RPJosh
/
authelia
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

docs: fix gitea example (#5156) 

Fixes the gitea example and a few other minor issues.

Signed-off-by: James Elliott <james-d-elliott@users.noreply.github.com>
pull/5157/head
James Elliott 2023-04-02 13:12:01 +10:00 committed by GitHub
parent 04ba3e6d6b
commit 19d1b1bbcb
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
21 changed files with 392 additions and 296 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

39
docs/content/en/integration/openid-connect/apache-guacamole/index.md
View File

@ -57,23 +57,28 @@ The following YAML configuration is an example __Authelia__
[Apache Guacamole] which will operate with the above example:
```yaml
- id: guacamole
description: Apache Guacamole
secret: '$pbkdf2-sha512$310000$c8p78n7pUMln0jzvd4aK4Q$JNRBzwAo0ek5qKn50cFzzvE9RXV88h1wJn5KGiHrD0YKtZaR/nCb2CJPOsKaPK0hjf.9yHxzQGZziziccp6Yng' # The digest of 'insecure_secret'.
public: false
authorization_policy: two_factor
redirect_uris:
- https://guacamole.example.com
scopes:
- openid
- profile
- groups
- email
response_types:
- id_token
grant_types:
- implicit
userinfo_signing_algorithm: none
identity_providers:
oidc:
## The other portions of the mandatory OpenID Connect 1.0 configuration go here.
## See: https://www.authelia.com/c/oidc
clients:
- id: guacamole
description: Apache Guacamole
secret: '$pbkdf2-sha512$310000$c8p78n7pUMln0jzvd4aK4Q$JNRBzwAo0ek5qKn50cFzzvE9RXV88h1wJn5KGiHrD0YKtZaR/nCb2CJPOsKaPK0hjf.9yHxzQGZziziccp6Yng' # The digest of 'insecure_secret'.
public: false
authorization_policy: two_factor
redirect_uris:
- https://guacamole.example.com
scopes:
- openid
- profile
- groups
- email
response_types:
- id_token
grant_types:
- implicit
userinfo_signing_algorithm: none
```
## See Also

57
docs/content/en/integration/openid-connect/argocd/index.md
View File

@ -60,32 +60,37 @@ The following YAML configuration is an example __Authelia__
which will operate with the above example:
```yaml
- id: argocd
description: Argo CD
secret: '$pbkdf2-sha512$310000$c8p78n7pUMln0jzvd4aK4Q$JNRBzwAo0ek5qKn50cFzzvE9RXV88h1wJn5KGiHrD0YKtZaR/nCb2CJPOsKaPK0hjf.9yHxzQGZziziccp6Yng' # The digest of 'insecure_secret'.
public: false
authorization_policy: two_factor
redirect_uris:
- https://argocd.example.com/auth/callback
scopes:
- openid
- groups
- email
- profile
userinfo_signing_algorithm: none
- id: argocd-cli
description: Argo CD (CLI)
public: true
authorization_policy: two_factor
redirect_uris:
- http://localhost:8085/auth/callback
scopes:
- openid
- groups
- email
- profile
- offline_access
userinfo_signing_algorithm: none
identity_providers:
oidc:
## The other portions of the mandatory OpenID Connect 1.0 configuration go here.
## See: https://www.authelia.com/c/oidc
clients:
- id: argocd
description: Argo CD
secret: '$pbkdf2-sha512$310000$c8p78n7pUMln0jzvd4aK4Q$JNRBzwAo0ek5qKn50cFzzvE9RXV88h1wJn5KGiHrD0YKtZaR/nCb2CJPOsKaPK0hjf.9yHxzQGZziziccp6Yng' # The digest of 'insecure_secret'.
public: false
authorization_policy: two_factor
redirect_uris:
- https://argocd.example.com/auth/callback
scopes:
- openid
- groups
- email
- profile
userinfo_signing_algorithm: none
- id: argocd-cli
description: Argo CD (CLI)
public: true
authorization_policy: two_factor
redirect_uris:
- http://localhost:8085/auth/callback
scopes:
- openid
- groups
- email
- profile
- offline_access
userinfo_signing_algorithm: none
```
## See Also

29
docs/content/en/integration/openid-connect/bookstack/index.md
View File

@ -62,18 +62,23 @@ The following YAML configuration is an example __Authelia__
which will operate with the above example:
```yaml
- id: bookstack
description: BookStack
secret: '$pbkdf2-sha512$310000$c8p78n7pUMln0jzvd4aK4Q$JNRBzwAo0ek5qKn50cFzzvE9RXV88h1wJn5KGiHrD0YKtZaR/nCb2CJPOsKaPK0hjf.9yHxzQGZziziccp6Yng' # The digest of 'insecure_secret'.
public: false
authorization_policy: two_factor
redirect_uris:
- https://bookstack.example.com/oidc/callback
scopes:
- openid
- profile
- email
userinfo_signing_algorithm: none
identity_providers:
oidc:
## The other portions of the mandatory OpenID Connect 1.0 configuration go here.
## See: https://www.authelia.com/c/oidc
clients:
- id: bookstack
description: BookStack
secret: '$pbkdf2-sha512$310000$c8p78n7pUMln0jzvd4aK4Q$JNRBzwAo0ek5qKn50cFzzvE9RXV88h1wJn5KGiHrD0YKtZaR/nCb2CJPOsKaPK0hjf.9yHxzQGZziziccp6Yng' # The digest of 'insecure_secret'.
public: false
authorization_policy: two_factor
redirect_uris:
- https://bookstack.example.com/oidc/callback
scopes:
- openid
- profile
- email
userinfo_signing_algorithm: none
```
## See Also

29
docs/content/en/integration/openid-connect/cloudflare-zerotrust/index.md
View File

@ -70,18 +70,23 @@ The following YAML configuration is an example __Authelia__
which will operate with the above example:
```yaml
- id: cloudflare
description: Cloudflare ZeroTrust
secret: '$pbkdf2-sha512$310000$c8p78n7pUMln0jzvd4aK4Q$JNRBzwAo0ek5qKn50cFzzvE9RXV88h1wJn5KGiHrD0YKtZaR/nCb2CJPOsKaPK0hjf.9yHxzQGZziziccp6Yng' # The digest of 'insecure_secret'.
public: false
authorization_policy: two_factor
redirect_uris:
- https://example-team.cloudflareaccess.com/cdn-cgi/access/callback
scopes:
- openid
- profile
- email
userinfo_signing_algorithm: none
identity_providers:
oidc:
## The other portions of the mandatory OpenID Connect 1.0 configuration go here.
## See: https://www.authelia.com/c/oidc
clients:
- id: cloudflare
description: Cloudflare ZeroTrust
secret: '$pbkdf2-sha512$310000$c8p78n7pUMln0jzvd4aK4Q$JNRBzwAo0ek5qKn50cFzzvE9RXV88h1wJn5KGiHrD0YKtZaR/nCb2CJPOsKaPK0hjf.9yHxzQGZziziccp6Yng' # The digest of 'insecure_secret'.
public: false
authorization_policy: two_factor
redirect_uris:
- https://example-team.cloudflareaccess.com/cdn-cgi/access/callback
scopes:
- openid
- profile
- email
userinfo_signing_algorithm: none
```
## See Also

33
docs/content/en/integration/openid-connect/firezone/index.md
View File

@ -71,20 +71,25 @@ The following YAML configuration is an example __Authelia__
will operate with the above example:
```yaml
- id: firezone
description: Firezone
secret: '$pbkdf2-sha512$310000$c8p78n7pUMln0jzvd4aK4Q$JNRBzwAo0ek5qKn50cFzzvE9RXV88h1wJn5KGiHrD0YKtZaR/nCb2CJPOsKaPK0hjf.9yHxzQGZziziccp6Yng' # The digest of 'insecure_secret'.
public: false
authorization_policy: two_factor
enforce_pkce: true
pkce_challenge_method: S256
redirect_uris:
- https://firezone.example.com/auth/oidc/authelia/callback
scopes:
- openid
- email
- profile
userinfo_signing_algorithm: none
identity_providers:
oidc:
## The other portions of the mandatory OpenID Connect 1.0 configuration go here.
## See: https://www.authelia.com/c/oidc
clients:
- id: firezone
description: Firezone
secret: '$pbkdf2-sha512$310000$c8p78n7pUMln0jzvd4aK4Q$JNRBzwAo0ek5qKn50cFzzvE9RXV88h1wJn5KGiHrD0YKtZaR/nCb2CJPOsKaPK0hjf.9yHxzQGZziziccp6Yng' # The digest of 'insecure_secret'.
public: false
authorization_policy: two_factor
enforce_pkce: true
pkce_challenge_method: S256
redirect_uris:
- https://firezone.example.com/auth/oidc/authelia/callback
scopes:
- openid
- email
- profile
userinfo_signing_algorithm: none
```
## See Also

35
docs/content/en/integration/openid-connect/gitea/index.md
View File

@ -81,25 +81,30 @@ The following YAML configuration is an example __Authelia__
will operate with the above example:
```yaml
- id: gitea
description: Gitea
secret: '$pbkdf2-sha512$310000$c8p78n7pUMln0jzvd4aK4Q$JNRBzwAo0ek5qKn50cFzzvE9RXV88h1wJn5KGiHrD0YKtZaR/nCb2CJPOsKaPK0hjf.9yHxzQGZziziccp6Yng' # The digest of 'insecure_secret'.
public: false
authorization_policy: two_factor
redirect_uris:
- https://gitea.example.com/user/oauth2/authelia/callback
scopes:
- openid
- email
- profile
userinfo_signing_algorithm: none
identity_providers:
oidc:
## The other portions of the mandatory OpenID Connect 1.0 configuration go here.
## See: https://www.authelia.com/c/oidc
clients:
- id: gitea
description: Gitea
secret: '$pbkdf2-sha512$310000$c8p78n7pUMln0jzvd4aK4Q$JNRBzwAo0ek5qKn50cFzzvE9RXV88h1wJn5KGiHrD0YKtZaR/nCb2CJPOsKaPK0hjf.9yHxzQGZziziccp6Yng' # The digest of 'insecure_secret'.
public: false
authorization_policy: two_factor
redirect_uris:
- https://gitea.example.com/user/oauth2/authelia/callback
scopes:
- openid
- email
- profile
userinfo_signing_algorithm: none
```
## See Also
- [Gitea] app.ini [Config Cheat Sheet - OpenID](https://docs.gitea.io/en-us/config-cheat-sheet/#openid-openid)
- [Gitea] app.ini [Config Cheat Sheet - Service](https://docs.gitea.io/en-us/config-cheat-sheet/#service-service)
- [Gitea] app.ini [Config Cheat Sheet](https://docs.gitea.io/en-us/config-cheat-sheet):
- [OpenID](https://docs.gitea.io/en-us/config-cheat-sheet/#openid-openid)
- [Service](https://docs.gitea.io/en-us/config-cheat-sheet/#service-service)
- [Authelia]: https://www.authelia.com
[Gitea]: https://gitea.io/
[OpenID Connect 1.0]: ../../openid-connect/introduction.md

31
docs/content/en/integration/openid-connect/gitlab/index.md
View File

@ -73,19 +73,24 @@ The following YAML configuration is an example __Authelia__
which will operate with the above example:
```yaml
- id: gitlab
description: GitLab
secret: '$pbkdf2-sha512$310000$c8p78n7pUMln0jzvd4aK4Q$JNRBzwAo0ek5qKn50cFzzvE9RXV88h1wJn5KGiHrD0YKtZaR/nCb2CJPOsKaPK0hjf.9yHxzQGZziziccp6Yng' # The digest of 'insecure_secret'.
public: false
authorization_policy: two_factor
redirect_uris:
- https://gitlab.example.com/users/auth/openid_connect/callback
scopes:
- openid
- profile
- groups
- email
userinfo_signing_algorithm: none
identity_providers:
oidc:
## The other portions of the mandatory OpenID Connect 1.0 configuration go here.
## See: https://www.authelia.com/c/oidc
clients:
- id: gitlab
description: GitLab
secret: '$pbkdf2-sha512$310000$c8p78n7pUMln0jzvd4aK4Q$JNRBzwAo0ek5qKn50cFzzvE9RXV88h1wJn5KGiHrD0YKtZaR/nCb2CJPOsKaPK0hjf.9yHxzQGZziziccp6Yng' # The digest of 'insecure_secret'.
public: false
authorization_policy: two_factor
redirect_uris:
- https://gitlab.example.com/users/auth/openid_connect/callback
scopes:
- openid
- profile
- groups
- email
userinfo_signing_algorithm: none
```
## See Also

31
docs/content/en/integration/openid-connect/grafana/index.md
View File

@ -91,19 +91,24 @@ The following YAML configuration is an example __Authelia__
which will operate with the above example:
```yaml
- id: grafana
description: Grafana
secret: '$pbkdf2-sha512$310000$c8p78n7pUMln0jzvd4aK4Q$JNRBzwAo0ek5qKn50cFzzvE9RXV88h1wJn5KGiHrD0YKtZaR/nCb2CJPOsKaPK0hjf.9yHxzQGZziziccp6Yng' # The digest of 'insecure_secret'.
public: false
authorization_policy: two_factor
redirect_uris:
- https://grafana.example.com/login/generic_oauth
scopes:
- openid
- profile
- groups
- email
userinfo_signing_algorithm: none
identity_providers:
oidc:
## The other portions of the mandatory OpenID Connect 1.0 configuration go here.
## See: https://www.authelia.com/c/oidc
clients:
- id: grafana
description: Grafana
secret: '$pbkdf2-sha512$310000$c8p78n7pUMln0jzvd4aK4Q$JNRBzwAo0ek5qKn50cFzzvE9RXV88h1wJn5KGiHrD0YKtZaR/nCb2CJPOsKaPK0hjf.9yHxzQGZziziccp6Yng' # The digest of 'insecure_secret'.
public: false
authorization_policy: two_factor
redirect_uris:
- https://grafana.example.com/login/generic_oauth
scopes:
- openid
- profile
- groups
- email
userinfo_signing_algorithm: none
```
## See Also

31
docs/content/en/integration/openid-connect/harbor/index.md
View File

@ -64,19 +64,24 @@ The following YAML configuration is an example __Authelia__
which will operate with the above example:
```yaml
- id: harbor
description: Harbor
secret: '$pbkdf2-sha512$310000$c8p78n7pUMln0jzvd4aK4Q$JNRBzwAo0ek5qKn50cFzzvE9RXV88h1wJn5KGiHrD0YKtZaR/nCb2CJPOsKaPK0hjf.9yHxzQGZziziccp6Yng' # The digest of 'insecure_secret'.
public: false
authorization_policy: two_factor
redirect_uris:
- https://harbor.example.com/c/oidc/callback
scopes:
- openid
- profile
- groups
- email
userinfo_signing_algorithm: none
identity_providers:
oidc:
## The other portions of the mandatory OpenID Connect 1.0 configuration go here.
## See: https://www.authelia.com/c/oidc
clients:
- id: harbor
description: Harbor
secret: '$pbkdf2-sha512$310000$c8p78n7pUMln0jzvd4aK4Q$JNRBzwAo0ek5qKn50cFzzvE9RXV88h1wJn5KGiHrD0YKtZaR/nCb2CJPOsKaPK0hjf.9yHxzQGZziziccp6Yng' # The digest of 'insecure_secret'.
public: false
authorization_policy: two_factor
redirect_uris:
- https://harbor.example.com/c/oidc/callback
scopes:
- openid
- profile
- groups
- email
userinfo_signing_algorithm: none
```
## See Also

33
docs/content/en/integration/openid-connect/hashicorp-vault/index.md
View File

@ -47,20 +47,25 @@ The following YAML configuration is an example __Authelia__
which will operate with the above example:
```yaml
- id: vault
description: HashiCorp Vault
secret: '$pbkdf2-sha512$310000$c8p78n7pUMln0jzvd4aK4Q$JNRBzwAo0ek5qKn50cFzzvE9RXV88h1wJn5KGiHrD0YKtZaR/nCb2CJPOsKaPK0hjf.9yHxzQGZziziccp6Yng' # The digest of 'insecure_secret'.
public: false
authorization_policy: two_factor
redirect_uris:
- https://vault.example.com/oidc/callback
- https://vault.example.com/ui/vault/auth/oidc/oidc/callback
scopes:
- openid
- profile
- groups
- email
userinfo_signing_algorithm: none
identity_providers:
oidc:
## The other portions of the mandatory OpenID Connect 1.0 configuration go here.
## See: https://www.authelia.com/c/oidc
clients:
- id: vault
description: HashiCorp Vault
secret: '$pbkdf2-sha512$310000$c8p78n7pUMln0jzvd4aK4Q$JNRBzwAo0ek5qKn50cFzzvE9RXV88h1wJn5KGiHrD0YKtZaR/nCb2CJPOsKaPK0hjf.9yHxzQGZziziccp6Yng' # The digest of 'insecure_secret'.
public: false
authorization_policy: two_factor
redirect_uris:
- https://vault.example.com/oidc/callback
- https://vault.example.com/ui/vault/auth/oidc/oidc/callback
scopes:
- openid
- profile
- groups
- email
userinfo_signing_algorithm: none
```
## See Also

33
docs/content/en/integration/openid-connect/komga/index.md
View File

@ -69,20 +69,25 @@ The following YAML configuration is an example __Authelia__
which will operate with the above example:
```yaml
- id: komga
description: Komga
secret: '$pbkdf2-sha512$310000$c8p78n7pUMln0jzvd4aK4Q$JNRBzwAo0ek5qKn50cFzzvE9RXV88h1wJn5KGiHrD0YKtZaR/nCb2CJPOsKaPK0hjf.9yHxzQGZziziccp6Yng' # The digest of 'insecure_secret'.
public: false
authorization_policy: two_factor
redirect_uris:
- https://komga.example.com/login/oauth2/code/authelia
scopes:
- openid
- profile
- email
grant_types:
- authorization_code
userinfo_signing_algorithm: none
identity_providers:
oidc:
## The other portions of the mandatory OpenID Connect 1.0 configuration go here.
## See: https://www.authelia.com/c/oidc
clients:
- id: komga
description: Komga
secret: '$pbkdf2-sha512$310000$c8p78n7pUMln0jzvd4aK4Q$JNRBzwAo0ek5qKn50cFzzvE9RXV88h1wJn5KGiHrD0YKtZaR/nCb2CJPOsKaPK0hjf.9yHxzQGZziziccp6Yng' # The digest of 'insecure_secret'.
public: false
authorization_policy: two_factor
redirect_uris:
- https://komga.example.com/login/oauth2/code/authelia
scopes:
- openid
- profile
- email
grant_types:
- authorization_code
userinfo_signing_algorithm: none
```
## See Also

33
docs/content/en/integration/openid-connect/minio/index.md
View File

@ -67,19 +67,24 @@ The following YAML configuration is an example __Authelia__
which will operate with the above example:
```yaml
- id: minio
description: MinIO
secret: '$pbkdf2-sha512$310000$c8p78n7pUMln0jzvd4aK4Q$JNRBzwAo0ek5qKn50cFzzvE9RXV88h1wJn5KGiHrD0YKtZaR/nCb2CJPOsKaPK0hjf.9yHxzQGZziziccp6Yng' # The digest of 'insecure_secret'.
public: false
authorization_policy: two_factor
redirect_uris:
- https://minio.example.com/apps/oidc_login/oidc
scopes:
- openid
- profile
- email
- groups
userinfo_signing_algorithm: none
identity_providers:
oidc:
## The other portions of the mandatory OpenID Connect 1.0 configuration go here.
## See: https://www.authelia.com/c/oidc
clients:
- id: minio
description: MinIO
secret: '$pbkdf2-sha512$310000$c8p78n7pUMln0jzvd4aK4Q$JNRBzwAo0ek5qKn50cFzzvE9RXV88h1wJn5KGiHrD0YKtZaR/nCb2CJPOsKaPK0hjf.9yHxzQGZziziccp6Yng' # The digest of 'insecure_secret'.
public: false
authorization_policy: two_factor
redirect_uris:
- https://minio.example.com/apps/oidc_login/oidc
scopes:
- openid
- profile
- email
- groups
userinfo_signing_algorithm: none
```
## See Also
@ -88,4 +93,4 @@ which will operate with the above example:
[MinIO]: https://minio.com/
[Authelia]: https://www.authelia.com
[OpenID Connect 1.0]: ../../openid-connect/introduction.md
[OpenID Connect 1.0]: ../../openid-connect/introduction.md

46
docs/content/en/integration/openid-connect/misago/index.md
View File

@ -15,10 +15,10 @@ community: true
## Tested Versions
- [Authelia](https://www.authelia.com)
- [v4.37.5](https://github.com/authelia/authelia/releases/tag/v4.37.5)
- [Misago](https://github.com/rafalp/Misago)
- [misago-image v0.29.1](https://github.com/tetricky/misago-image/releases/tag/v0.29.1)
* [Authelia](https://www.authelia.com)
* [v4.37.5](https://github.com/authelia/authelia/releases/tag/v4.37.5)
* [Misago](https://github.com/rafalp/Misago)
* [misago-image v0.29.1](https://github.com/tetricky/misago-image/releases/tag/v0.29.1)
## Before You Begin
@ -82,24 +82,28 @@ To configure [Misago] to utilize Authelia as an [OpenID Connect 1.0](https://www
The following YAML configuration is an example **Authelia** [client configuration](https://www.authelia.com/configuration/identity-providers/open-id-connect/#clients) for use with [Misago] which will operate with the above example:
```yaml
identity_providers:
oidc:
## The other portions of the mandatory OpenID Connect 1.0 configuration go here.
## See: https://www.authelia.com/c/oidc
clients:
- id: misago
secret: '$pbkdf2-sha512$310000$c8p78n7pUMln0jzvd4aK4Q$JNRBzwAo0ek5qKn50cFzzvE9RXV88h1wJn5KGiHrD0YKtZaR/nCb2CJPOsKaPK0hjf.9yHxzQGZziziccp6Yng' # The digest of 'insecure_secret'.
public: false
authorization_policy: two_factor
scopes:
- openid
- profile
- email
redirect_uris:
- https://misago.example.com/oauth2/complete/
grant_types:
- authorization_code
response_types:
- code
response_modes:
- query
userinfo_signing_algorithm: none
- id: misago
secret: '$pbkdf2-sha512$310000$c8p78n7pUMln0jzvd4aK4Q$JNRBzwAo0ek5qKn50cFzzvE9RXV88h1wJn5KGiHrD0YKtZaR/nCb2CJPOsKaPK0hjf.9yHxzQGZziziccp6Yng' # The digest of 'insecure_secret'.
public: false
authorization_policy: two_factor
scopes:
- openid
- profile
- email
redirect_uris:
- https://misago.example.com/oauth2/complete/
grant_types:
- authorization_code
response_types:
- code
response_modes:
- query
userinfo_signing_algorithm: none
```
---

31
docs/content/en/integration/openid-connect/nextcloud/index.md
View File

@ -85,19 +85,24 @@ The following YAML configuration is an example __Authelia__
which will operate with the above example:
```yaml
- id: nextcloud
description: NextCloud
secret: '$pbkdf2-sha512$310000$c8p78n7pUMln0jzvd4aK4Q$JNRBzwAo0ek5qKn50cFzzvE9RXV88h1wJn5KGiHrD0YKtZaR/nCb2CJPOsKaPK0hjf.9yHxzQGZziziccp6Yng' # The digest of 'insecure_secret'.
public: false
authorization_policy: two_factor
redirect_uris:
- https://nextcloud.example.com/apps/oidc_login/oidc
scopes:
- openid
- profile
- email
- groups
userinfo_signing_algorithm: none
identity_providers:
oidc:
## The other portions of the mandatory OpenID Connect 1.0 configuration go here.
## See: https://www.authelia.com/c/oidc
clients:
- id: nextcloud
description: NextCloud
secret: '$pbkdf2-sha512$310000$c8p78n7pUMln0jzvd4aK4Q$JNRBzwAo0ek5qKn50cFzzvE9RXV88h1wJn5KGiHrD0YKtZaR/nCb2CJPOsKaPK0hjf.9yHxzQGZziziccp6Yng' # The digest of 'insecure_secret'.
public: false
authorization_policy: two_factor
redirect_uris:
- https://nextcloud.example.com/apps/oidc_login/oidc
scopes:
- openid
- profile
- email
- groups
userinfo_signing_algorithm: none
```
## See Also

31
docs/content/en/integration/openid-connect/outline/index.md
View File

@ -64,19 +64,24 @@ The following YAML configuration is an example __Authelia__
which will operate with the above example:
```yaml
- id: outline
description: Outline
secret: '$pbkdf2-sha512$310000$c8p78n7pUMln0jzvd4aK4Q$JNRBzwAo0ek5qKn50cFzzvE9RXV88h1wJn5KGiHrD0YKtZaR/nCb2CJPOsKaPK0hjf.9yHxzQGZziziccp6Yng' # The digest of 'insecure_secret'.
public: false
authorization_policy: two_factor
redirect_uris:
- https://outline.example.com/auth/oidc.callback
scopes:
- openid
- offline_access
- profile
- email
userinfo_signing_algorithm: none
identity_providers:
oidc:
## The other portions of the mandatory OpenID Connect 1.0 configuration go here.
## See: https://www.authelia.com/c/oidc
clients:
- id: outline
description: Outline
secret: '$pbkdf2-sha512$310000$c8p78n7pUMln0jzvd4aK4Q$JNRBzwAo0ek5qKn50cFzzvE9RXV88h1wJn5KGiHrD0YKtZaR/nCb2CJPOsKaPK0hjf.9yHxzQGZziziccp6Yng' # The digest of 'insecure_secret'.
public: false
authorization_policy: two_factor
redirect_uris:
- https://outline.example.com/auth/oidc.callback
scopes:
- openid
- offline_access
- profile
- email
userinfo_signing_algorithm: none
```
## See Also

31
docs/content/en/integration/openid-connect/portainer/index.md
View File

@ -65,19 +65,24 @@ The following YAML configuration is an example __Authelia__
which will operate with the above example:
```yaml
- id: portainer
description: Portainer
secret: '$pbkdf2-sha512$310000$c8p78n7pUMln0jzvd4aK4Q$JNRBzwAo0ek5qKn50cFzzvE9RXV88h1wJn5KGiHrD0YKtZaR/nCb2CJPOsKaPK0hjf.9yHxzQGZziziccp6Yng' # The digest of 'insecure_secret'.
public: false
authorization_policy: two_factor
redirect_uris:
- https://portainer.example.com
scopes:
- openid
- profile
- groups
- email
userinfo_signing_algorithm: none
identity_providers:
oidc:
## The other portions of the mandatory OpenID Connect 1.0 configuration go here.
## See: https://www.authelia.com/c/oidc
clients:
- id: portainer
description: Portainer
secret: '$pbkdf2-sha512$310000$c8p78n7pUMln0jzvd4aK4Q$JNRBzwAo0ek5qKn50cFzzvE9RXV88h1wJn5KGiHrD0YKtZaR/nCb2CJPOsKaPK0hjf.9yHxzQGZziziccp6Yng' # The digest of 'insecure_secret'.
public: false
authorization_policy: two_factor
redirect_uris:
- https://portainer.example.com
scopes:
- openid
- profile
- groups
- email
userinfo_signing_algorithm: none
```
## See Also

38
docs/content/en/integration/openid-connect/proxmox/index.md
View File

@ -22,14 +22,9 @@ aliases:
* [Proxmox]
* 7.1-10
### Common Notes
## Before You Begin
1. You are *__required__* to utilize a unique client id for every client.
2. The client id on this page is merely an example and you can theoretically use any alphanumeric string.
3. You *__should not__* use the client secret in this example, We *__strongly recommend__* reading the
[Generating Client Secrets] guide instead.
[Generating Client Secrets]: ../specific-information.md#generating-client-secrets
{{% oidc-common %}}
### Specific Notes
@ -74,18 +69,23 @@ The following YAML configuration is an example __Authelia__
which will operate with the above example:
```yaml
- id: proxmox
description: Proxmox
secret: '$pbkdf2-sha512$310000$c8p78n7pUMln0jzvd4aK4Q$JNRBzwAo0ek5qKn50cFzzvE9RXV88h1wJn5KGiHrD0YKtZaR/nCb2CJPOsKaPK0hjf.9yHxzQGZziziccp6Yng' # The digest of 'insecure_secret'.
public: false
authorization_policy: two_factor
redirect_uris:
- https://proxmox.example.com
scopes:
- openid
- profile
- email
userinfo_signing_algorithm: none
identity_providers:
oidc:
## The other portions of the mandatory OpenID Connect 1.0 configuration go here.
## See: https://www.authelia.com/c/oidc
clients:
- id: proxmox
description: Proxmox
secret: '$pbkdf2-sha512$310000$c8p78n7pUMln0jzvd4aK4Q$JNRBzwAo0ek5qKn50cFzzvE9RXV88h1wJn5KGiHrD0YKtZaR/nCb2CJPOsKaPK0hjf.9yHxzQGZziziccp6Yng' # The digest of 'insecure_secret'.
public: false
authorization_policy: two_factor
redirect_uris:
- https://proxmox.example.com
scopes:
- openid
- profile
- email
userinfo_signing_algorithm: none
```
## See Also

29
docs/content/en/integration/openid-connect/seafile/index.md
View File

@ -73,18 +73,23 @@ The following YAML configuration is an example __Authelia__
which will operate with the above example:
```yaml
- id: seafile
description: Seafile
secret: '$pbkdf2-sha512$310000$c8p78n7pUMln0jzvd4aK4Q$JNRBzwAo0ek5qKn50cFzzvE9RXV88h1wJn5KGiHrD0YKtZaR/nCb2CJPOsKaPK0hjf.9yHxzQGZziziccp6Yng' # The digest of 'insecure_secret'.
public: false
authorization_policy: two_factor
redirect_uris:
- https://seafile.example.com/oauth/callback/
scopes:
- openid
- profile
- email
userinfo_signing_algorithm: none
identity_providers:
oidc:
## The other portions of the mandatory OpenID Connect 1.0 configuration go here.
## See: https://www.authelia.com/c/oidc
clients:
- id: seafile
description: Seafile
secret: '$pbkdf2-sha512$310000$c8p78n7pUMln0jzvd4aK4Q$JNRBzwAo0ek5qKn50cFzzvE9RXV88h1wJn5KGiHrD0YKtZaR/nCb2CJPOsKaPK0hjf.9yHxzQGZziziccp6Yng' # The digest of 'insecure_secret'.
public: false
authorization_policy: two_factor
redirect_uris:
- https://seafile.example.com/oauth/callback/
scopes:
- openid
- profile
- email
userinfo_signing_algorithm: none
```
## See Also

8
docs/content/en/integration/openid-connect/specific-information.md
View File

@ -46,9 +46,11 @@ which case the secret should be encrypted and not be stored in plaintext. The mo
client configurations will be stored in the database with the secret both salted and peppered.
Authelia currently does not implement any of the specifications or protocols which require secrets being accessible in
the clear and currently has no plans to implement any of these. As such it's *__strongly discouraged and heavily
deprecated__* and we instead recommended that users remove this from their configuration entirely and use the
[Generating Client Secrets](#generating-client-secrets) guide.
the clear such as most notibly the `client_secret_jwt` grant and currently we no plans to implement any of these. As
such it's *__strongly discouraged and heavily deprecated__* and we instead recommended that users remove this from their
configuration entirely and use the [Generating Client Secrets](#generating-client-secrets) guide. At such a time as we
support one of these protocols we will very likely only allow plaintext for clients configured expressly for this
purpose i.e. a client that only allows `client_secret_jwt` and no other grants.
Plaintext is either denoted by the `$plaintext$` prefix where everything after the prefix is the secret. In addition if
the secret does not start with the `$` character it's considered as a plaintext secret for the time being but is

29
docs/content/en/integration/openid-connect/synapse/index.md
View File

@ -67,18 +67,23 @@ The following YAML configuration is an example __Authelia__
which will operate with the above example:
```yaml
- id: synapse
description: Synapse
secret: '$pbkdf2-sha512$310000$c8p78n7pUMln0jzvd4aK4Q$JNRBzwAo0ek5qKn50cFzzvE9RXV88h1wJn5KGiHrD0YKtZaR/nCb2CJPOsKaPK0hjf.9yHxzQGZziziccp6Yng' # The digest of 'insecure_secret'.
public: false
authorization_policy: two_factor
redirect_uris:
- https://synapse.example.com/_synapse/client/oidc/callback
scopes:
- openid
- profile
- email
userinfo_signing_algorithm: none
identity_providers:
oidc:
## The other portions of the mandatory OpenID Connect 1.0 configuration go here.
## See: https://www.authelia.com/c/oidc
clients:
- id: synapse
description: Synapse
secret: '$pbkdf2-sha512$310000$c8p78n7pUMln0jzvd4aK4Q$JNRBzwAo0ek5qKn50cFzzvE9RXV88h1wJn5KGiHrD0YKtZaR/nCb2CJPOsKaPK0hjf.9yHxzQGZziziccp6Yng' # The digest of 'insecure_secret'.
public: false
authorization_policy: two_factor
redirect_uris:
- https://synapse.example.com/_synapse/client/oidc/callback
scopes:
- openid
- profile
- email
userinfo_signing_algorithm: none
```
## See Also

31
docs/content/en/integration/openid-connect/synology-dsm/index.md
View File

@ -69,19 +69,24 @@ The following YAML configuration is an example __Authelia__
which will operate with the above example:
```yaml
- id: synology-dsm
description: Synology DSM
secret: '$pbkdf2-sha512$310000$c8p78n7pUMln0jzvd4aK4Q$JNRBzwAo0ek5qKn50cFzzvE9RXV88h1wJn5KGiHrD0YKtZaR/nCb2CJPOsKaPK0hjf.9yHxzQGZziziccp6Yng' # The digest of 'insecure_secret'.
public: false
authorization_policy: two_factor
redirect_uris:
- https://dsm.example.com
scopes:
- openid
- profile
- groups
- email
userinfo_signing_algorithm: none
identity_providers:
oidc:
## The other portions of the mandatory OpenID Connect 1.0 configuration go here.
## See: https://www.authelia.com/c/oidc
clients:
- id: synology-dsm
description: Synology DSM
secret: '$pbkdf2-sha512$310000$c8p78n7pUMln0jzvd4aK4Q$JNRBzwAo0ek5qKn50cFzzvE9RXV88h1wJn5KGiHrD0YKtZaR/nCb2CJPOsKaPK0hjf.9yHxzQGZziziccp6Yng' # The digest of 'insecure_secret'.
public: false
authorization_policy: two_factor
redirect_uris:
- https://dsm.example.com
scopes:
- openid
- profile
- groups
- email
userinfo_signing_algorithm: none
```
## See Also