Admin Authentication
Hermes SEG utilizes Authelia Authentication Server for controlling access to the the Hermes SEG Administration Console. The Authentication Settings page allows you to change many Authelia settings to suit your needs.
JWT Secret
The JWT Secret is used to craft JWT tokens by the identity verification process. Hermes SEG randomly generates a 32-character alphanumeric string at the time of installation. It's usually not necessary to change this field. However, if you wish to change it, click the button and the system will generate a new one (Figure 1).
Figure 1
If you wish to generate your own, Hermes SEG will accept a minimum 32-character and a maximum 64-character alphanumeric string only.
Storage Encryption Key
The Storage Encryption Key is used to encrypt data in the database. Hermes SEG randomly generated a 32-character alphanumeric string at the time of installation. It's usually not necessary to change this field unless the key getgets compromised. if you wish to change it, click the button and the system will generate a new one (Figure 2).
Figure 2
If you wish to generate your own, Hermes SEG will accept a minimum 32-character and a maximum 64-character alphanumeric string only.
Please note that if you generate a new Storage Encryption Key, it will break authentication for adminsSystem Users that utilize 2FA devices.
Before generating a new Storage Encryption Key, ensure you first delete any 2FA devices for each System User by navigating to System --> System Users --> Edit, click the Delete 2FA Devices button in the Edit System User page and set the Access Control Policy to One Factor. After generating a new Storage Encryption Key, you can go back and set the Access Control Policy to Two Factor and have the users re-register their 2FA authentication devices. (Figure 3).
Figure 3
Reset Password Function
The Reset Password Function field allows to you switch between Enable (Default) which enables the Reset password link and functionality in the Sign in screen and Disable which disables the link and functionality in the Sign in screen (Figure 2). The Reset Password Function only works if the System Users have valid e-mail addresses assigned to them. E-mail addresses can be assigned to System Users by navigating to System --> System Users.
Figure 2
Session Name
The Session Name field specified the name of the session cookie which by default it's set to hermes_session. It's usually not necessary to change this field. If you with to change it, it must be an alphanumeric string with undescores (_) or dashes (-) in the name.
Session Secret
The Session Secret field is a string that is used to encrypt session data with Redis. Hermes SEG randomly generates a 20-character alphanumeric string at the time of installation. It's usually not necessary to change this field. However, if you wish to change it, click the button and the system will generate a new one (Figure 3).
Figure 3
If you wish to generate your own, Hermes SEG will accept a minimum 12-character and a maximum 20-character alphanumeric string only.
Session Expiration
The Session Expiration field specifies the amount of time (in seconds) before the cookie expires and the session is destroyed. By default it's set to 3600 (1 Hour). This can be overridden by clicking on the Remember me checkbox on the Sign in screen (Figure 4).
Figure 4
Session Inactivity
The Session Inactivity field specifies the amount of time (in seconds) the user can be inactive before the session is destroyed. By default it's set to 3600 (1 Hour).
SMTP Host
The SMTP Host field specifies the IP/Host Name of the e-mail server that Authelia will use to send out various notifications such password resets, 2FA notifications etc. By default it's set to the Hermes SEG appliance loopback address [127.0.0.1]. It's normally not necessary to change this field.
SMTP Port
The SMTP Port field specifies the port number of the e-mail server that Authelia will use to send out various notifications such password resets, 2FA notifications etc. By default it's set to the Hermes SEG internal port 10026. It's normally not necessary to change this field.
SMTP From Address
The SMTP From Address field is the e-mail address that Authelia will use to send out various notifications such password resets, 2FA notifications etc. It should be set to a valid e-mail address for a domain Hermes SEG relays.
SMTP E-mail Subject
The SMTP E-mail Subject field specifies the subject format all Authelia outgoing e-mails will have. By default it's set to [Hermes SEG] {title]. The {title} is a variable authelia uses for various functions and should be left intact.
No of Login Failures Before User is Banned
The No of Login Failures Before User is Banned field specified how many times a system user is allowed to fail authentication before that user is banned and not able to login. By default it's set to 5.
Time Between Failed Logins
The Time Between Failed Logins field specifies the period of time (in seconds) Authelia will search for failed login attempts to count them as failed logins before banning a user. By default it's set to 120 (2 minutes).
Banned Time
The Banned Time field specifies the amount of time (in seconds) a user will be banned after failing authentication. By default it's set to 300 (5 minutes).
Log Level
The Log Level field specifies the log level used by Authelia. It can be set to Trace, Debug, Info, Warn or Error. Setting the Log Level to Trace will expose the /debug/vars and /debug/pprof endpoints which should never be enabled unless absolutely necessary during troubleshooting. By default it's set to Debug.
Log Format
The Log Format field specified the log type used by Authelia. It can be set to JSON or Text. By default it's set to Text.