docs: cloudflare zt fixes (#3931)

pull/3932/head
James Elliott 2022-08-31 21:03:21 +10:00 committed by GitHub
parent 20c28d20a4
commit 730e47df92
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 9 additions and 2 deletions

View File

@ -31,10 +31,17 @@ This example makes the following assumptions:
* __Client ID:__ `cloudflare` * __Client ID:__ `cloudflare`
* __Client Secret:__ `cloudflare_client_secret` * __Client Secret:__ `cloudflare_client_secret`
*__Important Note:__ Cloudflare does not properly URL encode the secret. This means you'll either have to use
only alphanumeric characters for the secret or URL encode it yourself.*
## Configuration ## Configuration
### Application ### Application
*__Important Note:__ It is a requirement that the Authelia URL's can be requested by Cloudflare's servers. This usually
means that the URL's are accessible to foreign clients on the internet. There may be a way to configure this without
accessibility to foreign clients on the internet on Cloudflare's end but this is beyond the scope of this document.*
To configure [Cloudflare Zero Trust] to utilize Authelia as an [OpenID Connect] Provider: To configure [Cloudflare Zero Trust] to utilize Authelia as an [OpenID Connect] Provider:
1. Visit the [Cloudflare Zero Trust Dashboard](https://dash.teams.cloudflare.com) 1. Visit the [Cloudflare Zero Trust Dashboard](https://dash.teams.cloudflare.com)
@ -49,7 +56,8 @@ To configure [Cloudflare Zero Trust] to utilize Authelia as an [OpenID Connect]
4. Auth URL: `https://auth.example.com/api/oidc/authorization` 4. Auth URL: `https://auth.example.com/api/oidc/authorization`
5. Token URL: `https://auth.example.com/api/oidc/token` 5. Token URL: `https://auth.example.com/api/oidc/token`
6. Certificate URL: `https://auth.example.com/jwks.json` 6. Certificate URL: `https://auth.example.com/jwks.json`
7. Add the following OIDC Claims: `preferred_username`, `mail`, `groups` 7. Enable `Proof Key for Code Exchange (PKCE)`
8. Add the following OIDC Claims: `preferred_username`, `mail`
7. Click Save 7. Click Save
### Authelia ### Authelia
@ -69,7 +77,6 @@ which will operate with the above example:
scopes: scopes:
- openid - openid
- profile - profile
- groups
- email - email
userinfo_signing_algorithm: none userinfo_signing_algorithm: none
``` ```