Environment
On this page
Environment variables are applied after the configuration file meaning anything specified as part of the environment overrides the configuration files.
Note
It is not possible to configure several sections at this time, these include but may not be limited to the rules section in access control, the clients section in the OpenID Connect 1.0 Provider, the cookies section of in session, and the authz section in the server endpoints.
Prefix
The environment variables must be prefixed with AUTHELIA_
. All environment variables that start with this prefix must
be for configuration. Any supplied environment variables that have this prefix and are not meant for configuration will
likely result in an error or even worse misconfiguration.
Kubernetes
Please see the Kubernetes Integration: Enable Service Links documentation for specific requirements for using Authelia with Kubernetes.
Mapping
Configuration options are mapped by their name. Levels of indentation / subkeys are replaced by underscores.
For example this YAML configuration:
Can be replaced by this environment variable configuration:
Environment Variables
Configuration Key | Environment Variable |
---|---|
theme | AUTHELIA_THEME |
certificates_directory | AUTHELIA_CERTIFICATES_DIRECTORY |
default_2fa_method | AUTHELIA_DEFAULT_2FA_METHOD |
log.level | AUTHELIA_LOG_LEVEL |
log.format | AUTHELIA_LOG_FORMAT |
log.file_path | AUTHELIA_LOG_FILE_PATH |
log.keep_stdout | AUTHELIA_LOG_KEEP_STDOUT |
identity_providers.oidc.enable_client_debug_messages | AUTHELIA_IDENTITY_PROVIDERS_OIDC_ENABLE_CLIENT_DEBUG_MESSAGES |
identity_providers.oidc.minimum_parameter_entropy | AUTHELIA_IDENTITY_PROVIDERS_OIDC_MINIMUM_PARAMETER_ENTROPY |
identity_providers.oidc.enforce_pkce | AUTHELIA_IDENTITY_PROVIDERS_OIDC_ENFORCE_PKCE |
identity_providers.oidc.enable_pkce_plain_challenge | AUTHELIA_IDENTITY_PROVIDERS_OIDC_ENABLE_PKCE_PLAIN_CHALLENGE |
identity_providers.oidc.enable_jwt_access_token_stateless_introspection | AUTHELIA_IDENTITY_PROVIDERS_OIDC_ENABLE_JWT_ACCESS_TOKEN_STATELESS_INTROSPECTION |
identity_providers.oidc.discovery_signed_response_alg | AUTHELIA_IDENTITY_PROVIDERS_OIDC_DISCOVERY_SIGNED_RESPONSE_ALG |
identity_providers.oidc.discovery_signed_response_key_id | AUTHELIA_IDENTITY_PROVIDERS_OIDC_DISCOVERY_SIGNED_RESPONSE_KEY_ID |
identity_providers.oidc.require_pushed_authorization_requests | AUTHELIA_IDENTITY_PROVIDERS_OIDC_REQUIRE_PUSHED_AUTHORIZATION_REQUESTS |
identity_providers.oidc.cors.endpoints | AUTHELIA_IDENTITY_PROVIDERS_OIDC_CORS_ENDPOINTS |
identity_providers.oidc.cors.allowed_origins_from_client_redirect_uris | AUTHELIA_IDENTITY_PROVIDERS_OIDC_CORS_ALLOWED_ORIGINS_FROM_CLIENT_REDIRECT_URIS |
identity_providers.oidc.lifespans.access_token | AUTHELIA_IDENTITY_PROVIDERS_OIDC_LIFESPANS_ACCESS_TOKEN |
identity_providers.oidc.lifespans.authorize_code | AUTHELIA_IDENTITY_PROVIDERS_OIDC_LIFESPANS_AUTHORIZE_CODE |
identity_providers.oidc.lifespans.id_token | AUTHELIA_IDENTITY_PROVIDERS_OIDC_LIFESPANS_ID_TOKEN |
identity_providers.oidc.lifespans.refresh_token | AUTHELIA_IDENTITY_PROVIDERS_OIDC_LIFESPANS_REFRESH_TOKEN |
identity_providers.oidc.lifespans.jwt_secured_authorization | AUTHELIA_IDENTITY_PROVIDERS_OIDC_LIFESPANS_JWT_SECURED_AUTHORIZATION |
identity_providers.oidc | AUTHELIA_IDENTITY_PROVIDERS_OIDC |
authentication_backend.password_reset.disable | AUTHELIA_AUTHENTICATION_BACKEND_PASSWORD_RESET_DISABLE |
authentication_backend.password_reset.custom_url | AUTHELIA_AUTHENTICATION_BACKEND_PASSWORD_RESET_CUSTOM_URL |
authentication_backend.refresh_interval | AUTHELIA_AUTHENTICATION_BACKEND_REFRESH_INTERVAL |
authentication_backend.file.path | AUTHELIA_AUTHENTICATION_BACKEND_FILE_PATH |
authentication_backend.file.watch | AUTHELIA_AUTHENTICATION_BACKEND_FILE_WATCH |
authentication_backend.file.password.algorithm | AUTHELIA_AUTHENTICATION_BACKEND_FILE_PASSWORD_ALGORITHM |
authentication_backend.file.password.argon2.variant | AUTHELIA_AUTHENTICATION_BACKEND_FILE_PASSWORD_ARGON2_VARIANT |
authentication_backend.file.password.argon2.iterations | AUTHELIA_AUTHENTICATION_BACKEND_FILE_PASSWORD_ARGON2_ITERATIONS |
authentication_backend.file.password.argon2.memory | AUTHELIA_AUTHENTICATION_BACKEND_FILE_PASSWORD_ARGON2_MEMORY |
authentication_backend.file.password.argon2.parallelism | AUTHELIA_AUTHENTICATION_BACKEND_FILE_PASSWORD_ARGON2_PARALLELISM |
authentication_backend.file.password.argon2.key_length | AUTHELIA_AUTHENTICATION_BACKEND_FILE_PASSWORD_ARGON2_KEY_LENGTH |
authentication_backend.file.password.argon2.salt_length | AUTHELIA_AUTHENTICATION_BACKEND_FILE_PASSWORD_ARGON2_SALT_LENGTH |
authentication_backend.file.password.sha2crypt.variant | AUTHELIA_AUTHENTICATION_BACKEND_FILE_PASSWORD_SHA2CRYPT_VARIANT |
authentication_backend.file.password.sha2crypt.iterations | AUTHELIA_AUTHENTICATION_BACKEND_FILE_PASSWORD_SHA2CRYPT_ITERATIONS |
authentication_backend.file.password.sha2crypt.salt_length | AUTHELIA_AUTHENTICATION_BACKEND_FILE_PASSWORD_SHA2CRYPT_SALT_LENGTH |
authentication_backend.file.password.pbkdf2.variant | AUTHELIA_AUTHENTICATION_BACKEND_FILE_PASSWORD_PBKDF2_VARIANT |
authentication_backend.file.password.pbkdf2.iterations | AUTHELIA_AUTHENTICATION_BACKEND_FILE_PASSWORD_PBKDF2_ITERATIONS |
authentication_backend.file.password.pbkdf2.salt_length | AUTHELIA_AUTHENTICATION_BACKEND_FILE_PASSWORD_PBKDF2_SALT_LENGTH |
authentication_backend.file.password.bcrypt.variant | AUTHELIA_AUTHENTICATION_BACKEND_FILE_PASSWORD_BCRYPT_VARIANT |
authentication_backend.file.password.bcrypt.cost | AUTHELIA_AUTHENTICATION_BACKEND_FILE_PASSWORD_BCRYPT_COST |
authentication_backend.file.password.scrypt.iterations | AUTHELIA_AUTHENTICATION_BACKEND_FILE_PASSWORD_SCRYPT_ITERATIONS |
authentication_backend.file.password.scrypt.block_size | AUTHELIA_AUTHENTICATION_BACKEND_FILE_PASSWORD_SCRYPT_BLOCK_SIZE |
authentication_backend.file.password.scrypt.parallelism | AUTHELIA_AUTHENTICATION_BACKEND_FILE_PASSWORD_SCRYPT_PARALLELISM |
authentication_backend.file.password.scrypt.key_length | AUTHELIA_AUTHENTICATION_BACKEND_FILE_PASSWORD_SCRYPT_KEY_LENGTH |
authentication_backend.file.password.scrypt.salt_length | AUTHELIA_AUTHENTICATION_BACKEND_FILE_PASSWORD_SCRYPT_SALT_LENGTH |
authentication_backend.file.search.email | AUTHELIA_AUTHENTICATION_BACKEND_FILE_SEARCH_EMAIL |
authentication_backend.file.search.case_insensitive | AUTHELIA_AUTHENTICATION_BACKEND_FILE_SEARCH_CASE_INSENSITIVE |
authentication_backend.ldap.address | AUTHELIA_AUTHENTICATION_BACKEND_LDAP_ADDRESS |
authentication_backend.ldap.implementation | AUTHELIA_AUTHENTICATION_BACKEND_LDAP_IMPLEMENTATION |
authentication_backend.ldap.timeout | AUTHELIA_AUTHENTICATION_BACKEND_LDAP_TIMEOUT |
authentication_backend.ldap.start_tls | AUTHELIA_AUTHENTICATION_BACKEND_LDAP_START_TLS |
authentication_backend.ldap.tls.minimum_version | AUTHELIA_AUTHENTICATION_BACKEND_LDAP_TLS_MINIMUM_VERSION |
authentication_backend.ldap.tls.maximum_version | AUTHELIA_AUTHENTICATION_BACKEND_LDAP_TLS_MAXIMUM_VERSION |
authentication_backend.ldap.tls.skip_verify | AUTHELIA_AUTHENTICATION_BACKEND_LDAP_TLS_SKIP_VERIFY |
authentication_backend.ldap.tls.server_name | AUTHELIA_AUTHENTICATION_BACKEND_LDAP_TLS_SERVER_NAME |
authentication_backend.ldap.base_dn | AUTHELIA_AUTHENTICATION_BACKEND_LDAP_BASE_DN |
authentication_backend.ldap.additional_users_dn | AUTHELIA_AUTHENTICATION_BACKEND_LDAP_ADDITIONAL_USERS_DN |
authentication_backend.ldap.users_filter | AUTHELIA_AUTHENTICATION_BACKEND_LDAP_USERS_FILTER |
authentication_backend.ldap.additional_groups_dn | AUTHELIA_AUTHENTICATION_BACKEND_LDAP_ADDITIONAL_GROUPS_DN |
authentication_backend.ldap.groups_filter | AUTHELIA_AUTHENTICATION_BACKEND_LDAP_GROUPS_FILTER |
authentication_backend.ldap.group_search_mode | AUTHELIA_AUTHENTICATION_BACKEND_LDAP_GROUP_SEARCH_MODE |
authentication_backend.ldap.attributes.distinguished_name | AUTHELIA_AUTHENTICATION_BACKEND_LDAP_ATTRIBUTES_DISTINGUISHED_NAME |
authentication_backend.ldap.attributes.username | AUTHELIA_AUTHENTICATION_BACKEND_LDAP_ATTRIBUTES_USERNAME |
authentication_backend.ldap.attributes.display_name | AUTHELIA_AUTHENTICATION_BACKEND_LDAP_ATTRIBUTES_DISPLAY_NAME |
authentication_backend.ldap.attributes.mail | AUTHELIA_AUTHENTICATION_BACKEND_LDAP_ATTRIBUTES_MAIL |
authentication_backend.ldap.attributes.member_of | AUTHELIA_AUTHENTICATION_BACKEND_LDAP_ATTRIBUTES_MEMBER_OF |
authentication_backend.ldap.attributes.group_name | AUTHELIA_AUTHENTICATION_BACKEND_LDAP_ATTRIBUTES_GROUP_NAME |
authentication_backend.ldap.permit_referrals | AUTHELIA_AUTHENTICATION_BACKEND_LDAP_PERMIT_REFERRALS |
authentication_backend.ldap.permit_unauthenticated_bind | AUTHELIA_AUTHENTICATION_BACKEND_LDAP_PERMIT_UNAUTHENTICATED_BIND |
authentication_backend.ldap.permit_feature_detection_failure | AUTHELIA_AUTHENTICATION_BACKEND_LDAP_PERMIT_FEATURE_DETECTION_FAILURE |
authentication_backend.ldap.user | AUTHELIA_AUTHENTICATION_BACKEND_LDAP_USER |
session.name | AUTHELIA_SESSION_NAME |
session.same_site | AUTHELIA_SESSION_SAME_SITE |
session.expiration | AUTHELIA_SESSION_EXPIRATION |
session.inactivity | AUTHELIA_SESSION_INACTIVITY |
session.remember_me | AUTHELIA_SESSION_REMEMBER_ME |
session | AUTHELIA_SESSION |
session.redis.host | AUTHELIA_SESSION_REDIS_HOST |
session.redis.port | AUTHELIA_SESSION_REDIS_PORT |
session.redis.username | AUTHELIA_SESSION_REDIS_USERNAME |
session.redis.database_index | AUTHELIA_SESSION_REDIS_DATABASE_INDEX |
session.redis.maximum_active_connections | AUTHELIA_SESSION_REDIS_MAXIMUM_ACTIVE_CONNECTIONS |
session.redis.minimum_idle_connections | AUTHELIA_SESSION_REDIS_MINIMUM_IDLE_CONNECTIONS |
session.redis.tls.minimum_version | AUTHELIA_SESSION_REDIS_TLS_MINIMUM_VERSION |
session.redis.tls.maximum_version | AUTHELIA_SESSION_REDIS_TLS_MAXIMUM_VERSION |
session.redis.tls.skip_verify | AUTHELIA_SESSION_REDIS_TLS_SKIP_VERIFY |
session.redis.tls.server_name | AUTHELIA_SESSION_REDIS_TLS_SERVER_NAME |
session.redis.high_availability.sentinel_name | AUTHELIA_SESSION_REDIS_HIGH_AVAILABILITY_SENTINEL_NAME |
session.redis.high_availability.sentinel_username | AUTHELIA_SESSION_REDIS_HIGH_AVAILABILITY_SENTINEL_USERNAME |
session.redis.high_availability.route_by_latency | AUTHELIA_SESSION_REDIS_HIGH_AVAILABILITY_ROUTE_BY_LATENCY |
session.redis.high_availability.route_randomly | AUTHELIA_SESSION_REDIS_HIGH_AVAILABILITY_ROUTE_RANDOMLY |
totp.disable | AUTHELIA_TOTP_DISABLE |
totp.issuer | AUTHELIA_TOTP_ISSUER |
totp.algorithm | AUTHELIA_TOTP_ALGORITHM |
totp.digits | AUTHELIA_TOTP_DIGITS |
totp.period | AUTHELIA_TOTP_PERIOD |
totp.skew | AUTHELIA_TOTP_SKEW |
totp.secret_size | AUTHELIA_TOTP_SECRET_SIZE |
totp.allowed_algorithms | AUTHELIA_TOTP_ALLOWED_ALGORITHMS |
totp.allowed_digits | AUTHELIA_TOTP_ALLOWED_DIGITS |
totp.allowed_periods | AUTHELIA_TOTP_ALLOWED_PERIODS |
totp.disable_reuse_security_policy | AUTHELIA_TOTP_DISABLE_REUSE_SECURITY_POLICY |
duo_api.disable | AUTHELIA_DUO_API_DISABLE |
duo_api.hostname | AUTHELIA_DUO_API_HOSTNAME |
duo_api.enable_self_enrollment | AUTHELIA_DUO_API_ENABLE_SELF_ENROLLMENT |
access_control.default_policy | AUTHELIA_ACCESS_CONTROL_DEFAULT_POLICY |
ntp.address | AUTHELIA_NTP_ADDRESS |
ntp.version | AUTHELIA_NTP_VERSION |
ntp.max_desync | AUTHELIA_NTP_MAX_DESYNC |
ntp.disable_startup_check | AUTHELIA_NTP_DISABLE_STARTUP_CHECK |
ntp.disable_failure | AUTHELIA_NTP_DISABLE_FAILURE |
regulation.max_retries | AUTHELIA_REGULATION_MAX_RETRIES |
regulation.find_time | AUTHELIA_REGULATION_FIND_TIME |
regulation.ban_time | AUTHELIA_REGULATION_BAN_TIME |
storage.local.path | AUTHELIA_STORAGE_LOCAL_PATH |
storage.mysql.address | AUTHELIA_STORAGE_MYSQL_ADDRESS |
storage.mysql.database | AUTHELIA_STORAGE_MYSQL_DATABASE |
storage.mysql.username | AUTHELIA_STORAGE_MYSQL_USERNAME |
storage.mysql.timeout | AUTHELIA_STORAGE_MYSQL_TIMEOUT |
storage.mysql.tls.minimum_version | AUTHELIA_STORAGE_MYSQL_TLS_MINIMUM_VERSION |
storage.mysql.tls.maximum_version | AUTHELIA_STORAGE_MYSQL_TLS_MAXIMUM_VERSION |
storage.mysql.tls.skip_verify | AUTHELIA_STORAGE_MYSQL_TLS_SKIP_VERIFY |
storage.mysql.tls.server_name | AUTHELIA_STORAGE_MYSQL_TLS_SERVER_NAME |
storage.postgres.address | AUTHELIA_STORAGE_POSTGRES_ADDRESS |
storage.postgres.database | AUTHELIA_STORAGE_POSTGRES_DATABASE |
storage.postgres.username | AUTHELIA_STORAGE_POSTGRES_USERNAME |
storage.postgres.timeout | AUTHELIA_STORAGE_POSTGRES_TIMEOUT |
storage.postgres.schema | AUTHELIA_STORAGE_POSTGRES_SCHEMA |
storage.postgres.tls.minimum_version | AUTHELIA_STORAGE_POSTGRES_TLS_MINIMUM_VERSION |
storage.postgres.tls.maximum_version | AUTHELIA_STORAGE_POSTGRES_TLS_MAXIMUM_VERSION |
storage.postgres.tls.skip_verify | AUTHELIA_STORAGE_POSTGRES_TLS_SKIP_VERIFY |
storage.postgres.tls.server_name | AUTHELIA_STORAGE_POSTGRES_TLS_SERVER_NAME |
notifier.disable_startup_check | AUTHELIA_NOTIFIER_DISABLE_STARTUP_CHECK |
notifier.filesystem.filename | AUTHELIA_NOTIFIER_FILESYSTEM_FILENAME |
notifier.smtp.address | AUTHELIA_NOTIFIER_SMTP_ADDRESS |
notifier.smtp.timeout | AUTHELIA_NOTIFIER_SMTP_TIMEOUT |
notifier.smtp.username | AUTHELIA_NOTIFIER_SMTP_USERNAME |
notifier.smtp.identifier | AUTHELIA_NOTIFIER_SMTP_IDENTIFIER |
notifier.smtp.sender | AUTHELIA_NOTIFIER_SMTP_SENDER |
notifier.smtp.subject | AUTHELIA_NOTIFIER_SMTP_SUBJECT |
notifier.smtp.startup_check_address | AUTHELIA_NOTIFIER_SMTP_STARTUP_CHECK_ADDRESS |
notifier.smtp.disable_require_tls | AUTHELIA_NOTIFIER_SMTP_DISABLE_REQUIRE_TLS |
notifier.smtp.disable_html_emails | AUTHELIA_NOTIFIER_SMTP_DISABLE_HTML_EMAILS |
notifier.smtp.disable_starttls | AUTHELIA_NOTIFIER_SMTP_DISABLE_STARTTLS |
notifier.smtp.tls.minimum_version | AUTHELIA_NOTIFIER_SMTP_TLS_MINIMUM_VERSION |
notifier.smtp.tls.maximum_version | AUTHELIA_NOTIFIER_SMTP_TLS_MAXIMUM_VERSION |
notifier.smtp.tls.skip_verify | AUTHELIA_NOTIFIER_SMTP_TLS_SKIP_VERIFY |
notifier.smtp.tls.server_name | AUTHELIA_NOTIFIER_SMTP_TLS_SERVER_NAME |
notifier.template_path | AUTHELIA_NOTIFIER_TEMPLATE_PATH |
server.address | AUTHELIA_SERVER_ADDRESS |
server.asset_path | AUTHELIA_SERVER_ASSET_PATH |
server.disable_healthcheck | AUTHELIA_SERVER_DISABLE_HEALTHCHECK |
server.tls.certificate | AUTHELIA_SERVER_TLS_CERTIFICATE |
server.tls.key | AUTHELIA_SERVER_TLS_KEY |
server.tls.client_certificates | AUTHELIA_SERVER_TLS_CLIENT_CERTIFICATES |
server.headers.csp_template | AUTHELIA_SERVER_HEADERS_CSP_TEMPLATE |
server.endpoints.enable_pprof | AUTHELIA_SERVER_ENDPOINTS_ENABLE_PPROF |
server.endpoints.enable_expvars | AUTHELIA_SERVER_ENDPOINTS_ENABLE_EXPVARS |
server.buffers.read | AUTHELIA_SERVER_BUFFERS_READ |
server.buffers.write | AUTHELIA_SERVER_BUFFERS_WRITE |
server.timeouts.read | AUTHELIA_SERVER_TIMEOUTS_READ |
server.timeouts.write | AUTHELIA_SERVER_TIMEOUTS_WRITE |
server.timeouts.idle | AUTHELIA_SERVER_TIMEOUTS_IDLE |
telemetry.metrics.enabled | AUTHELIA_TELEMETRY_METRICS_ENABLED |
telemetry.metrics.address | AUTHELIA_TELEMETRY_METRICS_ADDRESS |
telemetry.metrics.buffers.read | AUTHELIA_TELEMETRY_METRICS_BUFFERS_READ |
telemetry.metrics.buffers.write | AUTHELIA_TELEMETRY_METRICS_BUFFERS_WRITE |
telemetry.metrics.timeouts.read | AUTHELIA_TELEMETRY_METRICS_TIMEOUTS_READ |
telemetry.metrics.timeouts.write | AUTHELIA_TELEMETRY_METRICS_TIMEOUTS_WRITE |
telemetry.metrics.timeouts.idle | AUTHELIA_TELEMETRY_METRICS_TIMEOUTS_IDLE |
webauthn.disable | AUTHELIA_WEBAUTHN_DISABLE |
webauthn.display_name | AUTHELIA_WEBAUTHN_DISPLAY_NAME |
webauthn.attestation_conveyance_preference | AUTHELIA_WEBAUTHN_ATTESTATION_CONVEYANCE_PREFERENCE |
webauthn.user_verification | AUTHELIA_WEBAUTHN_USER_VERIFICATION |
webauthn.timeout | AUTHELIA_WEBAUTHN_TIMEOUT |
password_policy.standard.enabled | AUTHELIA_PASSWORD_POLICY_STANDARD_ENABLED |
password_policy.standard.min_length | AUTHELIA_PASSWORD_POLICY_STANDARD_MIN_LENGTH |
password_policy.standard.max_length | AUTHELIA_PASSWORD_POLICY_STANDARD_MAX_LENGTH |
password_policy.standard.require_uppercase | AUTHELIA_PASSWORD_POLICY_STANDARD_REQUIRE_UPPERCASE |
password_policy.standard.require_lowercase | AUTHELIA_PASSWORD_POLICY_STANDARD_REQUIRE_LOWERCASE |
password_policy.standard.require_number | AUTHELIA_PASSWORD_POLICY_STANDARD_REQUIRE_NUMBER |
password_policy.standard.require_special | AUTHELIA_PASSWORD_POLICY_STANDARD_REQUIRE_SPECIAL |
password_policy.zxcvbn.enabled | AUTHELIA_PASSWORD_POLICY_ZXCVBN_ENABLED |
password_policy.zxcvbn.min_score | AUTHELIA_PASSWORD_POLICY_ZXCVBN_MIN_SCORE |
privacy_policy.enabled | AUTHELIA_PRIVACY_POLICY_ENABLED |
privacy_policy.require_user_acceptance | AUTHELIA_PRIVACY_POLICY_REQUIRE_USER_ACCEPTANCE |
privacy_policy.policy_url | AUTHELIA_PRIVACY_POLICY_POLICY_URL |
identity_validation.reset_password.jwt_lifespan | AUTHELIA_IDENTITY_VALIDATION_RESET_PASSWORD_JWT_LIFESPAN |
identity_validation.reset_password.jwt_algorithm | AUTHELIA_IDENTITY_VALIDATION_RESET_PASSWORD_JWT_ALGORITHM |
identity_validation.elevated_session.code_lifespan | AUTHELIA_IDENTITY_VALIDATION_ELEVATED_SESSION_CODE_LIFESPAN |
identity_validation.elevated_session.elevation_lifespan | AUTHELIA_IDENTITY_VALIDATION_ELEVATED_SESSION_ELEVATION_LIFESPAN |
identity_validation.elevated_session.characters | AUTHELIA_IDENTITY_VALIDATION_ELEVATED_SESSION_CHARACTERS |
identity_validation.elevated_session.require_second_factor | AUTHELIA_IDENTITY_VALIDATION_ELEVATED_SESSION_REQUIRE_SECOND_FACTOR |
identity_validation.elevated_session.skip_second_factor | AUTHELIA_IDENTITY_VALIDATION_ELEVATED_SESSION_SKIP_SECOND_FACTOR |