Authelia docs
Help us fund a security audit.
Lightweight šŖ¶
With a compressed container size smaller than 20 megabytes and observed memory usage normally under 30 megabytes, it's one of the most lightweight solutions available.
Blazing Fast ā”
Written in Go and React, authorization policies and many other backend tasks are completed in mere milliseconds and login portal loading times of 100 milliseconds makes it one of the fastest solutions available.
Efficient ā»
Processors can use a lot of electricity, but when idle usage is basically so low that you can't measure it, and active usage in a small business environment being under 1% you can rest easy (with the exclusion of password hashing).
Security by Design š
Not just another IAM portal, security is heavily considered as part of our design process.
Login Regulation š”ļø
Prevent brute force login attempts by only allowing a certain number of logins before the user is locked for a period.
Password Reset š§
Built-in support for users to reset their LDAP or internal passwords with email validation right from the web interface.
Single Sign-On šļø
OpenID Connect 1.0, or Trusted Headers.
Authorization Policies š®
Question about Authelia configuration
1. The problem Iām having:
Hey, itās me again, the guy with the strange questions.
I am templating the Authelia integration example for the opnsense plugin of Caddy. I am trying to fit things into the existing logic, and I want to know if the resulting Caddyfile of my template would work, or not. The caddyfile validation says itās okay, but Iām unsure since I donāt have any experience with forward_auth.
My main question is, are the additional empty allowed, or do they have to be removed (because if the forward_auth is successful, it wonāt ābreak outā of the to go to the next one.)
Thank you a lot.
2. Error messages and/or full log output:
3. Caddy version:
4. How I installed and ran Caddy:
a. System environment:
b. Command:
c. Service/unit/compose file:
d. My complete Caddy config:
5. Links to relevant resources:
caddyserver.comforward_auth (Caddyfile directive) - Caddy Documentation
Caddy is a powerful, enterprise-ready, open source web server with automatic HTTPS written in Go
Authelia Identity Providerļ
Created: 6 Jul 2025.
Why I need an Identity Providerļ
After I started hosting this public website on my home server, I realised how useful all the documentation was ā not just for me, but for others to refer to, especially when I met someone who wanted to know how something was done.
Being a amatuer photography enthusiast, it wasnāt long before I was longing to share my photos on my site as well. But it had to be behind an authenticated site. So I started thinking about how to go about achieving this. The more I searched, the more I realised it wasnāt going to easy.
What led me to Autheliaļ
The initial approachļ
I started out dreaming of the ideal solution, one that would be tailored to what I wanted:
cater for multiple realms / domains
enforce two factor authentication
single ID sign on for the multiple realms / web services I intended to host
This resulted in designing a non-trivial complex relational database design to cater to the above requirements.
I did dwell into doing a POC with some components of this database design using JPA and Hibernate persistence, but soon realised it would take quite some effort to do t
OAuth with Authelia SSO (self-hosted)¶
Prerequisites¶
This mentor assumes you have run and configured Authelia. If you wish to get Authelia running posthaste, there are example docker-compose files in the Authelia Github repository. Also this guides assumes you run HedgeDoc via a Docker container. Find out how the mentioned config environment variables are mapped to entries in the config file at our configuration page.
Steps¶
- Set up the necessary OpenID Connect parameters in your Authelia as explained in the documentation at https://www.authelia.com/docs/configuration/identity-providers/oidc.html.
- Make sure to make safe secrets (such as )
- A completed section of the configuration may look like the accompanying (the chosen Client ID shouldn't actually be this guessable for safety reasons):
- Restart Authelia to utilize to new configuration and inspect for any errors in the log
- In the of HedgeDoc insert the following environment variables (you can choose different attributes for e.g. the display name - all available attributes you can find in the scope definitions):
- Run on HedgeDoc to apply your settings.
- Sign in to your HedgeDoc using your Authelia login
How to Install Authelia on Windows 11
Authelia is an open-source authentication and authorization server that can secure your web applications and APIs using a variety of authentication methods. Installing Authelia on Windows 11 can be done following these simple steps:
Prerequisites
Before you install Authelia on Windows 11, make sure you have the following software installed on your system:
- Git
- Docker Desktop
- Text Editor of your choice (Optional)
Installing Authelia
Open the command prompt by pressing Win + X and selecting Windows Terminal (Admin).
Clone the Authelia repository from by issuing the following command:
Change the directory to the cloned Authelia repository by issuing the following command:
Edit the file and uncomment the following lines:
Save and exit the file.
In the same directory, issue the following command to start the Authelia stack:
This command will start the Authelia stack in the background using Docker.
Once the stack is up and running, you can access the Authelia portal by navigating to on your web browser.
Congratulations! You have installed Authelia on Windows 11 successfully.
Conclusion
That's it! You can
Question about Authelia configuration
1. The problem Iām having:
Hey, itās me again, the guy with the strange questions.
I am templating the Authelia integration example for the opnsense plugin of Caddy. I am trying to fit things into the existing logic, and I want to know if the resulting Caddyfile of my template would work, or not. The caddyfile validation says itās okay, but Iām unsure since I donāt have any experience with forward_auth.
My main question is, are the additional empty allowed, or do they have to be removed (because if the forward_auth is successful, it wonāt ābreak outā of the to go to the next one.)
Thank you a lot.
2. Error messages and/or full log output:
3. Caddy version:
4. How I installed and ran Caddy:
a. System environment:
b. Command:
c. Service/unit/compose file:
d. My complete Caddy config:
5. Links to relevant resources:
caddyserver.comforward_auth (Caddyfile directive) - Caddy Documentation
Caddy is a powerful, enterprise-ready, open source web server with automatic HTTPS written in Go
Authelia Identity Providerļ
Created: 6 Jul 2025.
Why I need an Identity Providerļ
After I started hosting this public website on my home server, I realised how useful all the documentation was ā not just for me, but for others to refer to, especially when I met someone who wanted to know how something was done.
Being a amatuer photography enthusiast, it wasnāt long before I was longing to share my photos on my site as well. But it had to be behind an authenticated site. So I started thinking about how to go about achieving this. The more I searched, the more I realised it wasnāt going to easy.
What led me to Autheliaļ
The initial approachļ
I started out dreaming of the ideal solution, one that would be tailored to what I wanted:
cater for multiple realms / domains
enforce two factor authentication
single ID sign on for the multiple realms / web services I intended to host
This resulted in designing a non-trivial complex relational database design to cater to the above requirements.
I did dwell into doing a POC with some components of this database design using JPA and Hibernate persistence, but soon realised it would take quite some effort to do t
OAuth with Authelia SSO (self-hosted)¶
Prerequisites¶
This mentor assumes you have run and configured Authelia. If you wish to get Authelia running posthaste, there are example docker-compose files in the Authelia Github repository. Also this guides assumes you run HedgeDoc via a Docker container. Find out how the mentioned config environment variables are mapped to entries in the config file at our configuration page.
Steps¶
- Set up the necessary OpenID Connect parameters in your Authelia as explained in the documentation at https://www.authelia.com/docs/configuration/identity-providers/oidc.html.
- Make sure to make safe secrets (such as )
- A completed section of the configuration may look like the accompanying (the chosen Client ID shouldn't actually be this guessable for safety reasons):
- Restart Authelia to utilize to new configuration and inspect for any errors in the log
- In the of HedgeDoc insert the following environment variables (you can choose different attributes for e.g. the display name - all available attributes you can find in the scope definitions):
- Run on HedgeDoc to apply your settings.
- Sign in to your HedgeDoc using your Authelia login
How to Install Authelia on Windows 11
Authelia is an open-source authentication and authorization server that can secure your web applications and APIs using a variety of authentication methods. Installing Authelia on Windows 11 can be done following these simple steps:
Prerequisites
Before you install Authelia on Windows 11, make sure you have the following software installed on your system:
- Git
- Docker Desktop
- Text Editor of your choice (Optional)
Installing Authelia
Open the command prompt by pressing Win + X and selecting Windows Terminal (Admin).
Clone the Authelia repository from by issuing the following command:
Change the directory to the cloned Authelia repository by issuing the following command:
Edit the file and uncomment the following lines:
Save and exit the file.
In the same directory, issue the following command to start the Authelia stack:
This command will start the Authelia stack in the background using Docker.
Once the stack is up and running, you can access the Authelia portal by navigating to on your web browser.
Congratulations! You have installed Authelia on Windows 11 successfully.
Conclusion
That's it! You can