Security Configurations in Artifactory YAML

security:   #Security configuration (LDAP, SAML, Password Policy, ...)
  anonAccessEnabled: true   #When set, anonymous access will be enabled for the set of permissions assigned to the default "anonymous user"
  anonAccessToBuildInfosDisabled: false   #Deprecated from Artifactory version 6.6 #This setting gives you more control over anonymous access, and allows you to prevent anonymous users from accessing the Build module where all information related to builds is found, even when anonymous access is enabled.

security:   #Security configuration (LDAP, SAML, Password Policy, ...)
  userLockPolicy:   #User lock policy configuration
    enabled: false   #When set, the lock policy will be enabled
    loginAttempts: 5   #Lock user after exceeding max failed login attempts

security:   #Security configuration (LDAP, SAML, Password Policy, ...)
  passwordSettings:   #Password settings
    encryptionPolicy: REQUIRED | SUPPORTED | UNSUPPORTED   #Determines the password requirements from users identified to Artifactory from a remote client such as Maven. The options are: (1) Supported (default): Users can authenticate using secure encrypted passwords or clear-text passwords. (2) Required: Users must authenticate using secure encrypted passwords. Clear-text authentication fails. (3) Unsupported: Only clear-text passwords can be used for authentication
    expirationPolicy:   #Password expiration policy
      enabled: false   #When checked, password expiration policy is enabled
      passwordMaxAge: 60   #The time interval in which users will be obligated to change their password
      notifyByEmail: true   #When set, users receive an email notification a few days before their password expires

security:   #Security configuration (LDAP, SAML, Password Policy, ...)
  ldapSettings:   #LDAP server(s) settings
    ldap1:   #The unique ID of the LDAP setting
      emailAttribute: email1   #An attribute that can be used to map a user's email to a user created automatically by Artifactory
      ldapPoisoningProtection: true   #When set to true (recommended), Artifactory will protect against LDAP poisoning by filtering out users exposed to vulnerability
      ldapUrl: ldap://myserver:myport/dc=sampledomain,dc=com   #Location of the LDAP server in the following format: ldap://myserver:myport/dc=sampledomain,dc=com. The URL should include the base DN used to search for and/or authenticate users
      search:
        managerDn: manager1   #The full DN of a user with permissions that allow querying the LDAP server. When working with LDAP Groups, the user should have permissions for any extra group attributes such as memberOf
        managerPassword: managerpass1   #The password of the user binding to the LDAP server when using "search" authentication
        searchBase: searchbase1   #The Context name in which to search relative to the base DN in the LDAP URL. Multiple search bases may be specified separated by a pipe ( | ). This is parameter is optional
        searchFilter: searchfilter1   #A filter expression used to search for the user DN that is used in LDAP authentication. Possible examples are: uid={0}) - this would search for a username match on the uid attribute. Authentication using LDAP is performed from the DN found if successful
        searchSubTree: true   #When set, enables deep search through the sub-tree of the LDAP URL + Search Base
      userDnPattern: userppatt1  #A DN pattern used to log users directly in to the LDAP database. This pattern is used to create a DN string for "direct" user authentication, and is relative to the base DN in the LDAP URL. For example: uid={0},ou=People
      allowUserToAccessProfile: false   #When set, users created after logging in using LDAP will be able to access their profile page in Artifactory
      autoCreateUser: true   #When set, Artifactory will automatically create new users for those who have logged in using LDAP, and assign them to the default groups
      enabled: true   #When set, these settings are enabled
      pagingSupportEnabled: true # When set,enables paging support.

security:   #Security configuration (LDAP, SAML, Password Policy, ...)
  ldapGroupSettings:  #LDAP group(s) settings
    name1:   #The unique ID of the LDAP group setting
      descriptionAttribute: desc1   #An attribute on the group entry which denoting the group description. Used when importing groups
      enabledLdap: enabled1   #The LDAP setting (from the ldapSettings section) you want to use for group retrieval
      filter: filter1   #The LDAP filter used to search for group entries. Used when importing groups
      groupBaseDn: groupbase1   #A search base for group entry DNs, relative to the DN on the LDAP server's URL (and not relative to the LDAP Setting's "searchBase"). Used when importing groups
      groupMemberAttribute: uniqueMember   #A multi-value attribute on the group entry containing user DNs or IDs of the group members (e.g., uniqueMember,member)
      groupNameAttribute: groupName   #Attribute on the group entry denoting the group name. Used when importing groups
      strategy: STATIC | DYNAMIC | HIERARCHY  #Group synchronization strategy
      subTree: false

security:   #Security configuration (LDAP, SAML, Password Policy, ...)
  crowdSettings:   #Crowd / JIRA users management configuration
    enable: false
    applicationName: myApp   #The application name configured for Artifactory in Crowd / JIRA
    password: password   #The application password configured for Artifactory in Crowd / JIRA
    serverUrl: http://someurl.com   #The full URL of the server to use
    sessionValidationInterval: 5  #The time window, in minutes, in which the session does not need to be revalidated
    enableIntegration: false   #Set this checkbox to enable security integration with Atlassian Crowd or JIRA
    noAutoUserCreation: false  #When set to true, authenticated users will not be automatically created inside Artifactory. Instead, for every request from a Crowd / JIRA user, the user is temporarily associated with default groups (if such groups are defined), and the permissions for these groups applies
    useDefaultProxy: false   #If set and a default proxy definition exists, it is used to pass through to the Crowd / JIRA Server
    allowUserToAccessProfile : false
    customCookieTokenKey: ""
    directAuthentication : false
    overrideAllGroupsUponLogin : false 

security:   #Security configuration (LDAP, SAML, Password Policy, ...)
  samlSettings:   #SAML SSO settings
    enableIntegration: false   #When set, SAML integration is enabled and users may be authenticated via a SAML server
    certificate: certificate   #The X.509 certificate that contains the public key. The certificate must contain the public key to allow Artifactory to verify sign-in requests
    emailAttribute:   #If noAutoUserCreation is set to false or an internal user exists, Artifactory will set the user's email to the value in this attribute that is returned by the SAML login XML response.
    groupAttribute:   #The group attribute in the SAML login XML response
    loginUrl: http://someurl.com/login   #The identity provider login URL (when you try to login, the service provider redirects to this URL)
    logoutUrl: http://someurl.com/logout  #The identity provider logout URL (when you try to logout, the service provider redirects to this URL)
    nameIdAttribute: #The attribute that will be used as the username parameter in SAML SSO.
    noAutoUserCreation: true   #When set, for every request from a SAML user, the user is temporarily associated with default groups (if such groups are defined), and the permissions for these groups apply. Without automatic user creation, you must manually create the user inside Artifactory to manage user permissions not attached to their default groups. When not set, authenticated users are automatically created in Artifactory.
    serviceProviderName: serviceProvider   #The Artifactory name in the SAML federation
    allowUserToAccessProfile: false   #Auto created users will have access to their profile page and will be able to perform actions such as generate API key
    autoRedirect: false   #When set, clicking on the login link will direct users to the configured SAML login URL
    syncGroups: false   #When set, in addition to the groups the user is already associated with, he will also be associated with the groups returned in the SAML login response. Note that the user's association with the returned groups is not persistent. It is only valid for the current login session.
    verifyAudienceRestriction: True #From Artifactory 7.7, this is set by default, and cannot be disabled. When set, an additional verification step will be added opposite the SAML server to validate SAML SSO authentication requests. The verifyAudienceRestriction attribute for SAML SSO is set by default in the JFrog Platform for new Artifactory installations. When upgrading from a previous Artifactory release, this parameter is disabled only if SAML was already configured.

security:   #Security configuration (LDAP, SAML, Password Policy, ...)
  oauthSettings:   #OAuth SSO settings
    enableIntegration: false   #If set to true, authentication with an OAuth provider is enabled and Artifactory will display all OAuth providers configured. If not set, authentication is by Artifactory user/password
    persistUsers: false   #When set, Artifactory will create an Artifactory user account for any new user logging in to Artifactory for the first time
    allowUserToAccessProfile: false 
    oauthProvidersSettings: 
      github-oauth: 
        id: id   #The Unique ID of the OAuth Provider setting
        enabled: false   #When set, the OAuth SSO provider setting is enabled
        apiUrl: https://api.github.com/user   #The URL used for API access, if needed to get user data (e.g. https://api.github.com/user)
        authUrl: https://github.com/login/oauth/authorize   #The URL used for the initial authentication step (e.g.  https://github.com/login/oauth/authorize)
        basicUrl: https://github.com/   #The URL used to acquire a token via basic auth (e.g. https://github.com/)
        providerType: github 
        secret: secret  #The OAuth2 shared secret, given by the provider
        tokenUrl: http://someurl.com/token   #The URL used to acquire a token from the provider

security:   #Security configuration (LDAP, SAML, Password Policy, ...)
  httpSsoSettings:   #HTTP SSO configuration
    httpSsoProxied: false   #When set, Artifactory trusts incoming requests and reuses the remote user originally set on the request by the SSO of the HTTP server
    remoteUserRequestVariable: remoter   #The name of the HTTP request variable to use for extracting the user identity. Default is: REMOTE_USER
    allowUserToAccessProfile: false   #When set, users created after authenticating using HTTP SSO, will be able to access their profile. This means they are able to generate their API Key and set their password for future use
    noAutoUserCreation: false  #When set to true, authenticated users will not be automatically created inside Artifactory. Instead, for every request from a Crowd / JIRA user, the user is temporarily associated with default groups (if such groups are defined), and the permissions for these groups applies
    syncLdapGroups: false