mirror of https://github.com/authelia/authelia.git
4.1 KiB
4.1 KiB
| title | description | summary | date | draft | images | weight | toc | support | seo | ||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Node-RED | Integrating Node-RED with the Authelia OpenID Connect 1.0 Provider. | 2024-08-12T14:36:35+10:00 | false | 620 | true |
|
|
Tested Versions
{{% oidc-common %}}
Assumptions
This example makes the following assumptions:
- Application Root URL:
https://node-red.{{< sitevar name="domain" nojs="example.com" >}}/ - Authelia Root URL:
https://{{< sitevar name="subdomain-authelia" nojs="auth" >}}.{{< sitevar name="domain" nojs="example.com" >}}/ - Client ID:
node-red
Some of the values presented in this guide can automatically be replaced with documentation variables.
{{< sitevar-preferences >}}
Configuration
Authelia
The following YAML configuration is an example Authelia client configuration for use with Node-RED which will operate with the application example:
identity_providers:
oidc:
## The other portions of the mandatory OpenID Connect 1.0 configuration go here.
## See: https://www.authelia.com/c/oidc
clients:
- client_id: 'node-red'
client_name: 'Node-RED'
client_secret: '$pbkdf2-sha512$310000$c8p78n7pUMln0jzvd4aK4Q$JNRBzwAo0ek5qKn50cFzzvE9RXV88h1wJn5KGiHrD0YKtZaR/nCb2CJPOsKaPK0hjf.9yHxzQGZziziccp6Yng' # The digest of 'insecure_secret'.
authorization_policy: 'two_factor'
require_pkce: true
pkce_challenge_method: 'S256'
redirect_uris:
- 'https://node-red.{{< sitevar name="domain" nojs="example.com" >}}/auth/strategy/callback/'
scopes:
- 'openid'
- 'email'
- 'profile'
- 'groups'
userinfo_signed_response_alg: 'none'
token_endpoint_auth_method: 'client_secret_post'
Application
To configure Node-RED to utilize Authelia as an OpenID Connect 1.0 Provider:
- Install the
passport-openidconnectnpm package. - Use the following
settings.jsconfiguration:
adminAuth: {
type: 'strategy',
strategy: {
name: 'openidconnect',
label: 'Sign in with Authelia',
icon: 'fa-openid',
strategy: require('passport-openidconnect').Strategy,
options: {
issuer: 'https://{{< sitevar name="subdomain-authelia" nojs="auth" >}}.{{< sitevar name="domain" nojs="example.com" >}}',
authorizationURL: 'https://{{< sitevar name="subdomain-authelia" nojs="auth" >}}.{{< sitevar name="domain" nojs="example.com" >}}/api/oidc/authorization',
tokenURL: 'https://{{< sitevar name="subdomain-authelia" nojs="auth" >}}.{{< sitevar name="domain" nojs="example.com" >}}/api/oidc/token',
userInfoURL: 'https://{{< sitevar name="subdomain-authelia" nojs="auth" >}}.{{< sitevar name="domain" nojs="example.com" >}}/api/oidc/userinfo',
clientID: 'node-red',
clientSecret: 'insecure_secret',
callbackURL: 'https://node-red.{{< sitevar name="domain" nojs="example.com" >}}/auth/strategy/callback/',
scope: ['openid', 'email', 'profile', 'groups'],
proxy: true,
verify: function(issuer, profile, done) {
done(null, profile)
}
}
},
users: function(user) {
return Promise.resolve({ username: user, permissions: "*" });
}
},