ContextQMD
Back to Authelia

Cloud Identity Engine

docs/content/integration/openid-connect/clients/cloud-identity-engine/index.md

4.39.193.5 KB
Original Source

Tested Versions

{{% oidc-common %}}

Assumptions

This example makes the following assumptions:

  • Authelia Root URL: https://{{< sitevar name="subdomain-authelia" nojs="auth" >}}.{{< sitevar name="domain" nojs="example.com" >}}/
  • Client ID: cloudidentityengine
  • Client Secret: insecure_secret

Some of the values presented in this guide can automatically be replaced with documentation variables.

{{< sitevar-preferences >}}

Configuration

Authelia

The following YAML configuration is an example Authelia client configuration for use with Cloud Identity Engine which will operate with the application example:

yaml
identity_providers:
  oidc:
    ## The other portions of the mandatory OpenID Connect 1.0 configuration go here.
    ## See: https://www.authelia.com/c/oidc
    clients:
      - client_id: 'cloudidentityengine'
        client_name: 'Cloud Identity Engine'
        client_secret: '$pbkdf2-sha512$310000$c8p78n7pUMln0jzvd4aK4Q$JNRBzwAo0ek5qKn50cFzzvE9RXV88h1wJn5KGiHrD0YKtZaR/nCb2CJPOsKaPK0hjf.9yHxzQGZziziccp6Yng'  # The digest of 'insecure_secret'.
        public: false
        authorization_policy: 'two_factor'
        require_pkce: true
        pkce_challenge_method: 'S256'
        redirect_uris:
          - '' # Replace with the value copied in step 7.
        scopes:
          - 'openid'
          - 'email'
          - 'profile'
        response_types:
          - 'code'
        grant_types:
          - 'authorization_code'
        access_token_signed_response_alg: 'none'
        userinfo_signed_response_alg: 'none'
        token_endpoint_auth_method: 'client_secret_post'

Application

To configure Cloud Identity Engine there is one method, using the Web GUI.

Web GUI

To configure Cloud Identity Engine to utilize Authelia as an OpenID Connect 1.0 Provider, use the following instructions:

  1. Login to your Cloud Identity Engine administrator account.
  2. Select Authentication.
  3. Select Authentication Types.
  4. Select Add New Authentication Type.
  5. Select Set Up under OIDC.
  6. Enter the following values:
    • Authentication Type Name: Authelia
    • Client Name: Authelia
    • Client ID: cloudidentityengine
    • Client Secret: insecure_secret
    • OIDC Issuer URL: https://{{< sitevar name="subdomain-authelia" nojs="auth" >}}.{{< sitevar name="domain" nojs="example.com" >}}
    • JWT Encryption Algorithm: RS256
    • OIDC Authentication Server Discovery Endpoint (Optional): https://{{< sitevar name="subdomain-authelia" nojs="auth" >}}.{{< sitevar name="domain" nojs="example.com" >}}/.well-known/openid-configuration.
  7. Click the copy button in the Callback URL / Redirect URL and use this in your redirect_uris Authelia configuration.
  8. Click Submit.

See Also