--- outline: deep --- # Configuring OIDC Authentication Modify the contents of `config.yaml` to configure OIDC (OpenID Connect) authentication. OIDC is an authentication layer on top of the OAuth 2.0 protocol, which allows applications to verify the identity of users based on the authentication performed by an Authorization Server. This method is widely used to implement single sign-on for modern applications. ## Configuration Details Here is a step-by-step guide to configuring the OIDC settings in your `config.yaml`: ```yaml oauth2: type: oidc # (Required) Specifies the authentication type as OIDC oidcDisplayName: OIDC # (Optional, default: OIDC) The name displayed on the login page admin: "" # (Fill at least one of admin or adminGroups; default: empty) Admin usernames, separated by commas. Users listed here are considered administrators adminGroups: "" # (Fill at least one of admin or adminGroups; default: empty) Admin groups, separated by commas. Users in these groups are considered administrators. Omit if group management is not used clientid: # (Required) OIDC client ID clientsecret: # (Required) OIDC client secret oidcIssuer: https://auth.example.com/realms/master # (Required) The issuer URL of the OIDC provider, obtainable from your OIDC provider # oidcLogoutUrl: https://auth.example.com/realms/master/protocol/openid-connect/logout # (Currently unusable due to a bug) # oidcRegisterUrl: # (Optional) Registration link provided by the OIDC provider oidcScopes: openid,profile,email # (Optional, default: openid,profile,email) OIDC scopes requested, separated by commas oidcLoginClaim: sub # (Optional, default: sub) The username field returned by OIDC, can be preferred_username, sub, or email oidcGroupsClaim: groups # (Required if using adminGroups, default: groups) The user group information field returned by OIDC, can be groups or roles oidcAutoCreate: false # (Optional, default: false) Whether to automatically create a user if they do not exist oidcAutoLogin: false # (Optional, default: false) Whether to automatically redirect to the OIDC login page when the path is /login ```