Skip to content
The Single Sign-On Multi-Factor portal for web apps
Go TypeScript Shell HTML JavaScript Dockerfile CSS
Branch: master
Clone or download

Latest commit

james-d-elliott [FEATURE] Remember Me Configuration (#813)
* [FEATURE] Remember Me Configuration
* allow users to specify the duration of remember me using remember_me_duration in session config
* setting the duration to 0 disables remember me
* only render the remember me element if remember me is enabled
* prevent malicious users from faking remember me functionality in the backend
* add string to duration helper called ParseDurationString to parse a string into a duration
* added tests to the helper function
* use the SessionProvider to store the time.Duration instead of parsing it over and over again
* add sec doc, adjust month/min, consistency
* renamed internal/utils/constants.go to internal/utils/const.go to be consistent
* added security measure docs
* adjusted default remember me duration to be 1 month instead of 1 year
* utilize default remember me duration in the autheliaCtx mock
* adjust order of keys in session configuration examples
* add notes on session security measures secret only being redis 
* add TODO items for duration notation for both Expiration and Inactivity (will be removed soon)
* fix error text for Inactivity in the validator 
* add session validator tests
* deref check bodyJSON.KeepMeLoggedIn and derive the value based on conf and user input and store it (DRY)
* remove unnecessary regex for the simplified ParseDurationString utility
* ParseDurationString only accepts decimals without leading zeros now
* comprehensively test all unit types
* remove unnecessary type unions in web
* add test to check sanity of time duration consts, this is just so they can't be accidentally changed
* simplify deref check and assignment
* fix reset password padding/margins
* adjust some doc wording
* adjust the handler configuration suite test
* actually run the handler configuration suite test (whoops)
* reduce the number of regex's used by ParseDurationString to 1, thanks to Clement
* adjust some error wording
Latest commit 626f5d2 Apr 4, 2020


Type Name Latest commit message Commit time
Failed to load latest commit information.
.buildkite [FEATURE] Include darwin based binaries for OSX (#814) Apr 3, 2020
.dependabot [MISC] Add dependabot configuration (#736) Mar 19, 2020
.github [Buildkite] Fix pipeline to work alongside dependabot (#706) Mar 15, 2020
cmd [FEATURE] Include darwin based binaries for OSX (#814) Apr 3, 2020
compose [MISC] Add .gitignore to skip temporary directories generated by loca… Mar 28, 2020
docs [FEATURE] Remember Me Configuration (#813) Apr 3, 2020
internal [FEATURE] Remember Me Configuration (#813) Apr 3, 2020
web [FEATURE] Remember Me Configuration (#813) Apr 3, 2020
.dockerignore Added environment variable parsing for: Jun 7, 2019
.gitignore [MISC] Restructure repo folder layout (#628) Feb 9, 2020 [FEATURE][BREAKING] Allow users to sign in with email. (#792) Mar 30, 2020 [MISC] Add a to the project. (#604) Feb 1, 2020
Dockerfile [MISC] Update Golang and QEMU to v1.14.0 and v4.2.0-6 respectively (#685 Mar 6, 2020
Dockerfile.arm32v7 [Buildkite] Update musl-cross-make toolchain to gcc 9.2.0 (#703) Mar 14, 2020
Dockerfile.arm64v8 [Buildkite] Update musl-cross-make toolchain to gcc 9.2.0 (#703) Mar 14, 2020
Dockerfile.darwin [FEATURE] Include darwin based binaries for OSX (#814) Apr 3, 2020
LICENSE Change license from MIT to Apache 2.0. Apr 16, 2019 [RELEASE] v4.11.0 (#810) Mar 31, 2020
authelia.service Update with AUR references and remove (#576) Jan 24, 2020 [Buildkite] Automate CD for AUR packages (#644) Feb 19, 2020
config.template.yml [FEATURE] Remember Me Configuration (#813) Apr 3, 2020
go.mod [FEATURE] Include darwin based binaries for OSX (#814) Apr 3, 2020
go.sum [MISC] (deps): Bump from 3.1.7 to 3.1.8 (#812 Apr 1, 2020

Build Go Report Card Docker Tag Docker Size GitHub Release AUR source version AUR binary version AUR development version License Sponsor Matrix

Authelia is an open-source authentication and authorization server providing 2-factor authentication and single sign-on (SSO) for your applications via a web portal. It acts as a companion of reverse proxies like nginx, Traefik or HAProxy to let them know whether queries should pass through. Unauthenticated user are redirected to Authelia Sign-in portal instead.

Documentation is available at

The architecture is shown in the diagram below.

BREAKING NEWS: Authelia v4 has been released! Please read if you want to migrate from v3 to v4. Otherwise, start fresh in v4 and enjoy!

Authelia can be installed as a standalone service from the AUR, using a Static binary, Docker or can also be deployed easily on Kubernetes leveraging ingress controllers and ingress configuration.

Here is what Authelia's portal looks like

Features summary

Here is the list of the main available features:

  • Several kind of second factor:
  • Password reset with identity verification using email confirmation.
  • Single-factor only authentication method available.
  • Access restriction after too many authentication attempts.
  • Fine-grained access control per subdomain, user, resource and network.
  • Support of basic authentication for endpoints protected by single factor.
  • Highly available using a remote database and Redis as a highly available KV store.
  • Compatible with Kubernetes ingress-nginx controller out of the box.

For more details about the features, follow Features.

Proxy support

Authelia works in combination with nginx, Traefik or HAProxy. It can be deployed on bare metal with Docker or on top of Kubernetes.

Getting Started

You can start utilising Authelia with the provided docker-compose bundles:


The Local compose bundle is intended to test Authelia without worrying about configuration. It's meant to be used for scenarios where the server is not be exposed to the internet. Domains will be defined in the local hosts file and self-signed certificates will be utilised.


The Lite compose bundle is intended for scenarios where the server will be exposed to the internet, domains and DNS will need to be setup accordingly and certificates will be generated through LetsEncrypt. The Lite element refers to minimal external dependencies; File based user storage, SQLite based configuration storage. In this configuration, the service will not scale well.


The Full compose bundle is intended for scenarios where the server will be exposed to the internet, domains and DNS will need to be setup accordingly and certificates will be generated through LetsEncrypt. The Full element refers to a scalable setup which includes external dependencies; LDAP based user storage, Database based configuration storage (MariaDB, MySQL or Postgres).


Now that you have tested Authelia and you want to try it out in your own infrastructure, you can learn how to deploy and use it with Deployment. This guide will show you how to deploy it on bare metal as well as on Kubernetes.


Security is taken very seriously here, therefore we follow the rule of responsible disclosure and we encourage you to do so.

Would you like to report any vulnerability discovered in Authelia, please first contact clems4ever on Matrix or by email.

For details about security measures implemented in Authelia, please follow this link.

Breaking changes



If you want to contribute to Authelia, check the documentation available here.


Become a backer to support Authelia.


Authelia is licensed under the Apache 2.0 license. The terms of the license are detailed in LICENSE.

You can’t perform that action at this time.