atoti.SecurityConfig

final class atoti.SecurityConfig

The initial security config of the session.

Note

This feature is not part of the community edition: it needs to be unlocked.

Roles and restrictions can be configured with atoti.Session.security.

basic_authentication: BasicAuthenticationConfig

Always enabled even if sso is not None to facilitate the authentication of service/technical users.

client_certificate: ClientCertificateConfig | None = None

https: HttpsConfig | None = None

jwt: JwtConfig

same_site: Literal['lax', 'none', 'strict'] = 'lax'

The value to use for the SameSite attribute of the HTTP cookie sent by the session.

See https://web.dev/samesite-cookies-explained for more information.

Note

"none" requires the session to be served over HTTPS.

sso: KerberosConfig | LdapConfig | OidcConfig | None = None

The config to delegate authentication to a Single Sign-On provider.