RPJosh
/
authelia
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
authelia/docs/content/en/integration/openid-connect/synology-dsm/index.md

2.8 KiB
Raw Blame History

title description lead date draft images menu integration parent weight toc community
Synology DSM Integrating Synology DSM with the Authelia OpenID Connect Provider. 2022-10-18T21:22:13+11:00 false
openid-connect 620 true true

Tested Versions

Before You Begin

{{% oidc-common %}}

Specific Notes

Important Note: Synology DSM does not support automatically creating users via OpenID Connect 1.0. It is therefore recommended that you ensure Authelia and Synology DSM share a LDAP server.

Assumptions

This example makes the following assumptions:

  • Application Root URL: https://dsm.example.com/
  • Authelia Root URL: https://auth.example.com
  • Client ID: synology-dsm
  • Client Secret: insecure_secret

Configuration

Application

To configure Synology DSM to utilize Authelia as an OpenID Connect 1.0 Provider:

  1. Go to DSM.
  2. Go to Control Panel.
  3. Go To Domain/LDAP.
  4. Go to SSO Client.
  5. Check the Enable OpenID Connect SSO service checkbox in the OpenID Connect SSO Service section.
  6. Configure the following values:
    • Profile: OIDC
    • Name: Authelia
    • Well Known URL: https://auth.example.com/.well-known/openid-configuration
    • Application ID: synology-dsm
    • Application Key: insecure_secret
    • Redirect URL: https://dsm.example.com
    • Authorisation Scope: openid profile groups email
    • Username Claim: preferred_username
  7. Save the settings.

{{< figure src="client.png" alt="Synology" width="736" >}}

Authelia

The following YAML configuration is an example Authelia client configuration for use with Synology DSM which will operate with the above example:

identity_providers:
  oidc:
    ## The other portions of the mandatory OpenID Connect 1.0 configuration go here.
    ## See: https://www.authelia.com/c/oidc
    clients:
    - id: 'synology-dsm'
      description: 'Synology DSM'
      secret: '$pbkdf2-sha512$310000$c8p78n7pUMln0jzvd4aK4Q$JNRBzwAo0ek5qKn50cFzzvE9RXV88h1wJn5KGiHrD0YKtZaR/nCb2CJPOsKaPK0hjf.9yHxzQGZziziccp6Yng'  # The digest of 'insecure_secret'.
      public: false
      authorization_policy: 'two_factor'
      redirect_uris:
        - 'https://dsm.example.com'
      scopes:
        - 'openid'
        - 'profile'
        - 'groups'
        - 'email'
      userinfo_signing_algorithm: 'none'

See Also