docs: make several openid connect areas uniform (#4824)
parent
65705a646d
commit
a33b37a9cd
|
@ -16,4 +16,4 @@ aliases:
|
||||||
|
|
||||||
## OpenID Connect
|
## OpenID Connect
|
||||||
|
|
||||||
The only identity provider implementation supported at this time is [OpenID Connect](open-id-connect.md).
|
The only identity provider implementation supported at this time is [OpenID Connect 1.0](open-id-connect.md).
|
||||||
|
|
|
@ -1,7 +1,7 @@
|
||||||
---
|
---
|
||||||
title: "OpenID Connect"
|
title: "OpenID Connect"
|
||||||
description: "OpenID Connect Configuration"
|
description: "OpenID Connect Configuration"
|
||||||
lead: "Authelia can operate as an OpenID Connect provider. This section describes how to configure this."
|
lead: "Authelia can operate as an OpenID Connect 1.0 Provider. This section describes how to configure this."
|
||||||
date: 2022-06-15T17:51:47+10:00
|
date: 2022-06-15T17:51:47+10:00
|
||||||
draft: false
|
draft: false
|
||||||
images: []
|
images: []
|
||||||
|
@ -15,13 +15,14 @@ aliases:
|
||||||
- /docs/configuration/identity-providers/oidc.html
|
- /docs/configuration/identity-providers/oidc.html
|
||||||
---
|
---
|
||||||
|
|
||||||
__Authelia__ currently supports the [OpenID Connect] OP role as a [__beta__](../../roadmap/active/openid-connect.md)
|
__Authelia__ currently supports the [OpenID Connect 1.0] Provider role as an open
|
||||||
feature. The OP role is the [OpenID Connect] Provider role, not the Relying Party or RP role. This means other
|
[__beta__](../../roadmap/active/openid-connect.md) feature. We currently do not support the [OpenID Connect 1.0] Relying
|
||||||
applications that implement the [OpenID Connect] RP role can use Authelia as an authentication and authorization backend
|
Party role. This means other applications that implement the [OpenID Connect 1.0] Relying Party role can use Authelia as
|
||||||
similar to how you may use social media or development platforms for login.
|
an [OpenID Connect 1.0] Provider similar to how you may use social media or development platforms for login.
|
||||||
|
|
||||||
The Relying Party role is the role which allows an application to use GitHub, Google, or other [OpenID Connect]
|
The [OpenID Connect 1.0] Relying Party role is the role which allows an application to use GitHub, Google, or other
|
||||||
providers for authentication and authorization. We do not intend to support this functionality at this moment in time.
|
[OpenID Connect 1.0] Providers for authentication and authorization. We do not intend to support this functionality at
|
||||||
|
this moment in time.
|
||||||
|
|
||||||
More information about the beta can be found in the [roadmap](../../roadmap/active/openid-connect.md).
|
More information about the beta can be found in the [roadmap](../../roadmap/active/openid-connect.md).
|
||||||
|
|
||||||
|
@ -165,7 +166,7 @@ with 64 or more characters.
|
||||||
{{< confkey type="string" required="no" >}}
|
{{< confkey type="string" required="no" >}}
|
||||||
|
|
||||||
The certificate chain/bundle to be used with the [issuer_private_key](#issuer_private_key) DER base64 ([RFC4648])
|
The certificate chain/bundle to be used with the [issuer_private_key](#issuer_private_key) DER base64 ([RFC4648])
|
||||||
encoded PEM format used to sign/encrypt the [OpenID Connect] [JWT]'s. When configured it enables the [x5c] and [x5t]
|
encoded PEM format used to sign/encrypt the [OpenID Connect 1.0] [JWT]'s. When configured it enables the [x5c] and [x5t]
|
||||||
JSON key's in the JWKs [Discoverable Endpoint](../../integration/openid-connect/introduction.md#discoverable-endpoints)
|
JSON key's in the JWKs [Discoverable Endpoint](../../integration/openid-connect/introduction.md#discoverable-endpoints)
|
||||||
as per [RFC7517].
|
as per [RFC7517].
|
||||||
|
|
||||||
|
@ -184,7 +185,7 @@ certificate immediately following it if present.
|
||||||
*__Important Note:__ This can also be defined using a [secret](../methods/secrets.md) which is __strongly recommended__
|
*__Important Note:__ This can also be defined using a [secret](../methods/secrets.md) which is __strongly recommended__
|
||||||
especially for containerized deployments.*
|
especially for containerized deployments.*
|
||||||
|
|
||||||
The private key used to sign/encrypt the [OpenID Connect] issued [JWT]'s. The key must be generated by the administrator
|
The private key used to sign/encrypt the [OpenID Connect 1.0] issued [JWT]'s. The key must be generated by the administrator
|
||||||
and can be done by following the
|
and can be done by following the
|
||||||
[Generating an RSA Keypair](../../reference/guides/generating-secure-values.md#generating-an-rsa-keypair) guide.
|
[Generating an RSA Keypair](../../reference/guides/generating-secure-values.md#generating-an-rsa-keypair) guide.
|
||||||
|
|
||||||
|
@ -273,7 +274,7 @@ method instead.
|
||||||
|
|
||||||
### cors
|
### cors
|
||||||
|
|
||||||
Some [OpenID Connect] Endpoints need to allow cross-origin resource sharing, however some are optional. This section allows
|
Some [OpenID Connect 1.0] Endpoints need to allow cross-origin resource sharing, however some are optional. This section allows
|
||||||
you to configure the optional parts. We reply with CORS headers when the request includes the Origin header.
|
you to configure the optional parts. We reply with CORS headers when the request includes the Origin header.
|
||||||
|
|
||||||
#### endpoints
|
#### endpoints
|
||||||
|
@ -298,7 +299,7 @@ A list of permitted origins.
|
||||||
Any origin with https is permitted unless this option is configured or the
|
Any origin with https is permitted unless this option is configured or the
|
||||||
[allowed_origins_from_client_redirect_uris](#allowed_origins_from_client_redirect_uris) option is enabled. This means
|
[allowed_origins_from_client_redirect_uris](#allowed_origins_from_client_redirect_uris) option is enabled. This means
|
||||||
you must configure this option manually if you want http endpoints to be permitted to make cross-origin requests to the
|
you must configure this option manually if you want http endpoints to be permitted to make cross-origin requests to the
|
||||||
[OpenID Connect] endpoints, however this is not recommended.
|
[OpenID Connect 1.0] endpoints, however this is not recommended.
|
||||||
|
|
||||||
Origins must only have the scheme, hostname and port, they may not have a trailing slash or path.
|
Origins must only have the scheme, hostname and port, they may not have a trailing slash or path.
|
||||||
|
|
||||||
|
@ -386,7 +387,7 @@ the lookup of the subject identifier.
|
||||||
2. any client with a differing sector identifier.
|
2. any client with a differing sector identifier.
|
||||||
|
|
||||||
In specific but limited scenarios this option is beneficial for privacy reasons. In particular this is useful when the
|
In specific but limited scenarios this option is beneficial for privacy reasons. In particular this is useful when the
|
||||||
party utilizing the *Authelia* [OpenID Connect] Authorization Server is foreign and not controlled by the user. It would
|
party utilizing the *Authelia* [OpenID Connect 1.0] Authorization Server is foreign and not controlled by the user. It would
|
||||||
prevent the third party utilizing the subject identifier with another third party in order to track the user.
|
prevent the third party utilizing the subject identifier with another third party in order to track the user.
|
||||||
|
|
||||||
Keep in mind depending on the other claims they may still be able to perform this tracking and it is not a silver
|
Keep in mind depending on the other claims they may still be able to perform this tracking and it is not a silver
|
||||||
|
@ -524,11 +525,11 @@ match exactly with the granted scopes/audience.
|
||||||
|
|
||||||
## Integration
|
## Integration
|
||||||
|
|
||||||
To integrate Authelia's [OpenID Connect] implementation with a relying party please see the
|
To integrate Authelia's [OpenID Connect 1.0] implementation with a relying party please see the
|
||||||
[integration docs](../../integration/openid-connect/introduction.md).
|
[integration docs](../../integration/openid-connect/introduction.md).
|
||||||
|
|
||||||
[token lifespan]: https://docs.apigee.com/api-platform/antipatterns/oauth-long-expiration
|
[token lifespan]: https://docs.apigee.com/api-platform/antipatterns/oauth-long-expiration
|
||||||
[OpenID Connect]: https://openid.net/connect/
|
[OpenID Connect 1.0]: https://openid.net/connect/
|
||||||
[JWT]: https://www.rfc-editor.org/rfc/rfc7519.html
|
[JWT]: https://www.rfc-editor.org/rfc/rfc7519.html
|
||||||
[RFC6234]: https://www.rfc-editor.org/rfc/rfc6234.html
|
[RFC6234]: https://www.rfc-editor.org/rfc/rfc6234.html
|
||||||
[RFC4648]: https://www.rfc-editor.org/rfc/rfc4648.html
|
[RFC4648]: https://www.rfc-editor.org/rfc/rfc4648.html
|
||||||
|
|
|
@ -44,7 +44,7 @@ This example makes the following assumptions:
|
||||||
|
|
||||||
### Application
|
### Application
|
||||||
|
|
||||||
To configure [Apache Guacamole] to utilize Authelia as an [OpenID Connect] Provider use the following configuration:
|
To configure [Apache Guacamole] to utilize Authelia as an [OpenID Connect 1.0] Provider use the following configuration:
|
||||||
|
|
||||||
```yaml
|
```yaml
|
||||||
openid-client-id: guacamole
|
openid-client-id: guacamole
|
||||||
|
@ -89,7 +89,7 @@ The following YAML configuration is an example __Authelia__
|
||||||
|
|
||||||
[Authelia]: https://www.authelia.com
|
[Authelia]: https://www.authelia.com
|
||||||
[Apache Guacamole]: https://guacamole.apache.org/
|
[Apache Guacamole]: https://guacamole.apache.org/
|
||||||
[OpenID Connect]: ../../openid-connect/introduction.md
|
[OpenID Connect 1.0]: ../../openid-connect/introduction.md
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
|
@ -45,7 +45,7 @@ This example makes the following assumptions:
|
||||||
|
|
||||||
### Application
|
### Application
|
||||||
|
|
||||||
To configure [Argo CD] to utilize Authelia as an [OpenID Connect] Provider use the following configuration:
|
To configure [Argo CD] to utilize Authelia as an [OpenID Connect 1.0] Provider use the following configuration:
|
||||||
|
|
||||||
```yaml
|
```yaml
|
||||||
name: Authelia
|
name: Authelia
|
||||||
|
@ -101,7 +101,7 @@ which will operate with the above example:
|
||||||
|
|
||||||
[Authelia]: https://www.authelia.com
|
[Authelia]: https://www.authelia.com
|
||||||
[Argo CD]: https://argo-cd.readthedocs.io/en/stable/
|
[Argo CD]: https://argo-cd.readthedocs.io/en/stable/
|
||||||
[OpenID Connect]: ../../openid-connect/introduction.md
|
[OpenID Connect 1.0]: ../../openid-connect/introduction.md
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
|
@ -50,7 +50,7 @@ the secret or URL encode the secret yourself.*
|
||||||
|
|
||||||
### Application
|
### Application
|
||||||
|
|
||||||
To configure [BookStack] to utilize Authelia as an [OpenID Connect] Provider:
|
To configure [BookStack] to utilize Authelia as an [OpenID Connect 1.0] Provider:
|
||||||
|
|
||||||
1. Edit your .env file
|
1. Edit your .env file
|
||||||
2. Set the following values:
|
2. Set the following values:
|
||||||
|
@ -89,4 +89,4 @@ which will operate with the above example:
|
||||||
|
|
||||||
[Authelia]: https://www.authelia.com
|
[Authelia]: https://www.authelia.com
|
||||||
[BookStack]: https://www.bookstackapp.com/
|
[BookStack]: https://www.bookstackapp.com/
|
||||||
[OpenID Connect]: ../../openid-connect/introduction.md
|
[OpenID Connect 1.0]: ../../openid-connect/introduction.md
|
||||||
|
|
|
@ -52,7 +52,7 @@ characters for the secret or URL encode the secret yourself.*
|
||||||
means that the URL's are accessible to foreign clients on the internet. There may be a way to configure this without
|
means that the URL's are accessible to foreign clients on the internet. There may be a way to configure this without
|
||||||
accessibility to foreign clients on the internet on Cloudflare's end but this is beyond the scope of this document.*
|
accessibility to foreign clients on the internet on Cloudflare's end but this is beyond the scope of this document.*
|
||||||
|
|
||||||
To configure [Cloudflare Zero Trust] to utilize Authelia as an [OpenID Connect] Provider:
|
To configure [Cloudflare Zero Trust] to utilize Authelia as an [OpenID Connect 1.0] Provider:
|
||||||
|
|
||||||
1. Visit the [Cloudflare Zero Trust Dashboard](https://dash.teams.cloudflare.com)
|
1. Visit the [Cloudflare Zero Trust Dashboard](https://dash.teams.cloudflare.com)
|
||||||
2. Visit `Settings`
|
2. Visit `Settings`
|
||||||
|
@ -98,4 +98,4 @@ which will operate with the above example:
|
||||||
[Authelia]: https://www.authelia.com
|
[Authelia]: https://www.authelia.com
|
||||||
[Cloudflare]: https://www.cloudflare.com/
|
[Cloudflare]: https://www.cloudflare.com/
|
||||||
[Cloudflare Zero Trust]: https://www.cloudflare.com/products/zero-trust/
|
[Cloudflare Zero Trust]: https://www.cloudflare.com/products/zero-trust/
|
||||||
[OpenID Connect]: ../../openid-connect/introduction.md
|
[OpenID Connect 1.0]: ../../openid-connect/introduction.md
|
||||||
|
|
|
@ -44,7 +44,7 @@ This example makes the following assumptions:
|
||||||
|
|
||||||
### Application
|
### Application
|
||||||
|
|
||||||
To configure [Gitea] to utilize Authelia as an [OpenID Connect] Provider:
|
To configure [Gitea] to utilize Authelia as an [OpenID Connect 1.0] Provider:
|
||||||
|
|
||||||
1. Expand User Options
|
1. Expand User Options
|
||||||
2. Visit Site Administration
|
2. Visit Site Administration
|
||||||
|
@ -59,7 +59,7 @@ To configure [Gitea] to utilize Authelia as an [OpenID Connect] Provider:
|
||||||
|
|
||||||
{{< figure src="gitea.png" alt="Gitea" width="300" >}}
|
{{< figure src="gitea.png" alt="Gitea" width="300" >}}
|
||||||
|
|
||||||
To configure [Gitea] to perform automatic user creation for the `auth.example.com` domain via [OpenID Connect]:
|
To configure [Gitea] to perform automatic user creation for the `auth.example.com` domain via [OpenID Connect 1.0]:
|
||||||
|
|
||||||
1. Edit the following values in the [Gitea] `app.ini`:
|
1. Edit the following values in the [Gitea] `app.ini`:
|
||||||
```ini
|
```ini
|
||||||
|
@ -105,4 +105,4 @@ will operate with the above example:
|
||||||
|
|
||||||
- [Authelia]: https://www.authelia.com
|
- [Authelia]: https://www.authelia.com
|
||||||
[Gitea]: https://gitea.io/
|
[Gitea]: https://gitea.io/
|
||||||
[OpenID Connect]: ../../openid-connect/introduction.md
|
[OpenID Connect 1.0]: ../../openid-connect/introduction.md
|
||||||
|
|
|
@ -44,9 +44,9 @@ This example makes the following assumptions:
|
||||||
|
|
||||||
### Application
|
### Application
|
||||||
|
|
||||||
To configure [GitLab] to utilize Authelia as an [OpenID Connect] Provider:
|
To configure [GitLab] to utilize Authelia as an [OpenID Connect 1.0] Provider:
|
||||||
|
|
||||||
1. Add the Omnibus [OpenID Connect] OmniAuth configuration to `gitlab.rb`:
|
1. Add the Omnibus [OpenID Connect 1.0] OmniAuth configuration to `gitlab.rb`:
|
||||||
|
|
||||||
```ruby
|
```ruby
|
||||||
gitlab_rails['omniauth_providers'] = [
|
gitlab_rails['omniauth_providers'] = [
|
||||||
|
@ -101,4 +101,4 @@ which will operate with the above example:
|
||||||
|
|
||||||
[Authelia]: https://www.authelia.com
|
[Authelia]: https://www.authelia.com
|
||||||
[GitLab]: https://about.gitlab.com/
|
[GitLab]: https://about.gitlab.com/
|
||||||
[OpenID Connect]: ../../openid-connect/introduction.md
|
[OpenID Connect 1.0]: ../../openid-connect/introduction.md
|
||||||
|
|
|
@ -44,7 +44,7 @@ This example makes the following assumptions:
|
||||||
|
|
||||||
### Application
|
### Application
|
||||||
|
|
||||||
To configure [Grafana] to utilize Authelia as an [OpenID Connect] Provider you have two effective options:
|
To configure [Grafana] to utilize Authelia as an [OpenID Connect 1.0] Provider you have two effective options:
|
||||||
|
|
||||||
#### Configuration File
|
#### Configuration File
|
||||||
|
|
||||||
|
@ -119,4 +119,4 @@ which will operate with the above example:
|
||||||
|
|
||||||
[Authelia]: https://www.authelia.com
|
[Authelia]: https://www.authelia.com
|
||||||
[Grafana]: https://grafana.com/
|
[Grafana]: https://grafana.com/
|
||||||
[OpenID Connect]: ../../openid-connect/introduction.md
|
[OpenID Connect 1.0]: ../../openid-connect/introduction.md
|
||||||
|
|
|
@ -44,7 +44,7 @@ This example makes the following assumptions:
|
||||||
|
|
||||||
### Application
|
### Application
|
||||||
|
|
||||||
To configure [Harbor] to utilize Authelia as an [OpenID Connect] Provider:
|
To configure [Harbor] to utilize Authelia as an [OpenID Connect 1.0] Provider:
|
||||||
|
|
||||||
1. Visit Administration
|
1. Visit Administration
|
||||||
2. Visit Configuration
|
2. Visit Configuration
|
||||||
|
@ -92,4 +92,4 @@ which will operate with the above example:
|
||||||
|
|
||||||
[Authelia]: https://www.authelia.com
|
[Authelia]: https://www.authelia.com
|
||||||
[Harbor]: https://goharbor.io/
|
[Harbor]: https://goharbor.io/
|
||||||
[OpenID Connect]: ../../openid-connect/introduction.md
|
[OpenID Connect 1.0]: ../../openid-connect/introduction.md
|
||||||
|
|
|
@ -44,7 +44,7 @@ This example makes the following assumptions:
|
||||||
|
|
||||||
### Application
|
### Application
|
||||||
|
|
||||||
To configure [HashiCorp Vault] to utilize Authelia as an [OpenID Connect] Provider please see the links in the
|
To configure [HashiCorp Vault] to utilize Authelia as an [OpenID Connect 1.0] Provider please see the links in the
|
||||||
[see also](#see-also) section.
|
[see also](#see-also) section.
|
||||||
|
|
||||||
### Authelia
|
### Authelia
|
||||||
|
@ -77,4 +77,4 @@ which will operate with the above example:
|
||||||
|
|
||||||
[Authelia]: https://www.authelia.com
|
[Authelia]: https://www.authelia.com
|
||||||
[HashiCorp Vault]: https://www.vaultproject.io/
|
[HashiCorp Vault]: https://www.vaultproject.io/
|
||||||
[OpenID Connect]: ../../openid-connect/introduction.md
|
[OpenID Connect 1.0]: ../../openid-connect/introduction.md
|
||||||
|
|
|
@ -14,21 +14,22 @@ aliases:
|
||||||
- /docs/community/oidc-integrations.html
|
- /docs/community/oidc-integrations.html
|
||||||
---
|
---
|
||||||
|
|
||||||
Authelia supports [OpenID Connect] as part of an open beta. This section details implementation specifics that can be
|
Authelia can act as an [OpenID Connect 1.0] Provider as part of an open beta. This section details implementation
|
||||||
used for integrating Authelia with relying parties, as well as specific documentation for some relying parties.
|
specifics that can be used for integrating Authelia with an [OpenID Connect 1.0] Relying Party, as well as specific
|
||||||
|
documentation for some [OpenID Connect 1.0] Relying Party implementations.
|
||||||
|
|
||||||
See the [configuration documentation](../../configuration/identity-providers/open-id-connect.md) for information on how
|
See the [configuration documentation](../../configuration/identity-providers/open-id-connect.md) for information on how
|
||||||
to configure [OpenID Connect].
|
to configure the Authelia [OpenID Connect 1.0] Provider.
|
||||||
|
|
||||||
## Scope Definitions
|
## Scope Definitions
|
||||||
|
|
||||||
### openid
|
### openid
|
||||||
|
|
||||||
This is the default scope for [OpenID Connect]. This field is forced on every client by the configuration validation
|
This is the default scope for [OpenID Connect 1.0]. This field is forced on every client by the configuration validation
|
||||||
that Authelia does.
|
that Authelia does.
|
||||||
|
|
||||||
*__Important Note:__ The subject identifiers or `sub` [Claim] has been changed to a [RFC4122] UUID V4 to identify the
|
*__Important Note:__ The subject identifiers or `sub` [Claim] has been changed to a [RFC4122] UUID V4 to identify the
|
||||||
individual user as per the [Subject Identifier Types] section of the [OpenID Connect] specification. Please use the
|
individual user as per the [Subject Identifier Types] section of the [OpenID Connect 1.0] specification. Please use the
|
||||||
`preferred_username` [Claim] instead.*
|
`preferred_username` [Claim] instead.*
|
||||||
|
|
||||||
| [Claim] | JWT Type | Authelia Attribute | Description |
|
| [Claim] | JWT Type | Authelia Attribute | Description |
|
||||||
|
@ -91,7 +92,7 @@ This scope includes the profile information the authentication backend reports a
|
||||||
Authelia currently supports adding the `amr` [Claim] to the [ID Token] utilizing the [RFC8176] Authentication Method
|
Authelia currently supports adding the `amr` [Claim] to the [ID Token] utilizing the [RFC8176] Authentication Method
|
||||||
Reference values.
|
Reference values.
|
||||||
|
|
||||||
The values this [Claim] has are not strictly defined by the [OpenID Connect] specification. As such, some backends may
|
The values this [Claim] has are not strictly defined by the [OpenID Connect 1.0] specification. As such, some backends may
|
||||||
expect a specification other than [RFC8176] for this purpose. If you have such an application and wish for us to support
|
expect a specification other than [RFC8176] for this purpose. If you have such an application and wish for us to support
|
||||||
it then you're encouraged to create a [feature request](https://www.authelia.com/l/fr).
|
it then you're encouraged to create a [feature request](https://www.authelia.com/l/fr).
|
||||||
|
|
||||||
|
@ -162,7 +163,7 @@ These endpoints implement OpenID Connect elements.
|
||||||
[Claims]: https://openid.net/specs/openid-connect-core-1_0.html#Claims
|
[Claims]: https://openid.net/specs/openid-connect-core-1_0.html#Claims
|
||||||
[Claim]: https://openid.net/specs/openid-connect-core-1_0.html#Claims
|
[Claim]: https://openid.net/specs/openid-connect-core-1_0.html#Claims
|
||||||
|
|
||||||
[OpenID Connect]: https://openid.net/connect/
|
[OpenID Connect 1.0]: https://openid.net/connect/
|
||||||
|
|
||||||
[OpenID Connect Discovery]: https://openid.net/specs/openid-connect-discovery-1_0.html
|
[OpenID Connect Discovery]: https://openid.net/specs/openid-connect-discovery-1_0.html
|
||||||
[OAuth 2.0 Authorization Server Metadata]: https://www.rfc-editor.org/rfc/rfc8414.html
|
[OAuth 2.0 Authorization Server Metadata]: https://www.rfc-editor.org/rfc/rfc8414.html
|
||||||
|
|
|
@ -44,7 +44,7 @@ This example makes the following assumptions:
|
||||||
|
|
||||||
### Application
|
### Application
|
||||||
|
|
||||||
To configure [Komga] to utilize Authelia as an [OpenID Connect] Provider:
|
To configure [Komga] to utilize Authelia as an [OpenID Connect 1.0] Provider:
|
||||||
|
|
||||||
1. Configure the security section of the [Komga] configuration:
|
1. Configure the security section of the [Komga] configuration:
|
||||||
```yaml
|
```yaml
|
||||||
|
@ -99,4 +99,4 @@ which will operate with the above example:
|
||||||
|
|
||||||
[Authelia]: https://www.authelia.com
|
[Authelia]: https://www.authelia.com
|
||||||
[Komga]: https://www.komga.org
|
[Komga]: https://www.komga.org
|
||||||
[OpenID Connect]: ../../openid-connect/introduction.md
|
[OpenID Connect 1.0]: ../../openid-connect/introduction.md
|
||||||
|
|
|
@ -44,7 +44,7 @@ This example makes the following assumptions:
|
||||||
|
|
||||||
### Application
|
### Application
|
||||||
|
|
||||||
To configure [Nextcloud] to utilize Authelia as an [OpenID Connect] Provider:
|
To configure [Nextcloud] to utilize Authelia as an [OpenID Connect 1.0] Provider:
|
||||||
|
|
||||||
1. Install the [Nextcloud OpenID Connect Login app]
|
1. Install the [Nextcloud OpenID Connect Login app]
|
||||||
2. Add the following to the [Nextcloud] `config.php` configuration:
|
2. Add the following to the [Nextcloud] `config.php` configuration:
|
||||||
|
@ -115,4 +115,4 @@ which will operate with the above example:
|
||||||
[Authelia]: https://www.authelia.com
|
[Authelia]: https://www.authelia.com
|
||||||
[Nextcloud]: https://nextcloud.com/
|
[Nextcloud]: https://nextcloud.com/
|
||||||
[Nextcloud OpenID Connect Login app]: https://apps.nextcloud.com/apps/oidc_login
|
[Nextcloud OpenID Connect Login app]: https://apps.nextcloud.com/apps/oidc_login
|
||||||
[OpenID Connect]: ../../openid-connect/introduction.md
|
[OpenID Connect 1.0]: ../../openid-connect/introduction.md
|
||||||
|
|
|
@ -47,7 +47,7 @@ in an error as [Outline] will attempt to use a refresh token that is never issue
|
||||||
|
|
||||||
### Application
|
### Application
|
||||||
|
|
||||||
To configure [Outline] to utilize Authelia as an [OpenID Connect] Provider:
|
To configure [Outline] to utilize Authelia as an [OpenID Connect 1.0] Provider:
|
||||||
|
|
||||||
1. Configure the following environment options:
|
1. Configure the following environment options:
|
||||||
```text
|
```text
|
||||||
|
@ -92,4 +92,4 @@ which will operate with the above example:
|
||||||
|
|
||||||
[Authelia]: https://www.authelia.com
|
[Authelia]: https://www.authelia.com
|
||||||
[Outline]: https://www.getoutline.com/
|
[Outline]: https://www.getoutline.com/
|
||||||
[OpenID Connect]: ../../openid-connect/introduction.md
|
[OpenID Connect 1.0]: ../../openid-connect/introduction.md
|
||||||
|
|
|
@ -46,7 +46,7 @@ This example makes the following assumptions:
|
||||||
|
|
||||||
### Application
|
### Application
|
||||||
|
|
||||||
To configure [Portainer] to utilize Authelia as an [OpenID Connect] Provider:
|
To configure [Portainer] to utilize Authelia as an [OpenID Connect 1.0] Provider:
|
||||||
|
|
||||||
1. Visit Settings
|
1. Visit Settings
|
||||||
2. Visit Authentication
|
2. Visit Authentication
|
||||||
|
@ -93,4 +93,4 @@ which will operate with the above example:
|
||||||
|
|
||||||
[Authelia]: https://www.authelia.com
|
[Authelia]: https://www.authelia.com
|
||||||
[Portainer]: https://www.portainer.io/
|
[Portainer]: https://www.portainer.io/
|
||||||
[OpenID Connect]: ../../openid-connect/introduction.md
|
[OpenID Connect 1.0]: ../../openid-connect/introduction.md
|
||||||
|
|
|
@ -50,7 +50,7 @@ This example makes the following assumptions:
|
||||||
|
|
||||||
### Application
|
### Application
|
||||||
|
|
||||||
To configure [Proxmox] to utilize Authelia as an [OpenID Connect] Provider:
|
To configure [Proxmox] to utilize Authelia as an [OpenID Connect 1.0] Provider:
|
||||||
|
|
||||||
1. Visit Datacenter
|
1. Visit Datacenter
|
||||||
2. Visit Permission
|
2. Visit Permission
|
||||||
|
@ -94,4 +94,4 @@ which will operate with the above example:
|
||||||
|
|
||||||
[Authelia]: https://www.authelia.com
|
[Authelia]: https://www.authelia.com
|
||||||
[Proxmox]: https://www.proxmox.com/
|
[Proxmox]: https://www.proxmox.com/
|
||||||
[OpenID Connect]: ../../openid-connect/introduction.md
|
[OpenID Connect 1.0]: ../../openid-connect/introduction.md
|
||||||
|
|
|
@ -44,7 +44,7 @@ This example makes the following assumptions:
|
||||||
|
|
||||||
### Application
|
### Application
|
||||||
|
|
||||||
To configure [Seafile] to utilize Authelia as an [OpenID Connect] Provider:
|
To configure [Seafile] to utilize Authelia as an [OpenID Connect 1.0] Provider:
|
||||||
|
|
||||||
1. [Seafile] may require some dependencies such as `requests_oauthlib` to be manually installed.
|
1. [Seafile] may require some dependencies such as `requests_oauthlib` to be manually installed.
|
||||||
See the [Seafile] documentation in the [see also](#see-also) section for more information.
|
See the [Seafile] documentation in the [see also](#see-also) section for more information.
|
||||||
|
@ -100,4 +100,4 @@ which will operate with the above example:
|
||||||
|
|
||||||
[Authelia]: https://www.authelia.com
|
[Authelia]: https://www.authelia.com
|
||||||
[Seafile]: https://www.seafile.com/
|
[Seafile]: https://www.seafile.com/
|
||||||
[OpenID Connect]: ../../openid-connect/introduction.md
|
[OpenID Connect 1.0]: ../../openid-connect/introduction.md
|
||||||
|
|
|
@ -44,7 +44,7 @@ This example makes the following assumptions:
|
||||||
|
|
||||||
### Application
|
### Application
|
||||||
|
|
||||||
To configure [Synapse] to utilize Authelia as an [OpenID Connect] Provider:
|
To configure [Synapse] to utilize Authelia as an [OpenID Connect 1.0] Provider:
|
||||||
|
|
||||||
1. Edit your [Synapse] `homeserver.yaml` configuration file and add configure the following:
|
1. Edit your [Synapse] `homeserver.yaml` configuration file and add configure the following:
|
||||||
|
|
||||||
|
@ -94,4 +94,4 @@ which will operate with the above example:
|
||||||
|
|
||||||
[Authelia]: https://www.authelia.com
|
[Authelia]: https://www.authelia.com
|
||||||
[Synapse]: https://github.com/matrix-org/synapse
|
[Synapse]: https://github.com/matrix-org/synapse
|
||||||
[OpenID Connect]: ../../openid-connect/introduction.md
|
[OpenID Connect 1.0]: ../../openid-connect/introduction.md
|
||||||
|
|
|
@ -33,7 +33,7 @@ community: true
|
||||||
|
|
||||||
### Specific Notes
|
### Specific Notes
|
||||||
|
|
||||||
*__Important Note:__ [Synology DSM] does not support automatically creating users via [OpenID Connect]. It is therefore
|
*__Important Note:__ [Synology DSM] does not support automatically creating users via [OpenID Connect 1.0]. It is therefore
|
||||||
recommended that you ensure Authelia and [Synology DSM] share a LDAP server.*
|
recommended that you ensure Authelia and [Synology DSM] share a LDAP server.*
|
||||||
|
|
||||||
### Assumptions
|
### Assumptions
|
||||||
|
@ -49,7 +49,7 @@ This example makes the following assumptions:
|
||||||
|
|
||||||
### Application
|
### Application
|
||||||
|
|
||||||
To configure [Synology DSM] to utilize Authelia as an [OpenID Connect] Provider:
|
To configure [Synology DSM] to utilize Authelia as an [OpenID Connect 1.0] Provider:
|
||||||
|
|
||||||
1. Go to DSM.
|
1. Go to DSM.
|
||||||
2. Go to `Control Panel`.
|
2. Go to `Control Panel`.
|
||||||
|
@ -97,4 +97,4 @@ which will operate with the above example:
|
||||||
|
|
||||||
[Authelia]: https://www.authelia.com
|
[Authelia]: https://www.authelia.com
|
||||||
[Synology DSM]: https://www.synology.com/en-global/dsm
|
[Synology DSM]: https://www.synology.com/en-global/dsm
|
||||||
[OpenID Connect]: ../../openid-connect/introduction.md
|
[OpenID Connect 1.0]: ../../openid-connect/introduction.md
|
||||||
|
|
Loading…
Reference in New Issue