KJZH001/nezhahq.github.io
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
nezhahq.github.io/docs/en_US/guide/q10.md

28 lines
2.1 KiB
Markdown
Executable File
Raw Blame History

---
outline: deep
---
# Configuring OIDC Authentication
Modify the contents of `config.yaml` to configure OIDC (OpenID Connect) authentication. OIDC is an authentication layer on top of the OAuth 2.0 protocol, which allows applications to verify the identity of users based on the authentication performed by an Authorization Server. This method is widely used to implement single sign-on for modern applications.
## Configuration Details
Here is a step-by-step guide to configuring the OIDC settings in your `config.yaml`:
```yaml
oauth2:
type: oidc # (Required) Specifies the authentication type as OIDC
oidcDisplayName: OIDC # (Optional, default: OIDC) The name displayed on the login page
admin: "" # (Fill at least one of admin or adminGroups; default: empty) Admin usernames, separated by commas. Users listed here are considered administrators
adminGroups: "" # (Fill at least one of admin or adminGroups; default: empty) Admin groups, separated by commas. Users in these groups are considered administrators. Omit if group management is not used
clientid: # (Required) OIDC client ID
clientsecret: # (Required) OIDC client secret
oidcIssuer: https://auth.example.com/realms/master # (Required) The issuer URL of the OIDC provider, obtainable from your OIDC provider
# oidcLogoutUrl: https://auth.example.com/realms/master/protocol/openid-connect/logout # (Currently unusable due to a bug)
# oidcRegisterUrl: # (Optional) Registration link provided by the OIDC provider
oidcScopes: openid,profile,email # (Optional, default: openid,profile,email) OIDC scopes requested, separated by commas
oidcLoginClaim: sub # (Optional, default: sub) The username field returned by OIDC, can be preferred_username, sub, or email
oidcGroupsClaim: groups # (Required if using adminGroups, default: groups) The user group information field returned by OIDC, can be groups or roles
oidcAutoCreate: false # (Optional, default: false) Whether to automatically create a user if they do not exist
oidcAutoLogin: false # (Optional, default: false) Whether to automatically redirect to the OIDC login page when the path is /login
```
Reference in New Issue View Git Blame Copy Permalink