https://github.com/authelia/authelia Skip to content Sign up * Why GitHub? Features - + Mobile - + Actions - + Codespaces - + Packages - + Security - + Code review - + Project management - + Integrations - + GitHub Sponsors - + Customer stories- * Team * Enterprise * Explore + Explore GitHub - Learn and contribute + Topics - + Collections - + Trending - + Learning Lab - + Open source guides - Connect with others + The ReadME Project - + Events - + Community forum - + GitHub Education - + GitHub Stars program - * Marketplace * Pricing Plans - + Compare plans - + Contact Sales - + Nonprofit - + Education - [ ] [search-key] * # In this repository All GitHub | Jump to | * No suggested jump to results * # In this repository All GitHub | Jump to | * # In this organization All GitHub | Jump to | * # In this repository All GitHub | Jump to | Sign in Sign up {{ message }} authelia / authelia * Sponsor Sponsor authelia/authelia * Notifications * Star 3.6k * Fork 236 The Single Sign-On Multi-Factor portal for web apps www.authelia.com Apache-2.0 License 3.6k stars 236 forks Star Notifications * Code * Issues 72 * Pull requests 8 * Projects 5 * Security * Insights More * Code * Issues * Pull requests * Projects * Security * Insights master Switch branches/tags [ ] Branches Tags Nothing to show {{ refName }} default View all branches Nothing to show {{ refName }} default View all tags 14 branches 132 tags Go to file Code Clone HTTPS GitHub CLI [https://github.com/a] Use Git or checkout with SVN using the web URL. [gh repo clone authel] Work fast with our official CLI. Learn more. * Open with GitHub Desktop * Download ZIP Launching GitHub Desktop If nothing happens, download GitHub Desktop and try again. Go back Launching GitHub Desktop If nothing happens, download GitHub Desktop and try again. Go back Launching Xcode If nothing happens, download Xcode and try again. Go back Launching Visual Studio If nothing happens, download the GitHub extension for Visual Studio and try again. Go back Latest commit @dependabot @james-d-elliott dependabot and james-d-elliott build(deps): bump elliptic from 6.5.3 to 6.5.4 in /web (#1796) ... c4864ca Mar 10, 2021 build(deps): bump elliptic from 6.5.3 to 6.5.4 in /web (#1796) Bumps [elliptic](https://github.com/indutny/elliptic) from 6.5.3 to 6.5.4. - [Release notes](https://github.com/indutny/elliptic/releases) - [Commits](indutny/elliptic@v6.5.3...v6.5.4) Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: James Elliott c4864ca Git stats * 1,682 commits Files Permalink Failed to load latest commit information. Type Name Latest commit message Commit time .buildkite ci: restore dependabot rules (#1797) Mar 10, 2021 .github ci: restore dependabot rules (#1797) Mar 10, 2021 api perf(authorizer): preload access control lists (#1640) Mar 5, 2021 cmd feat(session): add redis sentinel provider (#1768) Mar 9, 2021 compose build(deps): update traefik docker tag (#1674) Jan 30, 2021 docs feat(session): add redis sentinel provider (#1768) Mar 9, 2021 internal feat(session): add redis sentinel provider (#1768) Mar 9, 2021 web build(deps): bump elliptic from 6.5.3 to 6.5.4 in /web (#1796) Mar 10, 2021 .all-contributorsrc docs: add ThinkChaos as a contributor (#1761) Feb 23, 2021 .codecov.yml [CI] Exclude non-coverage files from codecov upload (#1495) Nov 30, 2020 .dockerignore Added environment variable parsing for: Jun 7, 2019 .gitignore [MISC] Add CLI suite (#1597) Jan 16, 2021 .golangci.yml [CI] Add gocritic linter (#977) May 6, 2020 .renovaterc ci(renovate): enable auto rebase (#1679) Jan 31, 2021 .reviewdog.yml [CI] Add linting option for frontend and enforce styling (#1565) Jan 2, 2021 CONTRIBUTING.md docs: update contribution guidelines (#1666) Jan 30, 2021 Dockerfile feat: go:embed static assets (#1733) Feb 21, 2021 Dockerfile.arm32v7 feat: go:embed static assets (#1733) Feb 21, 2021 Dockerfile.arm64v8 feat: go:embed static assets (#1733) Feb 21, 2021 Dockerfile.coverage feat: go:embed static assets (#1733) Feb 21, 2021 LICENSE Change license from MIT to Apache 2.0. Apr 16, 2019 README.md docs: add ThinkChaos as a contributor (#1761) Feb 23, 2021 SECURITY.md docs: update contribution guidelines (#1666) Jan 30, 2021 authelia.service [FEATURE] Embed static assets in Go binary (#916) Apr 28, 2020 bootstrap.sh [DEV] Notify that macOS currently isn't supported for dev workflow (# ... Jun 21, 2020 config.template.yml feat(session): add redis sentinel provider (#1768) Mar 9, 2021 entrypoint.sh [BUGFIX] Dynamically determine healthcheck URL (#1444) Nov 11, 2020 go.mod build(deps): update module github.com/sirupsen/logrus to v1.8.1 (# 1792) Mar 10, 2021 go.sum build(deps): update module github.com/sirupsen/logrus to v1.8.1 (# 1792) Mar 10, 2021 healthcheck.sh test(handlers): add health check to coverage build (#1684) Feb 2, 2021 View code README.md [authelia-title] Build Go Report Card Docker Tag Docker Size GitHub Release AUR source version AUR binary version AUR development version License Sponsor Discord Matrix Authelia is an open-source authentication and authorization server providing 2-factor authentication and single sign-on (SSO) for your applications via a web portal. It acts as a companion of reverse proxies like nginx, Traefik or HAProxy to let them know whether queries should pass through. Unauthenticated users are redirected to Authelia Sign-in portal instead. Documentation is available at https://docs.authelia.com. The architecture is shown in the diagram below. [archi] Authelia can be installed as a standalone service from the AUR, FreeBSD Ports, or using a Static binary, Docker or Kubernetes leveraging ingress controllers and ingress configurations. Assistance to publish a debian package would be greatly appreciated. [kubernetes] [docker] Here is what Authelia's portal looks like [1FA] [2FA-METHODS] Features summary Here is the list of the main available features: * Several kind of second factor: + Security Key (U2F) with Yubikey. + Time-based One-Time password with Google Authenticator. + Mobile Push Notifications with Duo. * Password reset with identity verification using email confirmation. * Single-factor only authentication method available. * Access restriction after too many authentication attempts. * Fine-grained access control per subdomain, user, resource and network. * Support of basic authentication for endpoints protected by single factor. * Highly available using a remote database and Redis as a highly available KV store. * Compatible with Kubernetes ingress-nginx controller out of the box. For more details about the features, follow Features. If you want to know more about the roadmap, follow Roadmap. Proxy support Authelia works in combination with nginx, Traefik or HAProxy. It can be deployed on bare metal with Docker or on top of Kubernetes. [nginx] [traefik] [haproxy] [kubernetes] Getting Started You can start utilising Authelia with the provided docker-compose bundles: Local The Local compose bundle is intended to test Authelia without worrying about configuration. It's meant to be used for scenarios where the server is not be exposed to the internet. Domains will be defined in the local hosts file and self-signed certificates will be utilised. Lite The Lite compose bundle is intended for scenarios where the server will be exposed to the internet, domains and DNS will need to be setup accordingly and certificates will be generated through LetsEncrypt. The Lite element refers to minimal external dependencies; File based user storage, SQLite based configuration storage. In this configuration, the service will not scale well. Full The Full compose bundle is intended for scenarios where the server will be exposed to the internet, domains and DNS will need to be setup accordingly and certificates will be generated through LetsEncrypt. The Full element refers to a scalable setup which includes external dependencies; LDAP based user storage, Database based configuration storage (MariaDB, MySQL or Postgres). Deployment Now that you have tested Authelia and you want to try it out in your own infrastructure, you can learn how to deploy and use it with Deployment. This guide will show you how to deploy it on bare metal as well as on Kubernetes. Security Authelia takes security very seriously. We follow the rule of responsible disclosure, and we encourage the community to as well. If you discover a vulnerability in Authelia, please first contact one of the maintainers privately either via Matrix or email as described in the contact options below. For details about security measures implemented in Authelia, please follow this link and for reading about the threat model follow this link. Contact Options Matrix Join the Matrix Room and locate one of the maintainers. You can identify them as they are the room administrators. Alternatively you can just ask for one of the maintainers. Once you've made contact we ask you privately message the maintainer to communicate the vulnerability. Discord Join the Discord Server and message the #support chat which links to Matrix and contact a maintainer. Email You can contact any of the maintainers for security vulnerability related issues by emailing security@authelia.com. This email is strictly reserved for security and vulnerability disclosure related matters. If you need to contact us for another reason please use Matrix or team@authelia.com. Breaking changes Since Authelia is still under active development, it is subject to breaking changes. It's recommended to pin a version tag instead of using the latest tag and reading the release notes before upgrading. This is where you will find information about breaking changes and what you should do to overcome those changes. Why Open Source? You might wonder why Authelia is open source while it adds a great deal of security and user experience to your infrastructure at zero cost. It is open source because we firmly believe that security should be available for all to benefit in the face the battlefield which is the Internet with near zero effort. Additionally, keeping the code open source is a way to leave it auditable by anyone who is willing to contribute. This way, you can be confident that the product remains secure and does not act maliciously. It's important to keep in mind Authelia is not directly exposed on the Internet (your reverse proxies are) however, it's still the control plane for your internal security so take care of it! Contribute If you want to contribute to Authelia, please read our contribution guidelines. Authelia exists thanks to all the people who contribute so don't be shy, come chat with us on Matrix and start contributing too. Thanks goes to these wonderful people (emoji key): [3193257] [3339418] [3903683] [14371127] [2241519] [13933258] [208440] [Clement [Amir [James [Antoine [ [Philipp [Callan Michaud] Zarrinkafsh] Elliott] Favre] BankaiNoJutsu Rintz] Bryant] ] [?][?] [?][?] [?][?] [5301673] [13637623] [9061024] [137025] [ [40716069] [11628284] [2157287] [Stoica [Dylan [Ian] FrozenDragoon [vdot0x23] [alexw1982] [Sohalt] Tedy] Smith] ] [24586740] [9325003] [168188] [1979423] [6560655] [1454505] [Lukas [Philipp [James [Chris [13240971] [Silver [Paul Klass] Staiger] Hodgkinson Smith] [Mihaly] Bullet] Williams] [?][?] ] [?][?] [44645768] [864376] [4400540] [494334] [14645] [6145026] [Andrew [Kristof [ZMiguel [12972900] [Daniel [Dustin [Timo] Kliskey] Mattei] Valdiviesso [akusei] Miller] Sweigart] ] [?][?] [247716] [4941215] [25612094] [2216868] [38590447] [2650170] [35109315] [Shawn [Kevyn [Daniel [Valentin [thehedgefrog [Victor] [Chris Haggard] Bruyere] Sutton] Hobel] ] Whisker] [?][?] [60454087] [18271791] [Begley [509966] [1029195] [52870424] [194685] [5852381] [nasatome] Brothers [Mike [Dimitris [TheCatLady] [Lauri [Kennard (Development) Kusold] Zervas] Vosandi] Vermeiren] ] [4761135] [ ThinkChaos ] [?][?] This project follows the all-contributors specification. Contributions of any kind welcome! Backers Thank you to all our backers! [Become a backer] and help us sustain our community. The money we currently receive is dedicated to bootstrap a bug bounty program to give us as many eyes as we can to detect potential vulnerabilities. [6874747073] Sponsors Support Authelia by becoming a sponsor. Your logo will show up here with a link to your website. [Become a sponsor] [6874747073] [6874747073] [6874747073] [6874747073] [6874747073] [6874747073] [6874747073] [6874747073] [6874747073] [6874747073] Jetbrains Thank you to JetBrains JetBrains for providing us with free licenses to their great tools * IDEA IDEA * GoLand GoLand * WebStorm WebStorm License Authelia is licensed under the Apache 2.0 license. The terms of the license are detailed in LICENSE. FOSSA Status About The Single Sign-On Multi-Factor portal for web apps www.authelia.com Topics docker nginx kubernetes golang security ldap authentication cookie push-notifications u2f yubikey two-factor totp sso traefik mfa two-factor-authentication sso-authentication 2fa multifactor Resources Readme License Apache-2.0 License Releases 132 v4.27.0 Latest Mar 10, 2021 + 131 releases Sponsor this project * open_collective opencollective.com/authelia-sponsors Packages 0 No packages published Contributors 50 * @clems4ever * @nightah * @james-d-elliott * @autheliabot * @renovate-bot * @BankaiNoJutsu * @p-rintz * @naggie * @ViViDboarder + 39 contributors Languages * Go 79.7% * TypeScript 12.7% * Shell 2.9% * Lua 2.7% * HTML 1.1% * JavaScript 0.5% * Other 0.4% * (c) 2021 GitHub, Inc. * Terms * Privacy * Security * Status * Docs * Contact GitHub * Pricing * API * Training * Blog * About You can't perform that action at this time. You signed in with another tab or window. Reload to refresh your session. You signed out in another tab or window. Reload to refresh your session.