searchguard: dynamic: http: anonymous_auth_enabled: false xff: enabled: false internalProxies: '192\.168\.0\.10|192\.168\.0\.11' # regex pattern remoteIpHeader: 'x-forwarded-for' proxiesHeader: 'x-forwarded-by' authc: kerberos_auth_domain: http_enabled: true transport_enabled: true order: 1 http_authenticator: type: kerberos # NOT FREE FOR COMMERCIAL USE challenge: true config: krb_debug: true strip_realm_from_principal: true authentication_backend: type: noop basic_internal_auth_domain: http_enabled: false transport_enabled: false order: 4 http_authenticator: type: basic challenge: true authentication_backend: type: intern proxy_auth_domain: http_enabled: false transport_enabled: false order: 3 http_authenticator: type: proxy challenge: false config: user_header: "x-proxy-user" roles_header: "x-proxy-roles" authentication_backend: type: noop jwt_auth_domain: http_enabled: false transport_enabled: false order: 0 http_authenticator: type: jwt challenge: false config: signing_key: "base64 encoded HMAC key or public RSA/ECDSA pem key" jwt_header: "Authorization" jwt_url_parameter: null roles_key: null subject_key: null authentication_backend: type: noop clientcert_auth_domain: http_enabled: false transport_enabled: false order: 2 http_authenticator: type: clientcert config: username_attribute: cn #optional, if omitted DN becomes username challenge: false authentication_backend: type: noop ldap: http_enabled: false transport_enabled: false order: 5 http_authenticator: type: basic challenge: false authentication_backend: type: ldap # NOT FREE FOR COMMERCIAL USE config: enable_ssl: false enable_start_tls: false enable_ssl_client_auth: false verify_hostnames: true hosts: - localhost:8389 bind_dn: null password: null userbase: 'ou=people,dc=example,dc=com' usersearch: '(sAMAccountName={0})' username_attribute: null authz: roles_from_myldap: http_enabled: false transport_enabled: false authorization_backend: type: ldap # NOT FREE FOR COMMERCIAL USE config: enable_ssl: false enable_start_tls: false enable_ssl_client_auth: false verify_hostnames: true hosts: - localhost:8389 bind_dn: null password: null rolebase: 'ou=groups,dc=example,dc=com' rolesearch: '(member={0})' userroleattribute: null userrolename: disabled rolename: cn resolve_nested_roles: true userbase: 'ou=people,dc=example,dc=com' usersearch: '(uid={0})' roles_from_another_ldap: enabled: false authorization_backend: type: ldap # NOT FREE FOR COMMERCIAL USE