ContextQMD
Back to Authelia

Opengist

docs/content/integration/openid-connect/clients/opengist/index.md

4.39.194.0 KB
Original Source

Tested Versions

{{% oidc-common %}}

Assumptions

This example makes the following assumptions:

  • Application Root URL: https://opengist.{{< sitevar name="domain" nojs="example.com" >}}/
  • Authelia Root URL: https://{{< sitevar name="subdomain-authelia" nojs="auth" >}}.{{< sitevar name="domain" nojs="example.com" >}}/
  • Client ID: opengist
  • Client Secret: insecure_secret

Some of the values presented in this guide can automatically be replaced with documentation variables.

{{< sitevar-preferences >}}

Configuration

Opengist

The following YAML configuration is an example Opengist client configuration for use with Opengist which will operate with the application example:

yaml
identity_providers:
  oidc:
    ## The other portions of the mandatory OpenID Connect 1.0 configuration go here.
    ## See: https://www.authelia.com/c/oidc
    clients:
      - client_id: 'opengist'
        client_name: 'Opengist'
        client_secret: '$pbkdf2-sha512$310000$c8p78n7pUMln0jzvd4aK4Q$JNRBzwAo0ek5qKn50cFzzvE9RXV88h1wJn5KGiHrD0YKtZaR/nCb2CJPOsKaPK0hjf.9yHxzQGZziziccp6Yng'  # The digest of 'insecure_secret'.
        authorization_policy: 'two_factor'
        redirect_uris:
          - 'https://opengist.{{< sitevar name="domain" nojs="example.com" >}}/oauth/openid-connect/callback'
        scopes:
          - 'openid'
          - 'email'
          - 'profile'
          - 'groups' # Supports https://opengist.io/docs/configuration/oauth-providers.html#oidc-admin-group
        grant_types:
          - 'authorization_code'
        token_endpoint_auth_method: 'client_secret_post'

Application

To configure Opengist there are two methods, using the Environment Variables, or using the Configuration File.

See https://opengist.io/docs/configuration/oauth-providers.html#openid-connect.

Environment Variables

To configure Opengist to utilize Authelia as an OpenID Connect 1.0 Provider, use the following environment variables:

Standard
shell
OG_OIDC_PROVIDER_NAME=authelia
OG_OIDC_CLIENT_KEY=opengist
OG_OIDC_SECRET=insecure_secret
OG_OIDC_DISCOVERY_URL=https://{{< sitevar name="subdomain-authelia" nojs="auth" >}}.{{< sitevar name="domain" nojs="example.com" >}}/.well-known/openid-configuration
OG_OIDC_GROUP_CLAIM_NAME=groups
OG_OIDC_ADMIN_GROUP=admin-group-name
Docker Compose
yaml
services:
  opengist:
    environment:
      OG_OIDC_PROVIDER_NAME: 'authelia'
      OG_OIDC_CLIENT_KEY: 'opengist'
      OG_OIDC_SECRET: 'insecure_secret'
      OG_OIDC_DISCOVERY_URL: 'https://{{< sitevar name="subdomain-authelia" nojs="auth" >}}.{{< sitevar name="domain" nojs="example.com" >}}/.well-known/openid-configuration'
      OG_OIDC_GROUP_CLAIM_NAME: 'groups'
      OG_OIDC_ADMIN_GROUP: 'admin-group-name'

Configuration file

yaml
oidc.provider-name: authelia
oidc.client-key: opengist
oidc.secret: insecure_secret
oidc.discovery-url: https://{{< sitevar name="subdomain-authelia" nojs="auth" >}}.{{< sitevar name="domain" nojs="example.com" >}}/.well-known/openid-configuration

oidc.group-claim-name: groups # Name of the claim containing the groups
oidc.admin-group: admin-group-name # Name of the group that should receive admin rights

# Required for correct setting of ?redirect_uri= in OIDC callback URL
external-url: https://opengist.{{< sitevar name="domain" nojs="example.com" >}}

See Also