security: #Security configuration (LDAP, SAML, Password Policy, ...) anonAccessEnabled: true #When set, anonymous access will be enabled for the set of permissions assigned to the default "anonymous user" anonAccessToBuildInfosDisabled: false #Deprecated from Artifactory version 6.6 #This setting gives you more control over anonymous access, and allows you to prevent anonymous users from accessing the Build module where all information related to builds is found, even when anonymous access is enabled.
security: #Security configuration (LDAP, SAML, Password Policy, ...) userLockPolicy: #User lock policy configuration enabled: false #When set, the lock policy will be enabled loginAttempts: 5 #Lock user after exceeding max failed login attempts
security: #Security configuration (LDAP, SAML, Password Policy, ...) passwordSettings: #Password settings encryptionPolicy: REQUIRED | SUPPORTED | UNSUPPORTED #Determines the password requirements from users identified to Artifactory from a remote client such as Maven. The options are: (1) Supported (default): Users can authenticate using secure encrypted passwords or clear-text passwords. (2) Required: Users must authenticate using secure encrypted passwords. Clear-text authentication fails. (3) Unsupported: Only clear-text passwords can be used for authentication expirationPolicy: #Password expiration policy enabled: false #When checked, password expiration policy is enabled passwordMaxAge: 60 #The time interval in which users will be obligated to change their password notifyByEmail: true #When set, users receive an email notification a few days before their password expires
security: #Security configuration (LDAP, SAML, Password Policy, ...) ldapSettings: #LDAP server(s) settings ldap1: #The unique ID of the LDAP setting emailAttribute: email1 #An attribute that can be used to map a user's email to a user created automatically by Artifactory ldapPoisoningProtection: true #When set to true (recommended), Artifactory will protect against LDAP poisoning by filtering out users exposed to vulnerability ldapUrl: ldap://myserver:myport/dc=sampledomain,dc=com #Location of the LDAP server in the following format: ldap://myserver:myport/dc=sampledomain,dc=com. The URL should include the base DN used to search for and/or authenticate users search: managerDn: manager1 #The full DN of a user with permissions that allow querying the LDAP server. When working with LDAP Groups, the user should have permissions for any extra group attributes such as memberOf managerPassword: managerpass1 #The password of the user binding to the LDAP server when using "search" authentication searchBase: searchbase1 #The Context name in which to search relative to the base DN in the LDAP URL. Multiple search bases may be specified separated by a pipe ( | ). This is parameter is optional searchFilter: searchfilter1 #A filter expression used to search for the user DN that is used in LDAP authentication. Possible examples are: uid={0}) - this would search for a username match on the uid attribute. Authentication using LDAP is performed from the DN found if successful searchSubTree: true #When set, enables deep search through the sub-tree of the LDAP URL + Search Base userDnPattern: userppatt1 #A DN pattern used to log users directly in to the LDAP database. This pattern is used to create a DN string for "direct" user authentication, and is relative to the base DN in the LDAP URL. For example: uid={0},ou=People allowUserToAccessProfile: false #When set, users created after logging in using LDAP will be able to access their profile page in Artifactory autoCreateUser: true #When set, Artifactory will automatically create new users for those who have logged in using LDAP, and assign them to the default groups enabled: true #When set, these settings are enabled pagingSupportEnabled: true # When set,enables paging support.
security: #Security configuration (LDAP, SAML, Password Policy, ...) ldapGroupSettings: #LDAP group(s) settings name1: #The unique ID of the LDAP group setting descriptionAttribute: desc1 #An attribute on the group entry which denoting the group description. Used when importing groups enabledLdap: enabled1 #The LDAP setting (from the ldapSettings section) you want to use for group retrieval filter: filter1 #The LDAP filter used to search for group entries. Used when importing groups groupBaseDn: groupbase1 #A search base for group entry DNs, relative to the DN on the LDAP server's URL (and not relative to the LDAP Setting's "searchBase"). Used when importing groups groupMemberAttribute: uniqueMember #A multi-value attribute on the group entry containing user DNs or IDs of the group members (e.g., uniqueMember,member) groupNameAttribute: groupName #Attribute on the group entry denoting the group name. Used when importing groups strategy: STATIC | DYNAMIC | HIERARCHY #Group synchronization strategy subTree: false
security: #Security configuration (LDAP, SAML, Password Policy, ...) crowdSettings: #Crowd / JIRA users management configuration enable: false applicationName: myApp #The application name configured for Artifactory in Crowd / JIRA password: password #The application password configured for Artifactory in Crowd / JIRA serverUrl: http://someurl.com #The full URL of the server to use sessionValidationInterval: 5 #The time window, in minutes, in which the session does not need to be revalidated enableIntegration: false #Set this checkbox to enable security integration with Atlassian Crowd or JIRA noAutoUserCreation: false #When set to true, authenticated users will not be automatically created inside Artifactory. Instead, for every request from a Crowd / JIRA user, the user is temporarily associated with default groups (if such groups are defined), and the permissions for these groups applies useDefaultProxy: false #If set and a default proxy definition exists, it is used to pass through to the Crowd / JIRA Server allowUserToAccessProfile : false customCookieTokenKey: "" directAuthentication : false overrideAllGroupsUponLogin : false
security: #Security configuration (LDAP, SAML, Password Policy, ...) samlSettings: #SAML SSO settings enableIntegration: false #When set, SAML integration is enabled and users may be authenticated via a SAML server certificate: certificate #The X.509 certificate that contains the public key. The certificate must contain the public key to allow Artifactory to verify sign-in requests emailAttribute: #If noAutoUserCreation is set to false or an internal user exists, Artifactory will set the user's email to the value in this attribute that is returned by the SAML login XML response. groupAttribute: #The group attribute in the SAML login XML response loginUrl: http://someurl.com/login #The identity provider login URL (when you try to login, the service provider redirects to this URL) logoutUrl: http://someurl.com/logout #The identity provider logout URL (when you try to logout, the service provider redirects to this URL) nameIdAttribute: #The attribute that will be used as the username parameter in SAML SSO. noAutoUserCreation: true #When set, for every request from a SAML user, the user is temporarily associated with default groups (if such groups are defined), and the permissions for these groups apply. Without automatic user creation, you must manually create the user inside Artifactory to manage user permissions not attached to their default groups. When not set, authenticated users are automatically created in Artifactory. serviceProviderName: serviceProvider #The Artifactory name in the SAML federation allowUserToAccessProfile: false #Auto created users will have access to their profile page and will be able to perform actions such as generate API key autoRedirect: false #When set, clicking on the login link will direct users to the configured SAML login URL syncGroups: false #When set, in addition to the groups the user is already associated with, he will also be associated with the groups returned in the SAML login response. Note that the user's association with the returned groups is not persistent. It is only valid for the current login session. verifyAudienceRestriction: True #From Artifactory 7.7, this is set by default, and cannot be disabled. When set, an additional verification step will be added opposite the SAML server to validate SAML SSO authentication requests. The verifyAudienceRestriction attribute for SAML SSO is set by default in the JFrog Platform for new Artifactory installations. When upgrading from a previous Artifactory release, this parameter is disabled only if SAML was already configured.
security: #Security configuration (LDAP, SAML, Password Policy, ...) oauthSettings: #OAuth SSO settings enableIntegration: false #If set to true, authentication with an OAuth provider is enabled and Artifactory will display all OAuth providers configured. If not set, authentication is by Artifactory user/password persistUsers: false #When set, Artifactory will create an Artifactory user account for any new user logging in to Artifactory for the first time allowUserToAccessProfile: false oauthProvidersSettings: github-oauth: id: id #The Unique ID of the OAuth Provider setting enabled: false #When set, the OAuth SSO provider setting is enabled apiUrl: https://api.github.com/user #The URL used for API access, if needed to get user data (e.g. https://api.github.com/user) authUrl: https://github.com/login/oauth/authorize #The URL used for the initial authentication step (e.g. https://github.com/login/oauth/authorize) basicUrl: https://github.com/ #The URL used to acquire a token via basic auth (e.g. https://github.com/) providerType: github secret: secret #The OAuth2 shared secret, given by the provider tokenUrl: http://someurl.com/token #The URL used to acquire a token from the provider
security: #Security configuration (LDAP, SAML, Password Policy, ...) httpSsoSettings: #HTTP SSO configuration httpSsoProxied: false #When set, Artifactory trusts incoming requests and reuses the remote user originally set on the request by the SSO of the HTTP server remoteUserRequestVariable: remoter #The name of the HTTP request variable to use for extracting the user identity. Default is: REMOTE_USER allowUserToAccessProfile: false #When set, users created after authenticating using HTTP SSO, will be able to access their profile. This means they are able to generate their API Key and set their password for future use noAutoUserCreation: false #When set to true, authenticated users will not be automatically created inside Artifactory. Instead, for every request from a Crowd / JIRA user, the user is temporarily associated with default groups (if such groups are defined), and the permissions for these groups applies syncLdapGroups: false