2.9 KiB
2.9 KiB
title | description | lead | date | draft | images | menu | weight | toc | community | ||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
MinIO | Integrating MinIO with the Authelia OpenID Connect Provider. | 2023-03-21T11:21:23+11:00 | false |
|
620 | true | true |
Tested Versions
Before You Begin
{{% oidc-common %}}
Assumptions
This example makes the following assumptions:
- Application Root URL:
https://minio.example.com
- Authelia Root URL:
https://auth.example.com
- Client ID:
minio
- Client Secret:
insecure_secret
Configuration
Application
To configure MinIO to utilize Authelia as an OpenID Connect 1.0 Provider:
- Login to MinIO
- On the left hand menu, go to
Identity
, thenOpenID
- On the top right, click
Create Configuration
- On the screen that appears, enter the following information:
- Name:
authelia
- Config URL:
https://auth.example.com/.well-known/openid-configuration
- Client ID:
minio
- Client Secret:
insecure_secret
- Claim Name: Leave Empty
- Display Name:
Authelia
- Claim Prefix:
authelia
- Scopes:
openid,profile,email
- Redirect URI:
https://minio.example.com/oauth_callback
- Role Policy:
readonly
- Claim User Info: Disabled
- Redirect URI Dynamic: Disabled
- Name:
- Press
Save
at the bottom - Accept the offer of a server restart at the top
- When the login screen appears again, click the
Other Authentication Methods
open, then selectAuthelia
from the list. - Login
Authelia
The following YAML configuration is an example Authelia client configuration for use with MinIO which will operate with the above example:
identity_providers:
oidc:
## The other portions of the mandatory OpenID Connect 1.0 configuration go here.
## See: https://www.authelia.com/c/oidc
clients:
- id: 'minio'
description: 'MinIO'
secret: '$pbkdf2-sha512$310000$c8p78n7pUMln0jzvd4aK4Q$JNRBzwAo0ek5qKn50cFzzvE9RXV88h1wJn5KGiHrD0YKtZaR/nCb2CJPOsKaPK0hjf.9yHxzQGZziziccp6Yng' # The digest of 'insecure_secret'.
public: false
authorization_policy: 'two_factor'
redirect_uris:
- 'https://minio.example.com/apps/oidc_login/oidc'
scopes:
- 'openid'
- 'profile'
- 'email'
- 'groups'
userinfo_signing_algorithm: 'none'