2.8 KiB
2.8 KiB
title | description | lead | date | draft | images | menu | integration | parent | weight | toc | community |
---|---|---|---|---|---|---|---|---|---|---|---|
Synology DSM | Integrating Synology DSM with the Authelia OpenID Connect Provider. | 2022-10-18T21:22:13+11:00 | false | openid-connect | 620 | true | true |
Tested Versions
- Authelia
- Synology DSM
- v7.1
Before You Begin
{{% oidc-common %}}
Specific Notes
Important Note: Synology DSM does not support automatically creating users via OpenID Connect 1.0. It is therefore recommended that you ensure Authelia and Synology DSM share a LDAP server.
Assumptions
This example makes the following assumptions:
- Application Root URL:
https://dsm.example.com/
- Authelia Root URL:
https://auth.example.com
- Client ID:
synology-dsm
- Client Secret:
insecure_secret
Configuration
Application
To configure Synology DSM to utilize Authelia as an OpenID Connect 1.0 Provider:
- Go to DSM.
- Go to
Control Panel
. - Go To
Domain/LDAP
. - Go to
SSO Client
. - Check the
Enable OpenID Connect SSO service
checkbox in theOpenID Connect SSO Service
section. - Configure the following values:
- Profile:
OIDC
- Name:
Authelia
- Well Known URL:
https://auth.example.com/.well-known/openid-configuration
- Application ID:
synology-dsm
- Application Key:
insecure_secret
- Redirect URL:
https://dsm.example.com
- Authorisation Scope:
openid profile groups email
- Username Claim:
preferred_username
- Profile:
- Save the settings.
{{< figure src="client.png" alt="Synology" width="736" >}}
Authelia
The following YAML configuration is an example Authelia client configuration for use with Synology DSM which will operate with the above example:
identity_providers:
oidc:
## The other portions of the mandatory OpenID Connect 1.0 configuration go here.
## See: https://www.authelia.com/c/oidc
clients:
- id: synology-dsm
description: Synology DSM
secret: '$pbkdf2-sha512$310000$c8p78n7pUMln0jzvd4aK4Q$JNRBzwAo0ek5qKn50cFzzvE9RXV88h1wJn5KGiHrD0YKtZaR/nCb2CJPOsKaPK0hjf.9yHxzQGZziziccp6Yng' # The digest of 'insecure_secret'.
public: false
authorization_policy: two_factor
redirect_uris:
- https://dsm.example.com
scopes:
- openid
- profile
- groups
- email
userinfo_signing_algorithm: none