-
Notifications
You must be signed in to change notification settings - Fork 107
/
security.yaml
57 lines (50 loc) · 2.7 KB
/
security.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
security:
enable_authenticator_manager: true
providers:
pimcore_admin:
id: Pimcore\Bundle\AdminBundle\Security\User\UserProvider
firewalls:
dev:
pattern: ^/(_(profiler|wdt)|css|images|js)/
security: false
# Pimcore WebDAV HTTP basic // DO NOT CHANGE!
pimcore_admin_webdav:
pattern: ^/admin/asset/webdav
provider: pimcore_admin
http_basic: ~
# Pimcore admin form login // DO NOT CHANGE!
pimcore_admin:
pattern: ^/admin(/.*)?$
# admin firewall is stateless as we open the admin
# session on demand for non-blocking parallel requests
stateless: true
provider: pimcore_admin
login_throttling:
max_attempts: 3
interval: '5 minutes'
logout:
path: pimcore_admin_logout
target: pimcore_admin_login
custom_authenticators:
- Pimcore\Bundle\AdminBundle\Security\Authenticator\AdminLoginAuthenticator
- Pimcore\Bundle\AdminBundle\Security\Authenticator\AdminTokenAuthenticator
- Pimcore\Bundle\AdminBundle\Security\Authenticator\AdminSessionAuthenticator
two_factor:
auth_form_path: /admin/login/2fa # Path or route name of the two-factor form
check_path: /admin/login/2fa-verify # Path or route name of the two-factor code check
default_target_path: /admin # Where to redirect by default after successful authentication
always_use_default_target_path: false # If it should always redirect to default_target_path
auth_code_parameter_name: _auth_code # Name of the parameter for the two-factor authentication code
trusted_parameter_name: _trusted # Name of the parameter for the trusted device option
multi_factor: false # If ALL active two-factor methods need to be fulfilled (multi-factor authentication)
access_control:
# Pimcore admin ACl // DO NOT CHANGE!
- { path: ^/admin/settings/display-custom-logo, roles: PUBLIC_ACCESS }
- { path: ^/admin/login/2fa-verify, roles: IS_AUTHENTICATED_2FA_IN_PROGRESS}
- { path: ^/admin/login/2fa, roles: IS_AUTHENTICATED_2FA_IN_PROGRESS}
- { path: ^/admin/login$, roles: PUBLIC_ACCESS }
- { path: ^/admin/login/(login|lostpassword|deeplink|csrf-token)$, roles: PUBLIC_ACCESS }
- { path: ^/admin, roles: ROLE_PIMCORE_USER }
role_hierarchy:
# Pimcore admin // DO NOT CHANGE!
ROLE_PIMCORE_ADMIN: [ROLE_PIMCORE_USER]