2VkQnlEZWZhdWx0PWZhbHNlJwogICAgICAtICctLWVudHJ5cG9pbnRzLmh0dHA9dHJ1ZScKICAgICAgLSAnLS1lbnRyeXBvaW50cy5odHRwLmFkZHJlc3M9OjgwJwogICAgICAtICctLWVudHJ5cG9pbnRzLmh0dHAuaHR0cC5yZWRpcmVjdGlvbnMuZW50cnlwb2ludC50bz1odHRwcycKICAgICAgLSAnLS1lbnRyeXBvaW50cy5odHRwLmh0dHAucmVkaXJlY3Rpb25zLmVudHJ5cG9pbnQuc2NoZW1lPWh0dHBzJwogICAgICAtICctLWVudHJ5cG9pbnRzLmh0dHBzPXRydWUnCiAgICAgIC0gJy0tZW50cnlwb2ludHMuaHR0cHMuYWRkcmVzcz06NDQzJwogICAgICAtICctLWNlcnRpZmljYXRlc1Jlc29sdmVycy5sZXRzZW5jcnlwdC5hY21lLmVtYWlsPWVtYWlsQHlvdXJkb21haW4uZnInCiAgICAgIC0gJy0tY2VydGlmaWNhdGVzUmVzb2x2ZXJzLmxldHNlbmNyeXB0LmFjbWUuc3RvcmFnZT0vZXRjL3RyYWVmaWsvYWNtZS5qc29uJwogICAgICAtICctLWNlcnRpZmljYXRlc1Jlc29sdmVycy5sZXRzZW5jcnlwdC5hY21lLmh0dHBDaGFsbGVuZ2UuZW50cnlQb2ludD1odHRwJwogICAgICAtICctLWxvZz10cnVlJwogICAgICAtICctLWxvZy5sZXZlbD1ERUJVRycKCiAgc2VjdXJlOgogICAgaW1hZ2U6IHRyYWVmaWsvd2hvYW1pCiAgICBjb250YWluZXJfbmFtZTogc2VjdXJlCiAgICBuZXR3b3JrczoKICAgICAgLSBuZXQKICAgIGxhYmVsczoKICAgICAgLSAndHJhZWZpay5lbmFibGU9dHJ1ZScKICAgICAgLSAndHJhZWZpay5odHRwLnJvdXRlcnMuc2VjdXJlLnJ1bGU9SG9zdChgc2VjdXJlLnlvdXJkb21haW4uZnJgKScKICAgICAgLSAndHJhZWZpay5odHRwLnJvdXRlcnMuc2VjdXJlLmVudHJ5cG9pbnRzPWh0dHBzJwogICAgICAtICd0cmFlZmlrLmh0dHAucm91dGVycy5zZWN1cmUudGxzPXRydWUnCiAgICAgIC0gJ3RyYWVmaWsuaHR0cC5yb3V0ZXJzLnNlY3VyZS50bHMuY2VydHJlc29sdmVyPWxldHNlbmNyeXB0JwogICAgICAtICd0cmFlZmlrLmh0dHAucm91dGVycy5zZWN1cmUubWlkZGxld2FyZXM9YXV0aGVsaWFAZG9ja2VyJwogICAgZXhwb3NlOgogICAgICAtIDgwCiAgICByZXN0YXJ0OiB1bmxlc3Mtc3RvcHBlZAoKICBwdWJsaWM6CiAgICBpbWFnZTogdHJhZWZpay93aG9hbWkKICAgIGNvbnRhaW5lcl9uYW1lOiBwdWJsaWMKICAgIG5ldHdvcmtzOgogICAgICAtIG5ldAogICAgbGFiZWxzOgogICAgICAtICd0cmFlZmlrLmVuYWJsZT10cnVlJwogICAgICAtICd0cmFlZmlrLmh0dHAucm91dGVycy5wdWJsaWMucnVsZT1Ib3N0KGBwdWJsaWMueW91cmRvbWFpbi5mcmApJwogICAgICAtICd0cmFlZmlrLmh0dHAucm91dGVycy5wdWJsaWMuZW50cnlwb2ludHM9aHR0cHMnCiAgICAgIC0gJ3RyYWVmaWsuaHR0cC5yb3V0ZXJzLnB1YmxpYy50bHM9dHJ1ZScKICAgICAgLSAndHJhZWZpay5odHRwLnJvdXRlcnMucHVibGljLnRscy5jZXJ0cmVzb2x2ZXI9bGV0c2VuY3J5cHQnCiAgICAgIC0gJ3RyYWVmaWsuaHR0cC5yb3V0ZXJzLnB1YmxpYy5taWRkbGV3YXJlcz1hdXRoZWxpYUBkb2NrZXInCiAgICBleHBvc2U6CiAgICAgIC0gODAKICAgIHJlc3RhcnQ6IHVubGVzcy1zdG9wcGVk[/fusion_syntax_highlighter][fusion_text columns="" column_min_width="" column_spacing="" rule_style="default" rule_size="" rule_color="" content_alignment_medium="" content_alignment_small="" content_alignment="" hide_on_mobile="small-visibility,medium-visibility,large-visibility" sticky_display="normal,sticky" class="" id="" margin_top="" margin_right="" margin_bottom="" margin_left="" font_size="" fusion_font_family_text_font="" fusion_font_variant_text_font="" line_height="" letter_spacing="" text_color="" animation_type="" animation_direction="left" animation_speed="0.3" animation_offset=""]

Concrètement, voici le rôle des différents services :

• Authelia : Le gestionnaire d'authentification

• Redis : Stockage de données en mode clé-valeur

• Traefik : Le reverse-proxy pour conteneur(s)

• Secure : Exemple d'application (en l'occurence Whoami (https://hub.docker.com/r/containous/whoami) pour démontrer l'authentification 'two_factor')

• Public : Exemple d'application (en l'occurence Whoami (https://hub.docker.com/r/containous/whoami) pour démontrer l'authentification 'one_factor')

On démarre le conteneur :

[/fusion_text][fusion_syntax_highlighter theme="" language="x-sh" line_numbers="" line_wrapping="" copy_to_clipboard="" copy_to_clipboard_text="" hide_on_mobile="small-visibility,medium-visibility,large-visibility" class="" id="" font_size="" border_size="" border_color="" border_style="" background_color="" line_number_background_color="" line_number_text_color="" margin_top="" margin_right="" margin_bottom="" margin_left=""]Y2QgYXV0aGVsaWEvZXhhbXBsZXMvY29tcG9zZS9saXRlCmRvY2tlci1jb21wb3NlIHVwIC1k[/fusion_syntax_highlighter][fusion_text columns="" column_min_width="" column_spacing="" rule_style="default" rule_size="" rule_color="" content_alignment_medium="" content_alignment_small="" content_alignment="" hide_on_mobile="small-visibility,medium-visibility,large-visibility" sticky_display="normal,sticky" class="" id="" margin_top="" margin_right="" margin_bottom="" margin_left="" font_size="" fusion_font_family_text_font="" fusion_font_variant_text_font="" line_height="" letter_spacing="" text_color="" animation_type="" animation_direction="left" animation_speed="0.3" animation_offset=""]

Allons tout d'abord sur le panel Authelia :

 

Les identifiants par défaut sont : authelia / authelia.

 

Vous êtes alors invité à configurer l'authentification en deux facteurs. Nous avons testé via OTP (à travers l'application Authy) et via YubiKey (notamment avec la version biométrique). Cliquez sur Register device, le lien pour ajouter l'appareil vous sera soit envoyé par email, ou dans le fichier suivant : authelia/examples/compose/lite/authemlia/notification.txt :

 

[/fusion_text][fusion_syntax_highlighter theme="" language="x-sh" line_numbers="" line_wrapping="" copy_to_clipboard="" copy_to_clipboard_text="" hide_on_mobile="small-visibility,medium-visibility,large-visibility" class="" id="" font_size="" border_size="" border_color="" border_style="" background_color="" line_number_background_color="" line_number_text_color="" margin_top="" margin_right="" margin_bottom="" margin_left=""]RGF0ZTogMjAyMS0xMS0wNCAwMTozMzoxMS41OTIyMjAxODQgKzExMDAgQUVEVCBtPSszMTI0LjcwNDk0NDM2MgpSZWNpcGllbnQ6IGF1dGhlbGlhQGF1dGhlbGlhLmNvbQpTdWJqZWN0OiBSZWdpc3RlciB5b3VyIG1vYmlsZQpCb2R5OiAKVGhpcyBlbWFpbCBoYXMgYmVlbiBzZW50IHRvIHlvdSBpbiBvcmRlciB0byB2YWxpZGF0ZSB5b3VyIGlkZW50aXR5LgpJZiB5b3UgZGlkIG5vdCBpbml0aWF0ZSB0aGUgcHJvY2VzcyB5b3VyIGNyZWRlbnRpYWxzIG1pZ2h0IGhhdmUgYmVlbiBjb21wcm9taXNlZC4gWW91IHNob3VsZCByZXNldCB5b3VyIHBhc3N3b3JkIGFuZCBjb250YWN0IGFuIGFkbWluaXN0cmF0b3IuCgpUbyBzZXR1cCB5b3VyIDJGQSBwbGVhc2UgdmlzaXQgdGhlIGZvbGxvd2luZyBVUkw6IGh0dHBzOi8vYXV0aGVsaWEueW91cmRvbWFpbi5mci9vbmUtdGltZS1wYXNzd29yZC9yZWdpc3Rlcj90b2tlbj1leUpoYkdjaU9pSklVekkxTmlJc0luUjVjQ0k2SWtwWFZDSjkuZXlKcGMzTWlPaUpCZFhSb1pXeHBZU0lzSW1WNGNDSTZNVFl6TlRrMU1ESTVNU3dpWVdOMGFXOXVJam9pVW1WbmFYTjBaWEpVVDFSUVJHVjJhV05sSWl3aWRYTmxjbTVoYldVaU9pSmhkWFJvWld4cFlTSjkuOEROQUJvNFo3ZnRIOVkyNWQzbXRxempQUnBPWmk2R2RwcmlWU0NBYlQ1TQoKUGxlYXNlIGNvbnRhY3QgYW4gYWRtaW5pc3RyYXRvciBpZiB5b3UgZGlkIG5vdCBpbml0aWF0ZSB0aGUgcHJvY2Vzcy4=[/fusion_syntax_highlighter][fusion_text columns="" column_min_width="" column_spacing="" rule_style="default" rule_size="" rule_color="" content_alignment_medium="" content_alignment_small="" content_alignment="" hide_on_mobile="small-visibility,medium-visibility,large-visibility" sticky_display="normal,sticky" class="" id="" margin_top="" margin_right="" margin_bottom="" margin_left="" font_size="" fusion_font_family_text_font="" fusion_font_variant_text_font="" line_height="" letter_spacing="" text_color="" animation_type="" animation_direction="left" animation_speed="0.3" animation_offset=""]

Ajouter une application

Supposons que nous avons une application web toute simple, on va ajouter un conteneur web Nginx utilisant cette image : https://hub.docker.com/r/yeasy/simple-web/

On va devoir rajouter une entrée DNS pour cette app : app1.yourdomain.fr par exemple. Puis rajouter ceci dans le docker-compose.yml :

[/fusion_text][fusion_syntax_highlighter theme="" language="x-sh" line_numbers="" line_wrapping="" copy_to_clipboard="" copy_to_clipboard_text="" hide_on_mobile="small-visibility,medium-visibility,large-visibility" class="" id="" font_size="" border_size="" border_color="" border_style="" background_color="" line_number_background_color="" line_number_text_color="" margin_top="" margin_right="" margin_bottom="" margin_left=""]ICBhcHAxOgogICAgaW1hZ2U6IHllYXN5L3NpbXBsZS13ZWIKICAgIGNvbnRhaW5lcl9uYW1lOiBhcHAxICAgCiAgICBuZXR3b3JrczoKICAgICAgLSBuZXQKICAgIGxhYmVsczoKICAgICAgLSAndHJhZWZpay5lbmFibGU9dHJ1ZScKICAgICAgLSAndHJhZWZpay5odHRwLnJvdXRlcnMuYXBwMS5ydWxlPUhvc3QoYGFwcDEueW91cmRvbWFpbi5mcmApJwogICAgICAtICd0cmFlZmlrLmh0dHAucm91dGVycy5hcHAxLmVudHJ5cG9pbnRzPWh0dHBzJwogICAgICAtICd0cmFlZmlrLmh0dHAucm91dGVycy5hcHAxLnRscz10cnVlJwogICAgICAtICd0cmFlZmlrLmh0dHAucm91dGVycy5hcHAxLnRscy5jZXJ0cmVzb2x2ZXI9bGV0c2VuY3J5cHQnCiAgICAgIC0gJ3RyYWVmaWsuaHR0cC5yb3V0ZXJzLmFwcDEubWlkZGxld2FyZXM9YXV0aGVsaWFAZG9ja2VyJw==[/fusion_syntax_highlighter][fusion_text columns="" column_min_width="" column_spacing="" rule_style="default" rule_size="" rule_color="" content_alignment_medium="" content_alignment_small="" content_alignment="" hide_on_mobile="small-visibility,medium-visibility,large-visibility" sticky_display="normal,sticky" class="" id="" margin_top="" margin_right="" margin_bottom="" margin_left="" font_size="" fusion_font_family_text_font="" fusion_font_variant_text_font="" line_height="" letter_spacing="" text_color="" animation_type="" animation_direction="left" animation_speed="0.3" animation_offset=""]

Ensuite, il faut choisir le mode d'authentification pour cette nouvelle application (voir : https://www.authelia.com/docs/configuration/access-control.html) ; pour l'exemple nous allons choisir two_factor. Dans authelia/examples/compose/lite/authelia/configuration.yml :

[/fusion_text][fusion_syntax_highlighter theme="" language="x-sh" line_numbers="" line_wrapping="" copy_to_clipboard="" copy_to_clipboard_text="" hide_on_mobile="small-visibility,medium-visibility,large-visibility" class="" id="" font_size="" border_size="" border_color="" border_style="" background_color="" line_number_background_color="" line_number_text_color="" margin_top="" margin_right="" margin_bottom="" margin_left=""]YWNjZXNzX2NvbnRyb2w6CiAgLi4uCiAgcnVsZXM6CiAgLi4uCiAgICAtIGRvbWFpbjogYXBwMS55b3VyZG9tYWluLmZyCiAgICAgIHBvbGljeTogdHdvX2ZhY3Rvcg==[/fusion_syntax_highlighter][fusion_text columns="" column_min_width="" column_spacing="" rule_style="default" rule_size="" rule_color="" content_alignment_medium="" content_alignment_small="" content_alignment="" hide_on_mobile="small-visibility,medium-visibility,large-visibility" sticky_display="normal,sticky" class="" id="" margin_top="" margin_right="" margin_bottom="" margin_left="" font_size="" fusion_font_family_text_font="" fusion_font_variant_text_font="" line_height="" letter_spacing="" text_color="" animation_type="" animation_direction="left" animation_speed="0.3" animation_offset=""]

Et c'est tout ! Redémarrer les services :

[/fusion_text][fusion_syntax_highlighter theme="" language="x-sh" line_numbers="" line_wrapping="" copy_to_clipboard="" copy_to_clipboard_text="" hide_on_mobile="small-visibility,medium-visibility,large-visibility" class="" id="" font_size="" border_size="" border_color="" border_style="" background_color="" line_number_background_color="" line_number_text_color="" margin_top="" margin_right="" margin_bottom="" margin_left=""]ZG9ja2VyLWNvbXBvc2UgZG93biAmJiBkb2NrZXItY29tcG9zZSB1cCAtZA==[/fusion_syntax_highlighter][fusion_text columns="" column_min_width="" column_spacing="" rule_style="default" rule_size="" rule_color="" content_alignment_medium="" content_alignment_small="" content_alignment="" hide_on_mobile="small-visibility,medium-visibility,large-visibility" sticky_display="normal,sticky" class="" id="" margin_top="" margin_right="" margin_bottom="" margin_left="" font_size="" fusion_font_family_text_font="" fusion_font_variant_text_font="" line_height="" letter_spacing="" text_color="" animation_type="" animation_direction="left" animation_speed="0.3" animation_offset=""]

En lecture complémentaire, voici les précédents articles émanant de l'approche du SSO : 

- Comment nous avons créé une architecture SSO : Nextcloud + Keycloak + YubiKey
- Les différents modes d'authentification sous Keycloak

[/fusion_text][/fusion_builder_column][/fusion_builder_row][/fusion_builder_container]