RPJosh
/
authelia
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

docs: fix gitea example (#5156) 

Fixes the gitea example and a few other minor issues.

Signed-off-by: James Elliott <james-d-elliott@users.noreply.github.com>
pull/5157/head
James Elliott 2023-04-02 13:12:01 +10:00 committed by GitHub
parent 04ba3e6d6b
commit 19d1b1bbcb
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
21 changed files with 392 additions and 296 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

39
docs/content/en/integration/openid-connect/apache-guacamole/index.md
View File

@ -57,23 +57,28 @@ The following YAML configuration is an example __Authelia__
[Apache Guacamole] which will operate with the above example: [Apache Guacamole] which will operate with the above example:
```yaml ```yaml
- id: guacamole identity_providers:
description: Apache Guacamole oidc:
secret: '$pbkdf2-sha512$310000$c8p78n7pUMln0jzvd4aK4Q$JNRBzwAo0ek5qKn50cFzzvE9RXV88h1wJn5KGiHrD0YKtZaR/nCb2CJPOsKaPK0hjf.9yHxzQGZziziccp6Yng' # The digest of 'insecure_secret'. ## The other portions of the mandatory OpenID Connect 1.0 configuration go here.
public: false ## See: https://www.authelia.com/c/oidc
authorization_policy: two_factor clients:
redirect_uris: - id: guacamole
- https://guacamole.example.com description: Apache Guacamole
scopes: secret: '$pbkdf2-sha512$310000$c8p78n7pUMln0jzvd4aK4Q$JNRBzwAo0ek5qKn50cFzzvE9RXV88h1wJn5KGiHrD0YKtZaR/nCb2CJPOsKaPK0hjf.9yHxzQGZziziccp6Yng' # The digest of 'insecure_secret'.
- openid public: false
- profile authorization_policy: two_factor
- groups redirect_uris:
- email - https://guacamole.example.com
response_types: scopes:
- id_token - openid
grant_types: - profile
- implicit - groups
userinfo_signing_algorithm: none - email
response_types:
- id_token
grant_types:
- implicit
userinfo_signing_algorithm: none
``` ```
## See Also ## See Also

57
docs/content/en/integration/openid-connect/argocd/index.md
View File

@ -60,32 +60,37 @@ The following YAML configuration is an example __Authelia__
which will operate with the above example: which will operate with the above example:
```yaml ```yaml
- id: argocd identity_providers:
description: Argo CD oidc:
secret: '$pbkdf2-sha512$310000$c8p78n7pUMln0jzvd4aK4Q$JNRBzwAo0ek5qKn50cFzzvE9RXV88h1wJn5KGiHrD0YKtZaR/nCb2CJPOsKaPK0hjf.9yHxzQGZziziccp6Yng' # The digest of 'insecure_secret'. ## The other portions of the mandatory OpenID Connect 1.0 configuration go here.
public: false ## See: https://www.authelia.com/c/oidc
authorization_policy: two_factor clients:
redirect_uris: - id: argocd
- https://argocd.example.com/auth/callback description: Argo CD
scopes: secret: '$pbkdf2-sha512$310000$c8p78n7pUMln0jzvd4aK4Q$JNRBzwAo0ek5qKn50cFzzvE9RXV88h1wJn5KGiHrD0YKtZaR/nCb2CJPOsKaPK0hjf.9yHxzQGZziziccp6Yng' # The digest of 'insecure_secret'.
- openid public: false
- groups authorization_policy: two_factor
- email redirect_uris:
- profile - https://argocd.example.com/auth/callback
userinfo_signing_algorithm: none scopes:
- id: argocd-cli - openid
description: Argo CD (CLI) - groups
public: true - email
authorization_policy: two_factor - profile
redirect_uris: userinfo_signing_algorithm: none
- http://localhost:8085/auth/callback - id: argocd-cli
scopes: description: Argo CD (CLI)
- openid public: true
- groups authorization_policy: two_factor
- email redirect_uris:
- profile - http://localhost:8085/auth/callback
- offline_access scopes:
userinfo_signing_algorithm: none - openid
- groups
- email
- profile
- offline_access
userinfo_signing_algorithm: none
``` ```
## See Also ## See Also

29
docs/content/en/integration/openid-connect/bookstack/index.md
View File

@ -62,18 +62,23 @@ The following YAML configuration is an example __Authelia__
which will operate with the above example: which will operate with the above example:
```yaml ```yaml
- id: bookstack identity_providers:
description: BookStack oidc:
secret: '$pbkdf2-sha512$310000$c8p78n7pUMln0jzvd4aK4Q$JNRBzwAo0ek5qKn50cFzzvE9RXV88h1wJn5KGiHrD0YKtZaR/nCb2CJPOsKaPK0hjf.9yHxzQGZziziccp6Yng' # The digest of 'insecure_secret'. ## The other portions of the mandatory OpenID Connect 1.0 configuration go here.
public: false ## See: https://www.authelia.com/c/oidc
authorization_policy: two_factor clients:
redirect_uris: - id: bookstack
- https://bookstack.example.com/oidc/callback description: BookStack
scopes: secret: '$pbkdf2-sha512$310000$c8p78n7pUMln0jzvd4aK4Q$JNRBzwAo0ek5qKn50cFzzvE9RXV88h1wJn5KGiHrD0YKtZaR/nCb2CJPOsKaPK0hjf.9yHxzQGZziziccp6Yng' # The digest of 'insecure_secret'.
- openid public: false
- profile authorization_policy: two_factor
- email redirect_uris:
userinfo_signing_algorithm: none - https://bookstack.example.com/oidc/callback
scopes:
- openid
- profile
- email
userinfo_signing_algorithm: none
``` ```
## See Also ## See Also

29
docs/content/en/integration/openid-connect/cloudflare-zerotrust/index.md
View File

@ -70,18 +70,23 @@ The following YAML configuration is an example __Authelia__
which will operate with the above example: which will operate with the above example:
```yaml ```yaml
- id: cloudflare identity_providers:
description: Cloudflare ZeroTrust oidc:
secret: '$pbkdf2-sha512$310000$c8p78n7pUMln0jzvd4aK4Q$JNRBzwAo0ek5qKn50cFzzvE9RXV88h1wJn5KGiHrD0YKtZaR/nCb2CJPOsKaPK0hjf.9yHxzQGZziziccp6Yng' # The digest of 'insecure_secret'. ## The other portions of the mandatory OpenID Connect 1.0 configuration go here.
public: false ## See: https://www.authelia.com/c/oidc
authorization_policy: two_factor clients:
redirect_uris: - id: cloudflare
- https://example-team.cloudflareaccess.com/cdn-cgi/access/callback description: Cloudflare ZeroTrust
scopes: secret: '$pbkdf2-sha512$310000$c8p78n7pUMln0jzvd4aK4Q$JNRBzwAo0ek5qKn50cFzzvE9RXV88h1wJn5KGiHrD0YKtZaR/nCb2CJPOsKaPK0hjf.9yHxzQGZziziccp6Yng' # The digest of 'insecure_secret'.
- openid public: false
- profile authorization_policy: two_factor
- email redirect_uris:
userinfo_signing_algorithm: none - https://example-team.cloudflareaccess.com/cdn-cgi/access/callback
scopes:
- openid
- profile
- email
userinfo_signing_algorithm: none
``` ```
## See Also ## See Also

33
docs/content/en/integration/openid-connect/firezone/index.md
View File

@ -71,20 +71,25 @@ The following YAML configuration is an example __Authelia__
will operate with the above example: will operate with the above example:
```yaml ```yaml
- id: firezone identity_providers:
description: Firezone oidc:
secret: '$pbkdf2-sha512$310000$c8p78n7pUMln0jzvd4aK4Q$JNRBzwAo0ek5qKn50cFzzvE9RXV88h1wJn5KGiHrD0YKtZaR/nCb2CJPOsKaPK0hjf.9yHxzQGZziziccp6Yng' # The digest of 'insecure_secret'. ## The other portions of the mandatory OpenID Connect 1.0 configuration go here.
public: false ## See: https://www.authelia.com/c/oidc
authorization_policy: two_factor clients:
enforce_pkce: true - id: firezone
pkce_challenge_method: S256 description: Firezone
redirect_uris: secret: '$pbkdf2-sha512$310000$c8p78n7pUMln0jzvd4aK4Q$JNRBzwAo0ek5qKn50cFzzvE9RXV88h1wJn5KGiHrD0YKtZaR/nCb2CJPOsKaPK0hjf.9yHxzQGZziziccp6Yng' # The digest of 'insecure_secret'.
- https://firezone.example.com/auth/oidc/authelia/callback public: false
scopes: authorization_policy: two_factor
- openid enforce_pkce: true
- email pkce_challenge_method: S256
- profile redirect_uris:
userinfo_signing_algorithm: none - https://firezone.example.com/auth/oidc/authelia/callback
scopes:
- openid
- email
- profile
userinfo_signing_algorithm: none
``` ```
## See Also ## See Also

35
docs/content/en/integration/openid-connect/gitea/index.md
View File

@ -81,25 +81,30 @@ The following YAML configuration is an example __Authelia__
will operate with the above example: will operate with the above example:
```yaml ```yaml
- id: gitea identity_providers:
description: Gitea oidc:
secret: '$pbkdf2-sha512$310000$c8p78n7pUMln0jzvd4aK4Q$JNRBzwAo0ek5qKn50cFzzvE9RXV88h1wJn5KGiHrD0YKtZaR/nCb2CJPOsKaPK0hjf.9yHxzQGZziziccp6Yng' # The digest of 'insecure_secret'. ## The other portions of the mandatory OpenID Connect 1.0 configuration go here.
public: false ## See: https://www.authelia.com/c/oidc
authorization_policy: two_factor clients:
redirect_uris: - id: gitea
- https://gitea.example.com/user/oauth2/authelia/callback description: Gitea
scopes: secret: '$pbkdf2-sha512$310000$c8p78n7pUMln0jzvd4aK4Q$JNRBzwAo0ek5qKn50cFzzvE9RXV88h1wJn5KGiHrD0YKtZaR/nCb2CJPOsKaPK0hjf.9yHxzQGZziziccp6Yng' # The digest of 'insecure_secret'.
- openid public: false
- email authorization_policy: two_factor
- profile redirect_uris:
userinfo_signing_algorithm: none - https://gitea.example.com/user/oauth2/authelia/callback
scopes:
- openid
- email
- profile
userinfo_signing_algorithm: none
``` ```
## See Also ## See Also
- [Gitea] app.ini [Config Cheat Sheet - OpenID](https://docs.gitea.io/en-us/config-cheat-sheet/#openid-openid) - [Gitea] app.ini [Config Cheat Sheet](https://docs.gitea.io/en-us/config-cheat-sheet):
- [Gitea] app.ini [Config Cheat Sheet - Service](https://docs.gitea.io/en-us/config-cheat-sheet/#service-service) - [OpenID](https://docs.gitea.io/en-us/config-cheat-sheet/#openid-openid)
- [Service](https://docs.gitea.io/en-us/config-cheat-sheet/#service-service)
- [Authelia]: https://www.authelia.com
[Gitea]: https://gitea.io/ [Gitea]: https://gitea.io/
[OpenID Connect 1.0]: ../../openid-connect/introduction.md [OpenID Connect 1.0]: ../../openid-connect/introduction.md

31
docs/content/en/integration/openid-connect/gitlab/index.md
View File

@ -73,19 +73,24 @@ The following YAML configuration is an example __Authelia__
which will operate with the above example: which will operate with the above example:
```yaml ```yaml
- id: gitlab identity_providers:
description: GitLab oidc:
secret: '$pbkdf2-sha512$310000$c8p78n7pUMln0jzvd4aK4Q$JNRBzwAo0ek5qKn50cFzzvE9RXV88h1wJn5KGiHrD0YKtZaR/nCb2CJPOsKaPK0hjf.9yHxzQGZziziccp6Yng' # The digest of 'insecure_secret'. ## The other portions of the mandatory OpenID Connect 1.0 configuration go here.
public: false ## See: https://www.authelia.com/c/oidc
authorization_policy: two_factor clients:
redirect_uris: - id: gitlab
- https://gitlab.example.com/users/auth/openid_connect/callback description: GitLab
scopes: secret: '$pbkdf2-sha512$310000$c8p78n7pUMln0jzvd4aK4Q$JNRBzwAo0ek5qKn50cFzzvE9RXV88h1wJn5KGiHrD0YKtZaR/nCb2CJPOsKaPK0hjf.9yHxzQGZziziccp6Yng' # The digest of 'insecure_secret'.
- openid public: false
- profile authorization_policy: two_factor
- groups redirect_uris:
- email - https://gitlab.example.com/users/auth/openid_connect/callback
userinfo_signing_algorithm: none scopes:
- openid
- profile
- groups
- email
userinfo_signing_algorithm: none
``` ```
## See Also ## See Also

31
docs/content/en/integration/openid-connect/grafana/index.md
View File

@ -91,19 +91,24 @@ The following YAML configuration is an example __Authelia__
which will operate with the above example: which will operate with the above example:
```yaml ```yaml
- id: grafana identity_providers:
description: Grafana oidc:
secret: '$pbkdf2-sha512$310000$c8p78n7pUMln0jzvd4aK4Q$JNRBzwAo0ek5qKn50cFzzvE9RXV88h1wJn5KGiHrD0YKtZaR/nCb2CJPOsKaPK0hjf.9yHxzQGZziziccp6Yng' # The digest of 'insecure_secret'. ## The other portions of the mandatory OpenID Connect 1.0 configuration go here.
public: false ## See: https://www.authelia.com/c/oidc
authorization_policy: two_factor clients:
redirect_uris: - id: grafana
- https://grafana.example.com/login/generic_oauth description: Grafana
scopes: secret: '$pbkdf2-sha512$310000$c8p78n7pUMln0jzvd4aK4Q$JNRBzwAo0ek5qKn50cFzzvE9RXV88h1wJn5KGiHrD0YKtZaR/nCb2CJPOsKaPK0hjf.9yHxzQGZziziccp6Yng' # The digest of 'insecure_secret'.
- openid public: false
- profile authorization_policy: two_factor
- groups redirect_uris:
- email - https://grafana.example.com/login/generic_oauth
userinfo_signing_algorithm: none scopes:
- openid
- profile
- groups
- email
userinfo_signing_algorithm: none
``` ```
## See Also ## See Also

31
docs/content/en/integration/openid-connect/harbor/index.md
View File

@ -64,19 +64,24 @@ The following YAML configuration is an example __Authelia__
which will operate with the above example: which will operate with the above example:
```yaml ```yaml
- id: harbor identity_providers:
description: Harbor oidc:
secret: '$pbkdf2-sha512$310000$c8p78n7pUMln0jzvd4aK4Q$JNRBzwAo0ek5qKn50cFzzvE9RXV88h1wJn5KGiHrD0YKtZaR/nCb2CJPOsKaPK0hjf.9yHxzQGZziziccp6Yng' # The digest of 'insecure_secret'. ## The other portions of the mandatory OpenID Connect 1.0 configuration go here.
public: false ## See: https://www.authelia.com/c/oidc
authorization_policy: two_factor clients:
redirect_uris: - id: harbor
- https://harbor.example.com/c/oidc/callback description: Harbor
scopes: secret: '$pbkdf2-sha512$310000$c8p78n7pUMln0jzvd4aK4Q$JNRBzwAo0ek5qKn50cFzzvE9RXV88h1wJn5KGiHrD0YKtZaR/nCb2CJPOsKaPK0hjf.9yHxzQGZziziccp6Yng' # The digest of 'insecure_secret'.
- openid public: false
- profile authorization_policy: two_factor
- groups redirect_uris:
- email - https://harbor.example.com/c/oidc/callback
userinfo_signing_algorithm: none scopes:
- openid
- profile
- groups
- email
userinfo_signing_algorithm: none
``` ```
## See Also ## See Also

33
docs/content/en/integration/openid-connect/hashicorp-vault/index.md
View File

@ -47,20 +47,25 @@ The following YAML configuration is an example __Authelia__
which will operate with the above example: which will operate with the above example:
```yaml ```yaml
- id: vault identity_providers:
description: HashiCorp Vault oidc:
secret: '$pbkdf2-sha512$310000$c8p78n7pUMln0jzvd4aK4Q$JNRBzwAo0ek5qKn50cFzzvE9RXV88h1wJn5KGiHrD0YKtZaR/nCb2CJPOsKaPK0hjf.9yHxzQGZziziccp6Yng' # The digest of 'insecure_secret'. ## The other portions of the mandatory OpenID Connect 1.0 configuration go here.
public: false ## See: https://www.authelia.com/c/oidc
authorization_policy: two_factor clients:
redirect_uris: - id: vault
- https://vault.example.com/oidc/callback description: HashiCorp Vault
- https://vault.example.com/ui/vault/auth/oidc/oidc/callback secret: '$pbkdf2-sha512$310000$c8p78n7pUMln0jzvd4aK4Q$JNRBzwAo0ek5qKn50cFzzvE9RXV88h1wJn5KGiHrD0YKtZaR/nCb2CJPOsKaPK0hjf.9yHxzQGZziziccp6Yng' # The digest of 'insecure_secret'.
scopes: public: false
- openid authorization_policy: two_factor
- profile redirect_uris:
- groups - https://vault.example.com/oidc/callback
- email - https://vault.example.com/ui/vault/auth/oidc/oidc/callback
userinfo_signing_algorithm: none scopes:
- openid
- profile
- groups
- email
userinfo_signing_algorithm: none
``` ```
## See Also ## See Also

33
docs/content/en/integration/openid-connect/komga/index.md
View File

@ -69,20 +69,25 @@ The following YAML configuration is an example __Authelia__
which will operate with the above example: which will operate with the above example:
```yaml ```yaml
- id: komga identity_providers:
description: Komga oidc:
secret: '$pbkdf2-sha512$310000$c8p78n7pUMln0jzvd4aK4Q$JNRBzwAo0ek5qKn50cFzzvE9RXV88h1wJn5KGiHrD0YKtZaR/nCb2CJPOsKaPK0hjf.9yHxzQGZziziccp6Yng' # The digest of 'insecure_secret'. ## The other portions of the mandatory OpenID Connect 1.0 configuration go here.
public: false ## See: https://www.authelia.com/c/oidc
authorization_policy: two_factor clients:
redirect_uris: - id: komga
- https://komga.example.com/login/oauth2/code/authelia description: Komga
scopes: secret: '$pbkdf2-sha512$310000$c8p78n7pUMln0jzvd4aK4Q$JNRBzwAo0ek5qKn50cFzzvE9RXV88h1wJn5KGiHrD0YKtZaR/nCb2CJPOsKaPK0hjf.9yHxzQGZziziccp6Yng' # The digest of 'insecure_secret'.
- openid public: false
- profile authorization_policy: two_factor
- email redirect_uris:
grant_types: - https://komga.example.com/login/oauth2/code/authelia
- authorization_code scopes:
userinfo_signing_algorithm: none - openid
- profile
- email
grant_types:
- authorization_code
userinfo_signing_algorithm: none
``` ```
## See Also ## See Also

33
docs/content/en/integration/openid-connect/minio/index.md
View File

@ -67,19 +67,24 @@ The following YAML configuration is an example __Authelia__
which will operate with the above example: which will operate with the above example:
```yaml ```yaml
- id: minio identity_providers:
description: MinIO oidc:
secret: '$pbkdf2-sha512$310000$c8p78n7pUMln0jzvd4aK4Q$JNRBzwAo0ek5qKn50cFzzvE9RXV88h1wJn5KGiHrD0YKtZaR/nCb2CJPOsKaPK0hjf.9yHxzQGZziziccp6Yng' # The digest of 'insecure_secret'. ## The other portions of the mandatory OpenID Connect 1.0 configuration go here.
public: false ## See: https://www.authelia.com/c/oidc
authorization_policy: two_factor clients:
redirect_uris: - id: minio
- https://minio.example.com/apps/oidc_login/oidc description: MinIO
scopes: secret: '$pbkdf2-sha512$310000$c8p78n7pUMln0jzvd4aK4Q$JNRBzwAo0ek5qKn50cFzzvE9RXV88h1wJn5KGiHrD0YKtZaR/nCb2CJPOsKaPK0hjf.9yHxzQGZziziccp6Yng' # The digest of 'insecure_secret'.
- openid public: false
- profile authorization_policy: two_factor
- email redirect_uris:
- groups - https://minio.example.com/apps/oidc_login/oidc
userinfo_signing_algorithm: none scopes:
- openid
- profile
- email
- groups
userinfo_signing_algorithm: none
``` ```
## See Also ## See Also
@ -88,4 +93,4 @@ which will operate with the above example:
[MinIO]: https://minio.com/ [MinIO]: https://minio.com/
[Authelia]: https://www.authelia.com [Authelia]: https://www.authelia.com
[OpenID Connect 1.0]: ../../openid-connect/introduction.md [OpenID Connect 1.0]: ../../openid-connect/introduction.md

46
docs/content/en/integration/openid-connect/misago/index.md
View File

@ -15,10 +15,10 @@ community: true
## Tested Versions ## Tested Versions
- [Authelia](https://www.authelia.com) * [Authelia](https://www.authelia.com)
- [v4.37.5](https://github.com/authelia/authelia/releases/tag/v4.37.5) * [v4.37.5](https://github.com/authelia/authelia/releases/tag/v4.37.5)
- [Misago](https://github.com/rafalp/Misago) * [Misago](https://github.com/rafalp/Misago)
- [misago-image v0.29.1](https://github.com/tetricky/misago-image/releases/tag/v0.29.1) * [misago-image v0.29.1](https://github.com/tetricky/misago-image/releases/tag/v0.29.1)
## Before You Begin ## Before You Begin
@ -82,24 +82,28 @@ To configure [Misago] to utilize Authelia as an [OpenID Connect 1.0](https://www
The following YAML configuration is an example **Authelia** [client configuration](https://www.authelia.com/configuration/identity-providers/open-id-connect/#clients) for use with [Misago] which will operate with the above example: The following YAML configuration is an example **Authelia** [client configuration](https://www.authelia.com/configuration/identity-providers/open-id-connect/#clients) for use with [Misago] which will operate with the above example:
```yaml ```yaml
identity_providers:
oidc:
## The other portions of the mandatory OpenID Connect 1.0 configuration go here.
## See: https://www.authelia.com/c/oidc
clients: clients:
- id: misago - id: misago
secret: '$pbkdf2-sha512$310000$c8p78n7pUMln0jzvd4aK4Q$JNRBzwAo0ek5qKn50cFzzvE9RXV88h1wJn5KGiHrD0YKtZaR/nCb2CJPOsKaPK0hjf.9yHxzQGZziziccp6Yng' # The digest of 'insecure_secret'. secret: '$pbkdf2-sha512$310000$c8p78n7pUMln0jzvd4aK4Q$JNRBzwAo0ek5qKn50cFzzvE9RXV88h1wJn5KGiHrD0YKtZaR/nCb2CJPOsKaPK0hjf.9yHxzQGZziziccp6Yng' # The digest of 'insecure_secret'.
public: false public: false
authorization_policy: two_factor authorization_policy: two_factor
scopes: scopes:
- openid - openid
- profile - profile
- email - email
redirect_uris: redirect_uris:
- https://misago.example.com/oauth2/complete/ - https://misago.example.com/oauth2/complete/
grant_types: grant_types:
- authorization_code - authorization_code
response_types: response_types:
- code - code
response_modes: response_modes:
- query - query
userinfo_signing_algorithm: none userinfo_signing_algorithm: none
``` ```
--- ---

31
docs/content/en/integration/openid-connect/nextcloud/index.md
View File

@ -85,19 +85,24 @@ The following YAML configuration is an example __Authelia__
which will operate with the above example: which will operate with the above example:
```yaml ```yaml
- id: nextcloud identity_providers:
description: NextCloud oidc:
secret: '$pbkdf2-sha512$310000$c8p78n7pUMln0jzvd4aK4Q$JNRBzwAo0ek5qKn50cFzzvE9RXV88h1wJn5KGiHrD0YKtZaR/nCb2CJPOsKaPK0hjf.9yHxzQGZziziccp6Yng' # The digest of 'insecure_secret'. ## The other portions of the mandatory OpenID Connect 1.0 configuration go here.
public: false ## See: https://www.authelia.com/c/oidc
authorization_policy: two_factor clients:
redirect_uris: - id: nextcloud
- https://nextcloud.example.com/apps/oidc_login/oidc description: NextCloud
scopes: secret: '$pbkdf2-sha512$310000$c8p78n7pUMln0jzvd4aK4Q$JNRBzwAo0ek5qKn50cFzzvE9RXV88h1wJn5KGiHrD0YKtZaR/nCb2CJPOsKaPK0hjf.9yHxzQGZziziccp6Yng' # The digest of 'insecure_secret'.
- openid public: false
- profile authorization_policy: two_factor
- email redirect_uris:
- groups - https://nextcloud.example.com/apps/oidc_login/oidc
userinfo_signing_algorithm: none scopes:
- openid
- profile
- email
- groups
userinfo_signing_algorithm: none
``` ```
## See Also ## See Also

31
docs/content/en/integration/openid-connect/outline/index.md
View File

@ -64,19 +64,24 @@ The following YAML configuration is an example __Authelia__
which will operate with the above example: which will operate with the above example:
```yaml ```yaml
- id: outline identity_providers:
description: Outline oidc:
secret: '$pbkdf2-sha512$310000$c8p78n7pUMln0jzvd4aK4Q$JNRBzwAo0ek5qKn50cFzzvE9RXV88h1wJn5KGiHrD0YKtZaR/nCb2CJPOsKaPK0hjf.9yHxzQGZziziccp6Yng' # The digest of 'insecure_secret'. ## The other portions of the mandatory OpenID Connect 1.0 configuration go here.
public: false ## See: https://www.authelia.com/c/oidc
authorization_policy: two_factor clients:
redirect_uris: - id: outline
- https://outline.example.com/auth/oidc.callback description: Outline
scopes: secret: '$pbkdf2-sha512$310000$c8p78n7pUMln0jzvd4aK4Q$JNRBzwAo0ek5qKn50cFzzvE9RXV88h1wJn5KGiHrD0YKtZaR/nCb2CJPOsKaPK0hjf.9yHxzQGZziziccp6Yng' # The digest of 'insecure_secret'.
- openid public: false
- offline_access authorization_policy: two_factor
- profile redirect_uris:
- email - https://outline.example.com/auth/oidc.callback
userinfo_signing_algorithm: none scopes:
- openid
- offline_access
- profile
- email
userinfo_signing_algorithm: none
``` ```
## See Also ## See Also

31
docs/content/en/integration/openid-connect/portainer/index.md
View File

@ -65,19 +65,24 @@ The following YAML configuration is an example __Authelia__
which will operate with the above example: which will operate with the above example:
```yaml ```yaml
- id: portainer identity_providers:
description: Portainer oidc:
secret: '$pbkdf2-sha512$310000$c8p78n7pUMln0jzvd4aK4Q$JNRBzwAo0ek5qKn50cFzzvE9RXV88h1wJn5KGiHrD0YKtZaR/nCb2CJPOsKaPK0hjf.9yHxzQGZziziccp6Yng' # The digest of 'insecure_secret'. ## The other portions of the mandatory OpenID Connect 1.0 configuration go here.
public: false ## See: https://www.authelia.com/c/oidc
authorization_policy: two_factor clients:
redirect_uris: - id: portainer
- https://portainer.example.com description: Portainer
scopes: secret: '$pbkdf2-sha512$310000$c8p78n7pUMln0jzvd4aK4Q$JNRBzwAo0ek5qKn50cFzzvE9RXV88h1wJn5KGiHrD0YKtZaR/nCb2CJPOsKaPK0hjf.9yHxzQGZziziccp6Yng' # The digest of 'insecure_secret'.
- openid public: false
- profile authorization_policy: two_factor
- groups redirect_uris:
- email - https://portainer.example.com
userinfo_signing_algorithm: none scopes:
- openid
- profile
- groups
- email
userinfo_signing_algorithm: none
``` ```
## See Also ## See Also

38
docs/content/en/integration/openid-connect/proxmox/index.md
View File

@ -22,14 +22,9 @@ aliases:
* [Proxmox] * [Proxmox]
* 7.1-10 * 7.1-10
### Common Notes ## Before You Begin
1. You are *__required__* to utilize a unique client id for every client. {{% oidc-common %}}
2. The client id on this page is merely an example and you can theoretically use any alphanumeric string.
3. You *__should not__* use the client secret in this example, We *__strongly recommend__* reading the
[Generating Client Secrets] guide instead.
[Generating Client Secrets]: ../specific-information.md#generating-client-secrets
### Specific Notes ### Specific Notes
@ -74,18 +69,23 @@ The following YAML configuration is an example __Authelia__
which will operate with the above example: which will operate with the above example:
```yaml ```yaml
- id: proxmox identity_providers:
description: Proxmox oidc:
secret: '$pbkdf2-sha512$310000$c8p78n7pUMln0jzvd4aK4Q$JNRBzwAo0ek5qKn50cFzzvE9RXV88h1wJn5KGiHrD0YKtZaR/nCb2CJPOsKaPK0hjf.9yHxzQGZziziccp6Yng' # The digest of 'insecure_secret'. ## The other portions of the mandatory OpenID Connect 1.0 configuration go here.
public: false ## See: https://www.authelia.com/c/oidc
authorization_policy: two_factor clients:
redirect_uris: - id: proxmox
- https://proxmox.example.com description: Proxmox
scopes: secret: '$pbkdf2-sha512$310000$c8p78n7pUMln0jzvd4aK4Q$JNRBzwAo0ek5qKn50cFzzvE9RXV88h1wJn5KGiHrD0YKtZaR/nCb2CJPOsKaPK0hjf.9yHxzQGZziziccp6Yng' # The digest of 'insecure_secret'.
- openid public: false
- profile authorization_policy: two_factor
- email redirect_uris:
userinfo_signing_algorithm: none - https://proxmox.example.com
scopes:
- openid
- profile
- email
userinfo_signing_algorithm: none
``` ```
## See Also ## See Also

29
docs/content/en/integration/openid-connect/seafile/index.md
View File

@ -73,18 +73,23 @@ The following YAML configuration is an example __Authelia__
which will operate with the above example: which will operate with the above example:
```yaml ```yaml
- id: seafile identity_providers:
description: Seafile oidc:
secret: '$pbkdf2-sha512$310000$c8p78n7pUMln0jzvd4aK4Q$JNRBzwAo0ek5qKn50cFzzvE9RXV88h1wJn5KGiHrD0YKtZaR/nCb2CJPOsKaPK0hjf.9yHxzQGZziziccp6Yng' # The digest of 'insecure_secret'. ## The other portions of the mandatory OpenID Connect 1.0 configuration go here.
public: false ## See: https://www.authelia.com/c/oidc
authorization_policy: two_factor clients:
redirect_uris: - id: seafile
- https://seafile.example.com/oauth/callback/ description: Seafile
scopes: secret: '$pbkdf2-sha512$310000$c8p78n7pUMln0jzvd4aK4Q$JNRBzwAo0ek5qKn50cFzzvE9RXV88h1wJn5KGiHrD0YKtZaR/nCb2CJPOsKaPK0hjf.9yHxzQGZziziccp6Yng' # The digest of 'insecure_secret'.
- openid public: false
- profile authorization_policy: two_factor
- email redirect_uris:
userinfo_signing_algorithm: none - https://seafile.example.com/oauth/callback/
scopes:
- openid
- profile
- email
userinfo_signing_algorithm: none
``` ```
## See Also ## See Also

8
docs/content/en/integration/openid-connect/specific-information.md
View File

@ -46,9 +46,11 @@ which case the secret should be encrypted and not be stored in plaintext. The mo
client configurations will be stored in the database with the secret both salted and peppered. client configurations will be stored in the database with the secret both salted and peppered.
Authelia currently does not implement any of the specifications or protocols which require secrets being accessible in Authelia currently does not implement any of the specifications or protocols which require secrets being accessible in
the clear and currently has no plans to implement any of these. As such it's *__strongly discouraged and heavily the clear such as most notibly the `client_secret_jwt` grant and currently we no plans to implement any of these. As
deprecated__* and we instead recommended that users remove this from their configuration entirely and use the such it's *__strongly discouraged and heavily deprecated__* and we instead recommended that users remove this from their
[Generating Client Secrets](#generating-client-secrets) guide. configuration entirely and use the [Generating Client Secrets](#generating-client-secrets) guide. At such a time as we
support one of these protocols we will very likely only allow plaintext for clients configured expressly for this
purpose i.e. a client that only allows `client_secret_jwt` and no other grants.
Plaintext is either denoted by the `$plaintext$` prefix where everything after the prefix is the secret. In addition if Plaintext is either denoted by the `$plaintext$` prefix where everything after the prefix is the secret. In addition if
the secret does not start with the `$` character it's considered as a plaintext secret for the time being but is the secret does not start with the `$` character it's considered as a plaintext secret for the time being but is

29
docs/content/en/integration/openid-connect/synapse/index.md
View File

@ -67,18 +67,23 @@ The following YAML configuration is an example __Authelia__
which will operate with the above example: which will operate with the above example:
```yaml ```yaml
- id: synapse identity_providers:
description: Synapse oidc:
secret: '$pbkdf2-sha512$310000$c8p78n7pUMln0jzvd4aK4Q$JNRBzwAo0ek5qKn50cFzzvE9RXV88h1wJn5KGiHrD0YKtZaR/nCb2CJPOsKaPK0hjf.9yHxzQGZziziccp6Yng' # The digest of 'insecure_secret'. ## The other portions of the mandatory OpenID Connect 1.0 configuration go here.
public: false ## See: https://www.authelia.com/c/oidc
authorization_policy: two_factor clients:
redirect_uris: - id: synapse
- https://synapse.example.com/_synapse/client/oidc/callback description: Synapse
scopes: secret: '$pbkdf2-sha512$310000$c8p78n7pUMln0jzvd4aK4Q$JNRBzwAo0ek5qKn50cFzzvE9RXV88h1wJn5KGiHrD0YKtZaR/nCb2CJPOsKaPK0hjf.9yHxzQGZziziccp6Yng' # The digest of 'insecure_secret'.
- openid public: false
- profile authorization_policy: two_factor
- email redirect_uris:
userinfo_signing_algorithm: none - https://synapse.example.com/_synapse/client/oidc/callback
scopes:
- openid
- profile
- email
userinfo_signing_algorithm: none
``` ```
## See Also ## See Also

31
docs/content/en/integration/openid-connect/synology-dsm/index.md
View File

@ -69,19 +69,24 @@ The following YAML configuration is an example __Authelia__
which will operate with the above example: which will operate with the above example:
```yaml ```yaml
- id: synology-dsm identity_providers:
description: Synology DSM oidc:
secret: '$pbkdf2-sha512$310000$c8p78n7pUMln0jzvd4aK4Q$JNRBzwAo0ek5qKn50cFzzvE9RXV88h1wJn5KGiHrD0YKtZaR/nCb2CJPOsKaPK0hjf.9yHxzQGZziziccp6Yng' # The digest of 'insecure_secret'. ## The other portions of the mandatory OpenID Connect 1.0 configuration go here.
public: false ## See: https://www.authelia.com/c/oidc
authorization_policy: two_factor clients:
redirect_uris: - id: synology-dsm
- https://dsm.example.com description: Synology DSM
scopes: secret: '$pbkdf2-sha512$310000$c8p78n7pUMln0jzvd4aK4Q$JNRBzwAo0ek5qKn50cFzzvE9RXV88h1wJn5KGiHrD0YKtZaR/nCb2CJPOsKaPK0hjf.9yHxzQGZziziccp6Yng' # The digest of 'insecure_secret'.
- openid public: false
- profile authorization_policy: two_factor
- groups redirect_uris:
- email - https://dsm.example.com
userinfo_signing_algorithm: none scopes:
- openid
- profile
- groups
- email
userinfo_signing_algorithm: none
``` ```
## See Also ## See Also