ContextQMD
Back to Authelia

Stirling-PDF

docs/content/integration/openid-connect/clients/stirling-pdf/index.md

4.39.194.3 KB
Original Source

Tested Versions

{{% oidc-common bugs="claims-hydration" %}}

Assumptions

This example makes the following assumptions:

  • Application Root URL: https://stirlingpdf.{{< sitevar name="domain" nojs="example.com" >}}/
  • Authelia Root URL: https://{{< sitevar name="subdomain-authelia" nojs="auth" >}}.{{< sitevar name="domain" nojs="example.com" >}}/
  • Client ID: stirlingpdf
  • Client Secret: insecure_secret

Some of the values presented in this guide can automatically be replaced with documentation variables.

{{< sitevar-preferences >}}

Configuration

Authelia

The following YAML configuration is an example Authelia client configuration for use with Stirling-PDF which will operate with the application example:

yaml
identity_providers:
  oidc:
    ## The other portions of the mandatory OpenID Connect 1.0 configuration go here.
    ## See: https://www.authelia.com/c/oidc
    clients:
      - client_id: 'stirlingpdf'
        client_name: 'Stirling-PDF'
        client_secret: '$pbkdf2-sha512$310000$c8p78n7pUMln0jzvd4aK4Q$JNRBzwAo0ek5qKn50cFzzvE9RXV88h1wJn5KGiHrD0YKtZaR/nCb2CJPOsKaPK0hjf.9yHxzQGZziziccp6Yng'  # The digest of 'insecure_secret'.
        public: false
        authorization_policy: 'two_factor'
        require_pkce: false
        pkce_challenge_method: ''
        redirect_uris:
          - 'https://stirlingpdf.{{< sitevar name="domain" nojs="example.com" >}}/login/oauth2/code/oidc'
        scopes:
          - 'openid'
          - 'profile'
          - 'groups'
          - 'email'
        response_types:
          - 'code'
        grant_types:
          - 'authorization_code'
        access_token_signed_response_alg: 'none'
        userinfo_signed_response_alg: 'none'
        token_endpoint_auth_method: 'client_secret_basic'

Configuration Escape Hatch

{{% oidc-escape-hatch-claims-hydration client_id="stirlingpdf" claims="preferred_username" %}}

Application

{{< callout context="caution" title="Important Note" icon="outline/alert-triangle" >}} Stirling-PDF OIDC Login requires you to log in with a user who isn't already registered with Stirling-PDF. You can rename your current ('web') user via https://stirlingpdf.{{</* sitevar name="domain" nojs="example.com" */>}}/account {{< /callout >}}

To configure Stirling-PDF there is one method, using the Environment Variables.

Environment Variables

To configure Stirling-PDF to utilize Authelia as an OpenID Connect 1.0 Provider, use the following environment variables:

Standard
shell
DOCKER_ENABLE_SECURITY=true
SECURITY_ENABLE_LOGIN=true
SECURITY_LOGINMETHOD=oauth2
SECURITY_OAUTH2_ENABLED=true
SECURITY_OAUTH2_AUTOCREATEUSER=true
SECURITY_OAUTH2_ISSUER=https://{{< sitevar name="subdomain-authelia" nojs="auth" >}}.{{< sitevar name="domain" nojs="example.com" >}}
SECURITY_OAUTH2_CLIENTID=stirlingpdf
SECURITY_OAUTH2_CLIENTSECRET=insecure_secret
SECURITY_OAUTH2_BLOCKREGISTRATION=false
SECURITY_OAUTH2_SCOPES=openid,profile
SECURITY_OAUTH2_USEASUSERNAME=preferred_username
SECURITY_OAUTH2_PROVIDER=Authelia
Docker Compose
yaml
services:
  stirling-pdf:
    environment:
      DOCKER_ENABLE_SECURITY: 'true'
      SECURITY_ENABLE_LOGIN: 'true'
      SECURITY_LOGINMETHOD: 'oauth2'
      SECURITY_OAUTH2_ENABLED: 'true'
      SECURITY_OAUTH2_AUTOCREATEUSER: 'true'
      SECURITY_OAUTH2_ISSUER: 'https://{{< sitevar name="subdomain-authelia" nojs="auth" >}}.{{< sitevar name="domain" nojs="example.com" >}}'
      SECURITY_OAUTH2_CLIENTID: 'stirlingpdf'
      SECURITY_OAUTH2_CLIENTSECRET: 'insecure_secret'
      SECURITY_OAUTH2_BLOCKREGISTRATION: 'false'
      SECURITY_OAUTH2_SCOPES: 'openid, profile, email'
      SECURITY_OAUTH2_USEASUSERNAME: 'preferred_username'
      SECURITY_OAUTH2_PROVIDER: 'Authelia'

See Also