mirror of
https://github.com/dani-garcia/vaultwarden.git
synced 2025-07-29 15:19:10 +00:00
Improvements and error handling
This commit is contained in:
Timshel
parent
671f7a1d31
commit
fefa55cad4
69 changed files with 2744 additions and 627 deletions
|
|
@ -161,6 +161,10 @@
|
|||
## Cron schedule of the job that cleans expired Duo contexts from the database. Does nothing if Duo MFA is disabled or set to use the legacy iframe prompt.
|
||||
## Defaults to every minute. Set blank to disable this job.
|
||||
# DUO_CONTEXT_PURGE_SCHEDULE="30 * * * * *"
|
||||
#
|
||||
## Cron schedule of the job that cleans sso nonce from incomplete flow
|
||||
## Defaults to daily (20 minutes after midnight). Set blank to disable this job.
|
||||
# PURGE_INCOMPLETE_SSO_NONCE="0 20 0 * * *"
|
||||
|
||||
########################
|
||||
### General settings ###
|
||||
|
|
@ -452,11 +456,31 @@
|
|||
# SSO_ENABLED=false
|
||||
## Prevent users from logging in directly without going through SSO
|
||||
# SSO_ONLY=false
|
||||
## On SSO Signup if a user with a matching email already exists make the association
|
||||
# SSO_SIGNUPS_MATCH_EMAIL=true
|
||||
## Base URL of the OIDC server (auto-discovery is used)
|
||||
## - Should not include the `/.well-known/openid-configuration` part and no trailing `/`
|
||||
## - ${SSO_AUTHORITY}/.well-known/openid-configuration should return a json document: https://openid.net/specs/openid-connect-discovery-1_0.html#ProviderConfigurationResponse
|
||||
# SSO_AUTHORITY=https://auth.example.com
|
||||
## Authorization request scopes. Optional SSO scopes, override if email and profile are not enough (`openid` is implicit).
|
||||
#SSO_SCOPES="email profile"
|
||||
## Additionnal authorization url parameters (ex: to obtain a `refresh_token` with Google Auth).
|
||||
# SSO_AUTHORIZE_EXTRA_PARAMS="access_type=offline&prompt=consent"
|
||||
## Activate PKCE for the Auth Code flow. Recommended but disabled for now waiting for feedback on support.
|
||||
# SSO_PKCE=false
|
||||
## Regex to add additionnal trusted audience to Id Token (by default only the client_id is trusted).
|
||||
# SSO_AUDIENCE_TRUSTED='^$'
|
||||
## Set your Client ID and Client Key
|
||||
# SSO_CLIENT_ID=11111
|
||||
# SSO_CLIENT_SECRET=AAAAAAAAAAAAAAAAAAAAAAAA
|
||||
## Optional Master password policy (minComplexity=[0-4])
|
||||
# SSO_MASTER_PASSWORD_POLICY='{"enforceOnLogin":false,"minComplexity":3,"minLength":12,"requireLower":false,"requireNumbers":false,"requireSpecial":false,"requireUpper":false}'
|
||||
## Use sso only for authentication not the session lifecycle
|
||||
# SSO_AUTH_ONLY_NOT_SESSION=false
|
||||
## Client cache for discovery endpoint. Duration in seconds (0 to disable).
|
||||
# SSO_CLIENT_CACHE_EXPIRATION=0
|
||||
## Log all the tokens, LOG_LEVEL=debug is required
|
||||
# SSO_DEBUG_TOKENS=false
|
||||
|
||||
########################
|
||||
### MFA/2FA settings ###
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue