ContextQMD
Back to Authelia

Stalwart

docs/content/integration/openid-connect/clients/stalwart/index.md

4.39.194.2 KB
Original Source

Tested Versions

{{% oidc-common %}}

Assumptions

This example makes the following assumptions:

  • Application Root URL: https://example.{{< sitevar name="domain" nojs="example.com" >}}/
  • Authelia Root URL: https://{{< sitevar name="subdomain-authelia" nojs="auth" >}}.{{< sitevar name="domain" nojs="example.com" >}}/
  • Client ID: stalwart
  • Client Secret: insecure_secret

Some of the values presented in this guide can automatically be replaced with documentation variables.

{{< sitevar-preferences >}}

Configuration

Authelia

{{< callout context="tip" title="Did you know?" icon="outline/rocket" >}} This client is created as an example but Stalwart doesn't use this client directly, it just queries the Introspection or User Info Endpoint given an Access Token. This means you must procure the relevant Access Token yourself in order to use it. In this example we issue it to an application that has a URI different to Stalwart which allows that application to leverage OAuth 2.0 to authenticate on a users behalf. {{< /callout >}}

The following YAML configuration is an example Authelia client configuration for use with Stalwart which will operate with the application example:

yaml
identity_providers:
  oidc:
    ## The other portions of the mandatory OpenID Connect 1.0 configuration go here.
    ## See: https://www.authelia.com/c/oidc
    clients:
      - client_id: 'stalwart'
        client_name: 'Stalwart'
        client_secret: '$pbkdf2-sha512$310000$c8p78n7pUMln0jzvd4aK4Q$JNRBzwAo0ek5qKn50cFzzvE9RXV88h1wJn5KGiHrD0YKtZaR/nCb2CJPOsKaPK0hjf.9yHxzQGZziziccp6Yng'  # The digest of 'insecure_secret'.
        public: false
        authorization_policy: 'two_factor'
        require_pkce: true
        pkce_challenge_method: 'S256'
        redirect_uris:
          - 'https://example.{{< sitevar name="domain" nojs="example.com" >}}'
        scopes:
          - 'openid'
          - 'profile'
          - 'email'
        response_types:
          - 'code'
        grant_types:
          - 'authorization_code'
        access_token_signed_response_alg: 'none'
        userinfo_signed_response_alg: 'none'
        token_endpoint_auth_method: 'client_secret_basic'

Application

To configure Stalwart there are two methods, using the Configuration File, or using the Web GUI.

Configuration File

{{< callout context="tip" title="Did you know?" icon="outline/rocket" >}} Generally the configuration file is named config.toml. {{< /callout >}}

To configure Stalwart to utilize Authelia as an OpenID Connect 1.0 Provider, use the following configuration:

toml
[directory."authelia"]
type = "oidc"
timeout = "15s"
endpoint.url = "https://{{< sitevar name="subdomain-authelia" nojs="auth" >}}.{{< sitevar name="domain" nojs="example.com" >}}/api/oidc/userinfo"
endpoint.method = "userinfo"
fields.email = "email"
fields.username = "preferred_username"
fields.full-name = "name"

Web GUI

To configure Stalwart to utilize Authelia as an OpenID Connect 1.0 Provider, use the following instructions:

  1. Login to Stalwart.
  2. Navigate to Settings.
  3. Navigate to Authentication.
  4. Navigate to Directories.
  5. Click Create Directory.
  6. Configure the following options:
    • Directory Id: authelia
    • Type: OpenID Connect
    • URL: https://{{< sitevar name="subdomain-authelia" nojs="auth" >}}.{{< sitevar name="domain" nojs="example.com" >}}/api/oidc/userinfo
    • Type: OpenID Connect Userinfo
    • Timeout: 15 seconds
    • E-mail Field: email
    • Username field: preferred_username
    • Name field: name
  7. Press Save & Reload at the bottom.

See Also