mirrors
/
authelia
mirror of https://github.com/authelia/authelia.git
0
0
Fork 0
Code Issues Projects Releases Wiki Activity
authelia/docs/content/integration/openid-connect/powerdns/index.md

4.1 KiB
Raw Permalink Blame History

title description summary date draft images weight toc support seo
PowerDNS Admin Integrating PowerDNS Admin with the Authelia OpenID Connect 1.0 Provider. 2024-01-16T08:47:18+11:00 false
620 true
level versions integration
community true true
title description canonical noindex
false

Tested Versions

{{% oidc-common %}}

Assumptions

This example makes the following assumptions:

  • Application Root URL: https://powerdns.{{< sitevar name="domain" nojs="example.com" >}}/
  • Authelia Root URL: https://{{< sitevar name="subdomain-authelia" nojs="auth" >}}.{{< sitevar name="domain" nojs="example.com" >}}/
  • Client ID: powerdns
  • Client Secret: insecure_secret

Some of the values presented in this guide can automatically be replaced with documentation variables.

{{< sitevar-preferences >}}

Configuration

Authelia

The following YAML configuration is an example Authelia client configuration for use with PowerDNS Admin which will operate with the application example:

identity_providers:
  oidc:
    ## The other portions of the mandatory OpenID Connect 1.0 configuration go here.
    ## See: https://www.authelia.com/c/oidc
    clients:
      - client_id: 'powerdns'
        client_name: 'PowerDNS Admin'
        client_secret: '$pbkdf2-sha512$310000$c8p78n7pUMln0jzvd4aK4Q$JNRBzwAo0ek5qKn50cFzzvE9RXV88h1wJn5KGiHrD0YKtZaR/nCb2CJPOsKaPK0hjf.9yHxzQGZziziccp6Yng'  # The digest of 'insecure_secret'.
        public: false
        authorization_policy: 'two_factor'
        redirect_uris:
          - 'https://powerdns.{{< sitevar name="domain" nojs="example.com" >}}/oidc/authorized'
        scopes:
          - 'openid'
          - 'profile'
          - 'groups'
          - 'email'
        response_types:
          - 'code'
        grant_types:
          - 'authorization_code'
        userinfo_signed_response_alg: 'none'

Application

To configure PowerDNS Admin to utilize Authelia as an OpenID Connect 1.0 Provider:

  1. Visit Settings
  2. Visit Authentication
  3. Visit OpenID Connect OAuth
  4. Set the following values:
    1. Enable Enable OpenID Connect OAuth
    2. Client ID: powerdns
    3. Client Secret: insecure_secret
    4. Scopes: openid profile groups email
    5. API URL: https://{{< sitevar name="subdomain-authelia" nojs="auth" >}}.{{< sitevar name="domain" nojs="example.com" >}}/api/oidc/userinfo
    6. Enable Enable OIDC OAuth Auto-Configurationh
    7. Metadata URL: https://{{< sitevar name="subdomain-authelia" nojs="auth" >}}.{{< sitevar name="domain" nojs="example.com" >}}/.well-known/openid-configuration
    8. Username: preferred_username
    9. Email: email
    10. Firstname: preferred_username
    11. Last Name: name
    12. Autoprovision Account Name property: preferred_username
    13. Autoprovision Account Description property : name

{{< callout context="note" title="Note" icon="outline/info-circle" >}} Currently, Authelia only supports the preferred_username and name claims under the profile scope. However PowerDNS-Admin only supports a FirstName LastName system, where the two are separate, instead of using the name claim to fetch the full name. This means that the names in the system are incorrect. See issue #4338. {{< /callout >}}

{{< figure src="powerdns.png" alt="PowerDNS Admin" width="736" style="padding-right: 10px" >}}

See Also