docs: make several openid connect areas uniform (#4824)

pull/4825/head^2
James Elliott 2023-01-26 10:59:18 +11:00 committed by GitHub
parent 65705a646d
commit a33b37a9cd
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
20 changed files with 61 additions and 59 deletions

View File

@ -16,4 +16,4 @@ aliases:
## OpenID Connect ## OpenID Connect
The only identity provider implementation supported at this time is [OpenID Connect](open-id-connect.md). The only identity provider implementation supported at this time is [OpenID Connect 1.0](open-id-connect.md).

View File

@ -1,7 +1,7 @@
--- ---
title: "OpenID Connect" title: "OpenID Connect"
description: "OpenID Connect Configuration" description: "OpenID Connect Configuration"
lead: "Authelia can operate as an OpenID Connect provider. This section describes how to configure this." lead: "Authelia can operate as an OpenID Connect 1.0 Provider. This section describes how to configure this."
date: 2022-06-15T17:51:47+10:00 date: 2022-06-15T17:51:47+10:00
draft: false draft: false
images: [] images: []
@ -15,13 +15,14 @@ aliases:
- /docs/configuration/identity-providers/oidc.html - /docs/configuration/identity-providers/oidc.html
--- ---
__Authelia__ currently supports the [OpenID Connect] OP role as a [__beta__](../../roadmap/active/openid-connect.md) __Authelia__ currently supports the [OpenID Connect 1.0] Provider role as an open
feature. The OP role is the [OpenID Connect] Provider role, not the Relying Party or RP role. This means other [__beta__](../../roadmap/active/openid-connect.md) feature. We currently do not support the [OpenID Connect 1.0] Relying
applications that implement the [OpenID Connect] RP role can use Authelia as an authentication and authorization backend Party role. This means other applications that implement the [OpenID Connect 1.0] Relying Party role can use Authelia as
similar to how you may use social media or development platforms for login. an [OpenID Connect 1.0] Provider similar to how you may use social media or development platforms for login.
The Relying Party role is the role which allows an application to use GitHub, Google, or other [OpenID Connect] The [OpenID Connect 1.0] Relying Party role is the role which allows an application to use GitHub, Google, or other
providers for authentication and authorization. We do not intend to support this functionality at this moment in time. [OpenID Connect 1.0] Providers for authentication and authorization. We do not intend to support this functionality at
this moment in time.
More information about the beta can be found in the [roadmap](../../roadmap/active/openid-connect.md). More information about the beta can be found in the [roadmap](../../roadmap/active/openid-connect.md).
@ -165,7 +166,7 @@ with 64 or more characters.
{{< confkey type="string" required="no" >}} {{< confkey type="string" required="no" >}}
The certificate chain/bundle to be used with the [issuer_private_key](#issuer_private_key) DER base64 ([RFC4648]) The certificate chain/bundle to be used with the [issuer_private_key](#issuer_private_key) DER base64 ([RFC4648])
encoded PEM format used to sign/encrypt the [OpenID Connect] [JWT]'s. When configured it enables the [x5c] and [x5t] encoded PEM format used to sign/encrypt the [OpenID Connect 1.0] [JWT]'s. When configured it enables the [x5c] and [x5t]
JSON key's in the JWKs [Discoverable Endpoint](../../integration/openid-connect/introduction.md#discoverable-endpoints) JSON key's in the JWKs [Discoverable Endpoint](../../integration/openid-connect/introduction.md#discoverable-endpoints)
as per [RFC7517]. as per [RFC7517].
@ -184,7 +185,7 @@ certificate immediately following it if present.
*__Important Note:__ This can also be defined using a [secret](../methods/secrets.md) which is __strongly recommended__ *__Important Note:__ This can also be defined using a [secret](../methods/secrets.md) which is __strongly recommended__
especially for containerized deployments.* especially for containerized deployments.*
The private key used to sign/encrypt the [OpenID Connect] issued [JWT]'s. The key must be generated by the administrator The private key used to sign/encrypt the [OpenID Connect 1.0] issued [JWT]'s. The key must be generated by the administrator
and can be done by following the and can be done by following the
[Generating an RSA Keypair](../../reference/guides/generating-secure-values.md#generating-an-rsa-keypair) guide. [Generating an RSA Keypair](../../reference/guides/generating-secure-values.md#generating-an-rsa-keypair) guide.
@ -273,7 +274,7 @@ method instead.
### cors ### cors
Some [OpenID Connect] Endpoints need to allow cross-origin resource sharing, however some are optional. This section allows Some [OpenID Connect 1.0] Endpoints need to allow cross-origin resource sharing, however some are optional. This section allows
you to configure the optional parts. We reply with CORS headers when the request includes the Origin header. you to configure the optional parts. We reply with CORS headers when the request includes the Origin header.
#### endpoints #### endpoints
@ -298,7 +299,7 @@ A list of permitted origins.
Any origin with https is permitted unless this option is configured or the Any origin with https is permitted unless this option is configured or the
[allowed_origins_from_client_redirect_uris](#allowed_origins_from_client_redirect_uris) option is enabled. This means [allowed_origins_from_client_redirect_uris](#allowed_origins_from_client_redirect_uris) option is enabled. This means
you must configure this option manually if you want http endpoints to be permitted to make cross-origin requests to the you must configure this option manually if you want http endpoints to be permitted to make cross-origin requests to the
[OpenID Connect] endpoints, however this is not recommended. [OpenID Connect 1.0] endpoints, however this is not recommended.
Origins must only have the scheme, hostname and port, they may not have a trailing slash or path. Origins must only have the scheme, hostname and port, they may not have a trailing slash or path.
@ -386,7 +387,7 @@ the lookup of the subject identifier.
2. any client with a differing sector identifier. 2. any client with a differing sector identifier.
In specific but limited scenarios this option is beneficial for privacy reasons. In particular this is useful when the In specific but limited scenarios this option is beneficial for privacy reasons. In particular this is useful when the
party utilizing the *Authelia* [OpenID Connect] Authorization Server is foreign and not controlled by the user. It would party utilizing the *Authelia* [OpenID Connect 1.0] Authorization Server is foreign and not controlled by the user. It would
prevent the third party utilizing the subject identifier with another third party in order to track the user. prevent the third party utilizing the subject identifier with another third party in order to track the user.
Keep in mind depending on the other claims they may still be able to perform this tracking and it is not a silver Keep in mind depending on the other claims they may still be able to perform this tracking and it is not a silver
@ -524,11 +525,11 @@ match exactly with the granted scopes/audience.
## Integration ## Integration
To integrate Authelia's [OpenID Connect] implementation with a relying party please see the To integrate Authelia's [OpenID Connect 1.0] implementation with a relying party please see the
[integration docs](../../integration/openid-connect/introduction.md). [integration docs](../../integration/openid-connect/introduction.md).
[token lifespan]: https://docs.apigee.com/api-platform/antipatterns/oauth-long-expiration [token lifespan]: https://docs.apigee.com/api-platform/antipatterns/oauth-long-expiration
[OpenID Connect]: https://openid.net/connect/ [OpenID Connect 1.0]: https://openid.net/connect/
[JWT]: https://www.rfc-editor.org/rfc/rfc7519.html [JWT]: https://www.rfc-editor.org/rfc/rfc7519.html
[RFC6234]: https://www.rfc-editor.org/rfc/rfc6234.html [RFC6234]: https://www.rfc-editor.org/rfc/rfc6234.html
[RFC4648]: https://www.rfc-editor.org/rfc/rfc4648.html [RFC4648]: https://www.rfc-editor.org/rfc/rfc4648.html

View File

@ -44,7 +44,7 @@ This example makes the following assumptions:
### Application ### Application
To configure [Apache Guacamole] to utilize Authelia as an [OpenID Connect] Provider use the following configuration: To configure [Apache Guacamole] to utilize Authelia as an [OpenID Connect 1.0] Provider use the following configuration:
```yaml ```yaml
openid-client-id: guacamole openid-client-id: guacamole
@ -89,7 +89,7 @@ The following YAML configuration is an example __Authelia__
[Authelia]: https://www.authelia.com [Authelia]: https://www.authelia.com
[Apache Guacamole]: https://guacamole.apache.org/ [Apache Guacamole]: https://guacamole.apache.org/
[OpenID Connect]: ../../openid-connect/introduction.md [OpenID Connect 1.0]: ../../openid-connect/introduction.md

View File

@ -45,7 +45,7 @@ This example makes the following assumptions:
### Application ### Application
To configure [Argo CD] to utilize Authelia as an [OpenID Connect] Provider use the following configuration: To configure [Argo CD] to utilize Authelia as an [OpenID Connect 1.0] Provider use the following configuration:
```yaml ```yaml
name: Authelia name: Authelia
@ -101,7 +101,7 @@ which will operate with the above example:
[Authelia]: https://www.authelia.com [Authelia]: https://www.authelia.com
[Argo CD]: https://argo-cd.readthedocs.io/en/stable/ [Argo CD]: https://argo-cd.readthedocs.io/en/stable/
[OpenID Connect]: ../../openid-connect/introduction.md [OpenID Connect 1.0]: ../../openid-connect/introduction.md

View File

@ -50,7 +50,7 @@ the secret or URL encode the secret yourself.*
### Application ### Application
To configure [BookStack] to utilize Authelia as an [OpenID Connect] Provider: To configure [BookStack] to utilize Authelia as an [OpenID Connect 1.0] Provider:
1. Edit your .env file 1. Edit your .env file
2. Set the following values: 2. Set the following values:
@ -89,4 +89,4 @@ which will operate with the above example:
[Authelia]: https://www.authelia.com [Authelia]: https://www.authelia.com
[BookStack]: https://www.bookstackapp.com/ [BookStack]: https://www.bookstackapp.com/
[OpenID Connect]: ../../openid-connect/introduction.md [OpenID Connect 1.0]: ../../openid-connect/introduction.md

View File

@ -52,7 +52,7 @@ characters for the secret or URL encode the secret yourself.*
means that the URL's are accessible to foreign clients on the internet. There may be a way to configure this without means that the URL's are accessible to foreign clients on the internet. There may be a way to configure this without
accessibility to foreign clients on the internet on Cloudflare's end but this is beyond the scope of this document.* accessibility to foreign clients on the internet on Cloudflare's end but this is beyond the scope of this document.*
To configure [Cloudflare Zero Trust] to utilize Authelia as an [OpenID Connect] Provider: To configure [Cloudflare Zero Trust] to utilize Authelia as an [OpenID Connect 1.0] Provider:
1. Visit the [Cloudflare Zero Trust Dashboard](https://dash.teams.cloudflare.com) 1. Visit the [Cloudflare Zero Trust Dashboard](https://dash.teams.cloudflare.com)
2. Visit `Settings` 2. Visit `Settings`
@ -98,4 +98,4 @@ which will operate with the above example:
[Authelia]: https://www.authelia.com [Authelia]: https://www.authelia.com
[Cloudflare]: https://www.cloudflare.com/ [Cloudflare]: https://www.cloudflare.com/
[Cloudflare Zero Trust]: https://www.cloudflare.com/products/zero-trust/ [Cloudflare Zero Trust]: https://www.cloudflare.com/products/zero-trust/
[OpenID Connect]: ../../openid-connect/introduction.md [OpenID Connect 1.0]: ../../openid-connect/introduction.md

View File

@ -44,7 +44,7 @@ This example makes the following assumptions:
### Application ### Application
To configure [Gitea] to utilize Authelia as an [OpenID Connect] Provider: To configure [Gitea] to utilize Authelia as an [OpenID Connect 1.0] Provider:
1. Expand User Options 1. Expand User Options
2. Visit Site Administration 2. Visit Site Administration
@ -59,7 +59,7 @@ To configure [Gitea] to utilize Authelia as an [OpenID Connect] Provider:
{{< figure src="gitea.png" alt="Gitea" width="300" >}} {{< figure src="gitea.png" alt="Gitea" width="300" >}}
To configure [Gitea] to perform automatic user creation for the `auth.example.com` domain via [OpenID Connect]: To configure [Gitea] to perform automatic user creation for the `auth.example.com` domain via [OpenID Connect 1.0]:
1. Edit the following values in the [Gitea] `app.ini`: 1. Edit the following values in the [Gitea] `app.ini`:
```ini ```ini
@ -105,4 +105,4 @@ will operate with the above example:
- [Authelia]: https://www.authelia.com - [Authelia]: https://www.authelia.com
[Gitea]: https://gitea.io/ [Gitea]: https://gitea.io/
[OpenID Connect]: ../../openid-connect/introduction.md [OpenID Connect 1.0]: ../../openid-connect/introduction.md

View File

@ -44,9 +44,9 @@ This example makes the following assumptions:
### Application ### Application
To configure [GitLab] to utilize Authelia as an [OpenID Connect] Provider: To configure [GitLab] to utilize Authelia as an [OpenID Connect 1.0] Provider:
1. Add the Omnibus [OpenID Connect] OmniAuth configuration to `gitlab.rb`: 1. Add the Omnibus [OpenID Connect 1.0] OmniAuth configuration to `gitlab.rb`:
```ruby ```ruby
gitlab_rails['omniauth_providers'] = [ gitlab_rails['omniauth_providers'] = [
@ -101,4 +101,4 @@ which will operate with the above example:
[Authelia]: https://www.authelia.com [Authelia]: https://www.authelia.com
[GitLab]: https://about.gitlab.com/ [GitLab]: https://about.gitlab.com/
[OpenID Connect]: ../../openid-connect/introduction.md [OpenID Connect 1.0]: ../../openid-connect/introduction.md

View File

@ -44,7 +44,7 @@ This example makes the following assumptions:
### Application ### Application
To configure [Grafana] to utilize Authelia as an [OpenID Connect] Provider you have two effective options: To configure [Grafana] to utilize Authelia as an [OpenID Connect 1.0] Provider you have two effective options:
#### Configuration File #### Configuration File
@ -119,4 +119,4 @@ which will operate with the above example:
[Authelia]: https://www.authelia.com [Authelia]: https://www.authelia.com
[Grafana]: https://grafana.com/ [Grafana]: https://grafana.com/
[OpenID Connect]: ../../openid-connect/introduction.md [OpenID Connect 1.0]: ../../openid-connect/introduction.md

View File

@ -44,7 +44,7 @@ This example makes the following assumptions:
### Application ### Application
To configure [Harbor] to utilize Authelia as an [OpenID Connect] Provider: To configure [Harbor] to utilize Authelia as an [OpenID Connect 1.0] Provider:
1. Visit Administration 1. Visit Administration
2. Visit Configuration 2. Visit Configuration
@ -92,4 +92,4 @@ which will operate with the above example:
[Authelia]: https://www.authelia.com [Authelia]: https://www.authelia.com
[Harbor]: https://goharbor.io/ [Harbor]: https://goharbor.io/
[OpenID Connect]: ../../openid-connect/introduction.md [OpenID Connect 1.0]: ../../openid-connect/introduction.md

View File

@ -44,7 +44,7 @@ This example makes the following assumptions:
### Application ### Application
To configure [HashiCorp Vault] to utilize Authelia as an [OpenID Connect] Provider please see the links in the To configure [HashiCorp Vault] to utilize Authelia as an [OpenID Connect 1.0] Provider please see the links in the
[see also](#see-also) section. [see also](#see-also) section.
### Authelia ### Authelia
@ -77,4 +77,4 @@ which will operate with the above example:
[Authelia]: https://www.authelia.com [Authelia]: https://www.authelia.com
[HashiCorp Vault]: https://www.vaultproject.io/ [HashiCorp Vault]: https://www.vaultproject.io/
[OpenID Connect]: ../../openid-connect/introduction.md [OpenID Connect 1.0]: ../../openid-connect/introduction.md

View File

@ -14,21 +14,22 @@ aliases:
- /docs/community/oidc-integrations.html - /docs/community/oidc-integrations.html
--- ---
Authelia supports [OpenID Connect] as part of an open beta. This section details implementation specifics that can be Authelia can act as an [OpenID Connect 1.0] Provider as part of an open beta. This section details implementation
used for integrating Authelia with relying parties, as well as specific documentation for some relying parties. specifics that can be used for integrating Authelia with an [OpenID Connect 1.0] Relying Party, as well as specific
documentation for some [OpenID Connect 1.0] Relying Party implementations.
See the [configuration documentation](../../configuration/identity-providers/open-id-connect.md) for information on how See the [configuration documentation](../../configuration/identity-providers/open-id-connect.md) for information on how
to configure [OpenID Connect]. to configure the Authelia [OpenID Connect 1.0] Provider.
## Scope Definitions ## Scope Definitions
### openid ### openid
This is the default scope for [OpenID Connect]. This field is forced on every client by the configuration validation This is the default scope for [OpenID Connect 1.0]. This field is forced on every client by the configuration validation
that Authelia does. that Authelia does.
*__Important Note:__ The subject identifiers or `sub` [Claim] has been changed to a [RFC4122] UUID V4 to identify the *__Important Note:__ The subject identifiers or `sub` [Claim] has been changed to a [RFC4122] UUID V4 to identify the
individual user as per the [Subject Identifier Types] section of the [OpenID Connect] specification. Please use the individual user as per the [Subject Identifier Types] section of the [OpenID Connect 1.0] specification. Please use the
`preferred_username` [Claim] instead.* `preferred_username` [Claim] instead.*
| [Claim] | JWT Type | Authelia Attribute | Description | | [Claim] | JWT Type | Authelia Attribute | Description |
@ -91,7 +92,7 @@ This scope includes the profile information the authentication backend reports a
Authelia currently supports adding the `amr` [Claim] to the [ID Token] utilizing the [RFC8176] Authentication Method Authelia currently supports adding the `amr` [Claim] to the [ID Token] utilizing the [RFC8176] Authentication Method
Reference values. Reference values.
The values this [Claim] has are not strictly defined by the [OpenID Connect] specification. As such, some backends may The values this [Claim] has are not strictly defined by the [OpenID Connect 1.0] specification. As such, some backends may
expect a specification other than [RFC8176] for this purpose. If you have such an application and wish for us to support expect a specification other than [RFC8176] for this purpose. If you have such an application and wish for us to support
it then you're encouraged to create a [feature request](https://www.authelia.com/l/fr). it then you're encouraged to create a [feature request](https://www.authelia.com/l/fr).
@ -162,7 +163,7 @@ These endpoints implement OpenID Connect elements.
[Claims]: https://openid.net/specs/openid-connect-core-1_0.html#Claims [Claims]: https://openid.net/specs/openid-connect-core-1_0.html#Claims
[Claim]: https://openid.net/specs/openid-connect-core-1_0.html#Claims [Claim]: https://openid.net/specs/openid-connect-core-1_0.html#Claims
[OpenID Connect]: https://openid.net/connect/ [OpenID Connect 1.0]: https://openid.net/connect/
[OpenID Connect Discovery]: https://openid.net/specs/openid-connect-discovery-1_0.html [OpenID Connect Discovery]: https://openid.net/specs/openid-connect-discovery-1_0.html
[OAuth 2.0 Authorization Server Metadata]: https://www.rfc-editor.org/rfc/rfc8414.html [OAuth 2.0 Authorization Server Metadata]: https://www.rfc-editor.org/rfc/rfc8414.html

View File

@ -44,7 +44,7 @@ This example makes the following assumptions:
### Application ### Application
To configure [Komga] to utilize Authelia as an [OpenID Connect] Provider: To configure [Komga] to utilize Authelia as an [OpenID Connect 1.0] Provider:
1. Configure the security section of the [Komga] configuration: 1. Configure the security section of the [Komga] configuration:
```yaml ```yaml
@ -99,4 +99,4 @@ which will operate with the above example:
[Authelia]: https://www.authelia.com [Authelia]: https://www.authelia.com
[Komga]: https://www.komga.org [Komga]: https://www.komga.org
[OpenID Connect]: ../../openid-connect/introduction.md [OpenID Connect 1.0]: ../../openid-connect/introduction.md

View File

@ -44,7 +44,7 @@ This example makes the following assumptions:
### Application ### Application
To configure [Nextcloud] to utilize Authelia as an [OpenID Connect] Provider: To configure [Nextcloud] to utilize Authelia as an [OpenID Connect 1.0] Provider:
1. Install the [Nextcloud OpenID Connect Login app] 1. Install the [Nextcloud OpenID Connect Login app]
2. Add the following to the [Nextcloud] `config.php` configuration: 2. Add the following to the [Nextcloud] `config.php` configuration:
@ -115,4 +115,4 @@ which will operate with the above example:
[Authelia]: https://www.authelia.com [Authelia]: https://www.authelia.com
[Nextcloud]: https://nextcloud.com/ [Nextcloud]: https://nextcloud.com/
[Nextcloud OpenID Connect Login app]: https://apps.nextcloud.com/apps/oidc_login [Nextcloud OpenID Connect Login app]: https://apps.nextcloud.com/apps/oidc_login
[OpenID Connect]: ../../openid-connect/introduction.md [OpenID Connect 1.0]: ../../openid-connect/introduction.md

View File

@ -47,7 +47,7 @@ in an error as [Outline] will attempt to use a refresh token that is never issue
### Application ### Application
To configure [Outline] to utilize Authelia as an [OpenID Connect] Provider: To configure [Outline] to utilize Authelia as an [OpenID Connect 1.0] Provider:
1. Configure the following environment options: 1. Configure the following environment options:
```text ```text
@ -92,4 +92,4 @@ which will operate with the above example:
[Authelia]: https://www.authelia.com [Authelia]: https://www.authelia.com
[Outline]: https://www.getoutline.com/ [Outline]: https://www.getoutline.com/
[OpenID Connect]: ../../openid-connect/introduction.md [OpenID Connect 1.0]: ../../openid-connect/introduction.md

View File

@ -46,7 +46,7 @@ This example makes the following assumptions:
### Application ### Application
To configure [Portainer] to utilize Authelia as an [OpenID Connect] Provider: To configure [Portainer] to utilize Authelia as an [OpenID Connect 1.0] Provider:
1. Visit Settings 1. Visit Settings
2. Visit Authentication 2. Visit Authentication
@ -93,4 +93,4 @@ which will operate with the above example:
[Authelia]: https://www.authelia.com [Authelia]: https://www.authelia.com
[Portainer]: https://www.portainer.io/ [Portainer]: https://www.portainer.io/
[OpenID Connect]: ../../openid-connect/introduction.md [OpenID Connect 1.0]: ../../openid-connect/introduction.md

View File

@ -50,7 +50,7 @@ This example makes the following assumptions:
### Application ### Application
To configure [Proxmox] to utilize Authelia as an [OpenID Connect] Provider: To configure [Proxmox] to utilize Authelia as an [OpenID Connect 1.0] Provider:
1. Visit Datacenter 1. Visit Datacenter
2. Visit Permission 2. Visit Permission
@ -94,4 +94,4 @@ which will operate with the above example:
[Authelia]: https://www.authelia.com [Authelia]: https://www.authelia.com
[Proxmox]: https://www.proxmox.com/ [Proxmox]: https://www.proxmox.com/
[OpenID Connect]: ../../openid-connect/introduction.md [OpenID Connect 1.0]: ../../openid-connect/introduction.md

View File

@ -44,7 +44,7 @@ This example makes the following assumptions:
### Application ### Application
To configure [Seafile] to utilize Authelia as an [OpenID Connect] Provider: To configure [Seafile] to utilize Authelia as an [OpenID Connect 1.0] Provider:
1. [Seafile] may require some dependencies such as `requests_oauthlib` to be manually installed. 1. [Seafile] may require some dependencies such as `requests_oauthlib` to be manually installed.
See the [Seafile] documentation in the [see also](#see-also) section for more information. See the [Seafile] documentation in the [see also](#see-also) section for more information.
@ -100,4 +100,4 @@ which will operate with the above example:
[Authelia]: https://www.authelia.com [Authelia]: https://www.authelia.com
[Seafile]: https://www.seafile.com/ [Seafile]: https://www.seafile.com/
[OpenID Connect]: ../../openid-connect/introduction.md [OpenID Connect 1.0]: ../../openid-connect/introduction.md

View File

@ -44,7 +44,7 @@ This example makes the following assumptions:
### Application ### Application
To configure [Synapse] to utilize Authelia as an [OpenID Connect] Provider: To configure [Synapse] to utilize Authelia as an [OpenID Connect 1.0] Provider:
1. Edit your [Synapse] `homeserver.yaml` configuration file and add configure the following: 1. Edit your [Synapse] `homeserver.yaml` configuration file and add configure the following:
@ -94,4 +94,4 @@ which will operate with the above example:
[Authelia]: https://www.authelia.com [Authelia]: https://www.authelia.com
[Synapse]: https://github.com/matrix-org/synapse [Synapse]: https://github.com/matrix-org/synapse
[OpenID Connect]: ../../openid-connect/introduction.md [OpenID Connect 1.0]: ../../openid-connect/introduction.md

View File

@ -33,7 +33,7 @@ community: true
### Specific Notes ### Specific Notes
*__Important Note:__ [Synology DSM] does not support automatically creating users via [OpenID Connect]. It is therefore *__Important Note:__ [Synology DSM] does not support automatically creating users via [OpenID Connect 1.0]. It is therefore
recommended that you ensure Authelia and [Synology DSM] share a LDAP server.* recommended that you ensure Authelia and [Synology DSM] share a LDAP server.*
### Assumptions ### Assumptions
@ -49,7 +49,7 @@ This example makes the following assumptions:
### Application ### Application
To configure [Synology DSM] to utilize Authelia as an [OpenID Connect] Provider: To configure [Synology DSM] to utilize Authelia as an [OpenID Connect 1.0] Provider:
1. Go to DSM. 1. Go to DSM.
2. Go to `Control Panel`. 2. Go to `Control Panel`.
@ -97,4 +97,4 @@ which will operate with the above example:
[Authelia]: https://www.authelia.com [Authelia]: https://www.authelia.com
[Synology DSM]: https://www.synology.com/en-global/dsm [Synology DSM]: https://www.synology.com/en-global/dsm
[OpenID Connect]: ../../openid-connect/introduction.md [OpenID Connect 1.0]: ../../openid-connect/introduction.md