Compare commits
3 commits
c0f8721a00
...
a66b370e84
Author | SHA1 | Date | |
---|---|---|---|
a66b370e84 | |||
43d5a87da5 | |||
ac0e5936b6 |
4 changed files with 39 additions and 9 deletions
|
@ -76,9 +76,19 @@ identity_providers:
|
||||||
- key: |
|
- key: |
|
||||||
{{ authelia_secrets["jwks_key"] | indent(width=10) }}
|
{{ authelia_secrets["jwks_key"] | indent(width=10) }}
|
||||||
clients:
|
clients:
|
||||||
- client_id: '{{ synapse_secrets["oidc_client_id"] }}'
|
- client_id: '{{ authelia_secrets["hedgedoc_client_id"] }}'
|
||||||
|
client_name: HedgeDoc
|
||||||
|
client_secret: '{{ authelia_secrets["hedgedoc_client_secret_hash"] }}'
|
||||||
|
redirect_uris: 'https://hedgedoc.{{ domain }}/auth/oauth2/callback'
|
||||||
|
scopes:
|
||||||
|
- 'openid'
|
||||||
|
- 'profile'
|
||||||
|
- 'email'
|
||||||
|
token_endpoint_auth_method: client_secret_post
|
||||||
|
|
||||||
|
- client_id: '{{ authelia_secrets["synapse_client_id"] }}'
|
||||||
client_name: Synapse
|
client_name: Synapse
|
||||||
client_secret: '{{ synapse_secrets["oidc_client_secret_hash"] }}'
|
client_secret: '{{ authelia_secrets["synapse_client_secret_hash"] }}'
|
||||||
redirect_uris: 'https://matrix.{{ domain }}/_synapse/client/oidc/callback'
|
redirect_uris: 'https://matrix.{{ domain }}/_synapse/client/oidc/callback'
|
||||||
scopes:
|
scopes:
|
||||||
- 'openid'
|
- 'openid'
|
||||||
|
|
|
@ -6,3 +6,15 @@ CMD_DB_PASSWORD='{{ hedgedoc_secrets["postgres_password"] }}'
|
||||||
CMD_DOMAIN='hedgedoc.{{ domain }}'
|
CMD_DOMAIN='hedgedoc.{{ domain }}'
|
||||||
CMD_PROTOCOL_USESSL=true
|
CMD_PROTOCOL_USESSL=true
|
||||||
CMD_SESSION_SECRET='{{ hedgedoc_secrets["session_secret"] }}'
|
CMD_SESSION_SECRET='{{ hedgedoc_secrets["session_secret"] }}'
|
||||||
|
CMD_ALLOW_EMAIL_REGISTER=false
|
||||||
|
|
||||||
|
CMD_OAUTH2_PROVIDERNAME=Authelia
|
||||||
|
CMD_OAUTH2_CLIENT_ID='{{ authelia_secrets["hedgedoc_client_id"] }}'
|
||||||
|
CMD_OAUTH2_CLIENT_SECRET='{{ authelia_secrets["hedgedoc_client_secret"] }}'
|
||||||
|
CMD_OAUTH2_AUTHORIZATION_URL=https://auth.{{ domain }}/api/oidc/authorization
|
||||||
|
CMD_OAUTH2_TOKEN_URL=https://auth.{{ domain }}/api/oidc/token
|
||||||
|
CMD_OAUTH2_USER_PROFILE_URL=https://auth.{{ domain }}/api/oidc/userinfo
|
||||||
|
CMD_OAUTH2_SCOPE=openid email profile
|
||||||
|
CMD_OAUTH2_USER_PROFILE_USERNAME_ATTR=preferred_username
|
||||||
|
CMD_OAUTH2_USER_PROFILE_DISPLAY_NAME_ATTR=name
|
||||||
|
CMD_OAUTH2_USER_PROFILE_EMAIL_ATTR=email
|
||||||
|
|
|
@ -113,8 +113,8 @@ oidc_providers:
|
||||||
idp_icon: "mxc://authelia.com/cKlrTPsGvlpKxAYeHWJsdVHI"
|
idp_icon: "mxc://authelia.com/cKlrTPsGvlpKxAYeHWJsdVHI"
|
||||||
discover: false
|
discover: false
|
||||||
issuer: "https://auth.{{ domain }}"
|
issuer: "https://auth.{{ domain }}"
|
||||||
client_id: '{{ synapse_secrets["oidc_client_id"] }}'
|
client_id: '{{ authelia_secrets["synapse_client_id"] }}'
|
||||||
client_secret: '{{ synapse_secrets["oidc_client_secret"] }}'
|
client_secret: '{{ authelia_secrets["synapse_client_secret"] }}'
|
||||||
scopes: ["openid", "profile", "email"]
|
scopes: ["openid", "profile", "email"]
|
||||||
authorization_endpoint: 'https://auth.{{ domain }}/api/oidc/authorization'
|
authorization_endpoint: 'https://auth.{{ domain }}/api/oidc/authorization'
|
||||||
token_endpoint: 'https://auth.{{ domain }}/api/oidc/token'
|
token_endpoint: 'https://auth.{{ domain }}/api/oidc/token'
|
||||||
|
|
|
@ -12,14 +12,27 @@ cifs_credentials:
|
||||||
authelia_secrets:
|
authelia_secrets:
|
||||||
# Encryption key for the database, must be saved
|
# Encryption key for the database, must be saved
|
||||||
encryption_key:
|
encryption_key:
|
||||||
|
|
||||||
|
# Generate random client id : docker run --rm authelia/authelia:4 authelia crypto rand --length 72 --charset rfc3986
|
||||||
|
# Generate random secret + hash : docker run --rm authelia/authelia:4 authelia crypto hash generate pbkdf2 --variant sha512 --random --random.length 72 --random.charset rfc3986
|
||||||
|
hedgedoc_client_id:
|
||||||
|
hedgedoc_client_secret:
|
||||||
|
hedgedoc_client_secret_hash:
|
||||||
|
synapse_client_id:
|
||||||
|
synapse_client_secret:
|
||||||
|
synapse_client_secret_hash:
|
||||||
|
|
||||||
hmac_secret:
|
hmac_secret:
|
||||||
jwks_key: | # openssl genrsa 4096
|
jwks_key: | # openssl genrsa 4096
|
||||||
jwt_secret:
|
jwt_secret:
|
||||||
|
|
||||||
# LDAP bind dn
|
# LDAP bind dn
|
||||||
ldap_user:
|
ldap_user:
|
||||||
ldap_password:
|
ldap_password:
|
||||||
|
|
||||||
postgres_user:
|
postgres_user:
|
||||||
postgres_password:
|
postgres_password:
|
||||||
|
|
||||||
smtp_user:
|
smtp_user:
|
||||||
smtp_password:
|
smtp_password:
|
||||||
|
|
||||||
|
@ -51,11 +64,6 @@ searxng_secrets:
|
||||||
searxng_secret:
|
searxng_secret:
|
||||||
|
|
||||||
synapse_secrets:
|
synapse_secrets:
|
||||||
# docker run --rm authelia/authelia:4 authelia crypto rand --length 72 --charset rfc3986
|
|
||||||
oidc_client_id:
|
|
||||||
# Generate random secret + hash : docker run --rm authelia/authelia:4 authelia crypto hash generate pbkdf2 --variant sha512 --random --random.length 72 --random.charset rfc3986
|
|
||||||
oidc_client_secret:
|
|
||||||
oidc_client_secret_hash:
|
|
||||||
smtp_user:
|
smtp_user:
|
||||||
smtp_pass:
|
smtp_pass:
|
||||||
postgres_user:
|
postgres_user:
|
||||||
|
|
Loading…
Reference in a new issue