ContextQMD
Back to Authelia

Synology DSM

docs/content/integration/openid-connect/clients/synology-dsm/index.md

4.39.193.9 KB
Original Source

Tested Versions

{{% oidc-common %}}

Specific Notes

{{< callout context="caution" title="Important Note" icon="outline/alert-triangle" >}} Synology DSM does not support automatically creating users via OpenID Connect 1.0. It is therefore recommended that you ensure Authelia and Synology DSM share an LDAP server (for DSM v7.1). With DSM v7.2+ you have the possibility to also use local DSM accounts (see Account type below) and do not need to set up a shared LDAP. {{< /callout >}}

Assumptions

This example makes the following assumptions:

  • Application Root URL: https://dsm.{{< sitevar name="domain" nojs="example.com" >}}/
  • Authelia Root URL: https://{{< sitevar name="subdomain-authelia" nojs="auth" >}}.{{< sitevar name="domain" nojs="example.com" >}}/
  • Client ID: synology-dsm
  • Client Secret: insecure_secret

Some of the values presented in this guide can automatically be replaced with documentation variables.

{{< sitevar-preferences >}}

Configuration

Authelia

The following YAML configuration is an example Authelia client configuration for use with Synology DSM which will operate with the application example:

yaml
identity_providers:
  oidc:
    ## The other portions of the mandatory OpenID Connect 1.0 configuration go here.
    ## See: https://www.authelia.com/c/oidc
    clients:
      - client_id: 'synology-dsm'
        client_name: 'Synology DSM'
        client_secret: '$pbkdf2-sha512$310000$c8p78n7pUMln0jzvd4aK4Q$JNRBzwAo0ek5qKn50cFzzvE9RXV88h1wJn5KGiHrD0YKtZaR/nCb2CJPOsKaPK0hjf.9yHxzQGZziziccp6Yng'  # The digest of 'insecure_secret'.
        public: false
        authorization_policy: 'two_factor'
        require_pkce: false
        pkce_challenge_method: ''
        redirect_uris:
          - 'https://dsm.{{< sitevar name="domain" nojs="example.com" >}}'
        scopes:
          - 'openid'
          - 'profile'
          - 'groups'
          - 'email'
        response_types:
          - 'code'
        grant_types:
          - 'authorization_code'
        access_token_signed_response_alg: 'none'
        userinfo_signed_response_alg: 'none'
        token_endpoint_auth_method: 'client_secret_post'

Application

To configure Synology DSM there is one method, using the Web GUI.

Web GUI

To configure Synology DSM to utilize Authelia as an OpenID Connect 1.0 Provider, use the following instructions:

  1. Go to DSM.
  2. Go to Control Panel.
  3. Go To Domain/LDAP.
  4. Go to SSO Client.
  5. Check the Enable OpenID Connect SSO service checkbox in the OpenID Connect SSO Service section.
  6. Configure the following options:
  • Profile: OIDC
  • Account type: Domain/LDAP/local
  • Name: Authelia
  • Well Known URL: https://{{< sitevar name="subdomain-authelia" nojs="auth" >}}.{{< sitevar name="domain" nojs="example.com" >}}/.well-known/openid-configuration
  • Application ID: synology-dsm
  • Application Key: insecure_secret
  • Redirect URL: https://dsm.{{< sitevar name="domain" nojs="example.com" >}}
  • Authorization Scope: openid profile groups email
  • Username Claim: preferred_username
  1. Save the settings.

{{< figure src="client.png" alt="Synology" width="736" >}}

See Also