Attribute mail_attribute is not correcty taken into account

Fix local storage configuration in config template

Update NPM dependencies

Support 'redirect' parameter in /api/verify endpoint to support Traefik

Traefik handles auth forwarding but does not manage redirections like Nginx.
Therefore, Authelia...

Add links and tooltips at second factor stage to better guide the user

A link to U2F explains what is a U2F security key and how they are used.

A tooltip on U2F devic...

Reset password form sends 200 status when user does not exist

Reset password sends 200 status codes to avoid user enumeration.

Fix not working u2f when using Firefox

The u2f-api package does not use the official u2f script provided by Yubikey.
Unfortunately, it ...

Create a more real world example with multiple reverse proxies

Warning: you will need to update your /etc/hosts to take this change into
account for the exampl...

This setup is closer to real production infrastructure.

Add contributors to source and documentation to CONTRIBUTORS.md

Reduce font size and height of header

Fix bad redirection when no default_redirection_url is provided

Add support of basic auth for single-factor protected endpoints

One can now access a service using the basic authorization mechanism. Note the
service must not ...

Fix endpoints redirection on errors

From this commit on, api endpoints reply with a 401 error code and non api
endpoints redirect to...

Fix deployment commands using npm and provided in README

Use issuer and label when generating otpauthURL for TOTP

Issuer is customizable in configuration so that a company can set its own name
or website. If no...

Notifier is not mandatory when authentication method is single_factor for
all sub-domains since ...

Uses the crypt() function to do password encryption. This function handles
several schemes such ...

Start the U2F signing request when entering in the second factor page so that
the user only has ...

Mainly add badges and links to Google Play and Apple Store to get Google
Authenticator.

This URL is used when user access the authentication domain without providing
the 'redirect' que...

This timeout will prevent an attacker from using a session that has been
inactive for too long.
...

This refactoring aims to ease testability and clean up a lot of soft touchy
typings in test code...

Less restrictive email handler - replace gmail with generic

Release 3.6.0

Prevention agains cookie theft

These are 2 measures for improving security of cookies. One is used to
not send the cookie over ...

Allow anonymous user in SMTP notifier

Publish 'develop' tag to dockerhub

Remove configuration schema from source since it is generated

SMTP notifier should be able to send emails with anonymous user, i.e. without
providing username...

Add username to the 'already logged in' page

Block 'already logged in' page to unauthenticated user

Make per_subdomain_methods optional in configuration file

Do not include client/ and server/ in npm package

Add {dn} as an available matcher in LDAP groups filter

Sometimes, LDAP organization is such that groups membership cannot be computed
with username onl...

Add input sanitizer to LDAP client to protect against LDAP injections

Fix unhandled rejections in unit tests

Add test for headers forwarding feature

A window of 1 means the token is checked against current time slot T
as well as at time slot T-1...

Ensure Remote-User and Remote-Groups can be forwarded to the backend app.

Every public endpoints return 200 with harmonized error messages or 401

Now, /verify can return 401 or 403 depending on the user authentication.
Every public API endpoi...

Specify mail sender for SMTP and Gmail notifiers