mirrors
/
authelia
mirror of https://github.com/authelia/authelia.git
0
0
Fork 0
Code Issues Projects Releases Wiki Activity
authelia/docs/content/integration/openid-connect/synology-dsm/index.md

4.0 KiB
Raw Permalink Blame History

title description summary date draft images weight toc support seo
Synology DSM Integrating Synology DSM with the Authelia OpenID Connect 1.0 Provider. 2022-10-18T21:22:13+11:00 false
620 true
level versions integration
community true true
title description canonical noindex
false

Tested Versions

{{% oidc-common %}}

Specific Notes

{{< callout context="caution" title="Important Note" icon="outline/alert-triangle" >}} Synology DSM does not support automatically creating users via OpenID Connect 1.0. It is therefore recommended that you ensure Authelia and Synology DSM share an LDAP server (for DSM v7.1). With DSM v7.2+ you have the possibility to also use local DSM accounts (see Account type below) and do not need to set up a shared LDAP. {{< /callout >}}

Assumptions

This example makes the following assumptions:

  • Application Root URL: https://dsm.{{< sitevar name="domain" nojs="example.com" >}}/
  • Authelia Root URL: https://{{< sitevar name="subdomain-authelia" nojs="auth" >}}.{{< sitevar name="domain" nojs="example.com" >}}/
  • Client ID: synology-dsm
  • Client Secret: insecure_secret

Some of the values presented in this guide can automatically be replaced with documentation variables.

{{< sitevar-preferences >}}

Configuration

Authelia

The following YAML configuration is an example Authelia client configuration for use with Synology DSM which will operate with the application example:

identity_providers:
  oidc:
    ## The other portions of the mandatory OpenID Connect 1.0 configuration go here.
    ## See: https://www.authelia.com/c/oidc
    clients:
      - client_id: 'synology-dsm'
        client_name: 'Synology DSM'
        client_secret: '$pbkdf2-sha512$310000$c8p78n7pUMln0jzvd4aK4Q$JNRBzwAo0ek5qKn50cFzzvE9RXV88h1wJn5KGiHrD0YKtZaR/nCb2CJPOsKaPK0hjf.9yHxzQGZziziccp6Yng'  # The digest of 'insecure_secret'.
        public: false
        authorization_policy: 'two_factor'
        redirect_uris:
          - 'https://dsm.{{< sitevar name="domain" nojs="example.com" >}}'
        scopes:
          - 'openid'
          - 'profile'
          - 'groups'
          - 'email'
        userinfo_signed_response_alg: 'none'
        token_endpoint_auth_method: 'client_secret_post'

Application

To configure Synology DSM to utilize Authelia as an OpenID Connect 1.0 Provider:

  1. Go to DSM.
  2. Go to Control Panel.
  3. Go To Domain/LDAP.
  4. Go to SSO Client.
  5. Check the Enable OpenID Connect SSO service checkbox in the OpenID Connect SSO Service section.
  6. Configure the following values:
  • Profile: OIDC
  • Account type: Domain/LDAP/local (Note: Account type is supported DSM v7.2+)
  • Name: Authelia
  • Well Known URL: https://{{< sitevar name="subdomain-authelia" nojs="auth" >}}.{{< sitevar name="domain" nojs="example.com" >}}/.well-known/openid-configuration
  • Application ID: synology-dsm
  • Application Key: insecure_secret
  • Redirect URL: https://dsm.{{< sitevar name="domain" nojs="example.com" >}}
  • Authorisation Scope: openid profile groups email
  • Username Claim: preferred_username
  1. Save the settings.

{{< figure src="client.png" alt="Synology" width="736" >}}

See Also