From ba13b021d11e41325f639681cab6ab6db22d870b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Skyler=20M=C3=A4ntysaari?= Date: Thu, 21 Oct 2021 18:17:31 +0300 Subject: [PATCH 1/3] docs/openid: Add Authentik documentation. MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Skyler Mäntysaari --- changelog.d/11151.doc | 1 + docs/openid.md | 34 ++++++++++++++++++++++++++++++++++ 2 files changed, 35 insertions(+) create mode 100644 changelog.d/11151.doc diff --git a/changelog.d/11151.doc b/changelog.d/11151.doc new file mode 100644 index 000000000000..106711ac9e4b --- /dev/null +++ b/changelog.d/11151.doc @@ -0,0 +1 @@ +Add Authentik documentation \ No newline at end of file diff --git a/docs/openid.md b/docs/openid.md index 49180eec5293..af0c4ce07815 100644 --- a/docs/openid.md +++ b/docs/openid.md @@ -21,6 +21,7 @@ such as [Github][github-idp]. [google-idp]: https://developers.google.com/identity/protocols/oauth2/openid-connect [auth0]: https://auth0.com/ +[authentik]: https://goauthentik.io/ [okta]: https://www.okta.com/ [dex-idp]: https://github.com/dexidp/dex [keycloak-idp]: https://www.keycloak.org/docs/latest/server_admin/#sso-protocols @@ -209,6 +210,39 @@ oidc_providers: display_name_template: "{{ user.name }}" ``` +### Authentik + +[Authentik][Authentik] is an open-source IdP solution. + +1. Create a provider in Authentik, with type OAuth2/OpenID. +2. The parameters are: +- Client Type: Confidential +- JWT Algorithm: RS256 +- Scopes: OpenID, Email and Profile +- RSA Key: Select any available key +- Redirect URIs: `[synapse public baseurl]/_synapse/client/oidc/callback` +3. Create an application for synapse in Authentik and link it to the provider. +4. Note the slug of your application, Client ID and Client Secret. + +Synapse config: +```yaml +oidc_providers: + - idp_id: authentik + idp_name: authentik + discover: true + issuer: "https://authentik.company/application/o/app-slug/" + client_id: "*client id*" + client_secret: "*client secret*" + scopes: + - "openid" + - "profile" + - "email" + user_mapping_provider: + config: + localpart_template: "{{ '{{ user.name }}' }}" + display_name_template: "{{ '{{ user.name|capitalize }}' }}" +``` + ### GitHub [GitHub][github-idp] is a bit special as it is not an OpenID Connect compliant provider, but From 3ff2f5ddb3a5676553814796ef8d0133d913a353 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Skyler=20M=C3=A4ntysaari?= Date: Fri, 22 Oct 2021 16:21:36 +0300 Subject: [PATCH 2/3] docs/openid: PR changes that were requested. MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Skyler Mäntysaari --- changelog.d/11151.doc | 2 +- docs/openid.md | 12 ++++++------ 2 files changed, 7 insertions(+), 7 deletions(-) diff --git a/changelog.d/11151.doc b/changelog.d/11151.doc index 106711ac9e4b..68cd99471fbc 100644 --- a/changelog.d/11151.doc +++ b/changelog.d/11151.doc @@ -1 +1 @@ -Add Authentik documentation \ No newline at end of file +Add documentation for using Authentik as an OpenID Connect Identity Provider. Contributed by @samip5. \ No newline at end of file diff --git a/docs/openid.md b/docs/openid.md index af0c4ce07815..5e92c26e4edc 100644 --- a/docs/openid.md +++ b/docs/openid.md @@ -212,7 +212,7 @@ oidc_providers: ### Authentik -[Authentik][Authentik] is an open-source IdP solution. +[Authentik][authentik] is an open-source IdP solution. 1. Create a provider in Authentik, with type OAuth2/OpenID. 2. The parameters are: @@ -230,17 +230,17 @@ oidc_providers: - idp_id: authentik idp_name: authentik discover: true - issuer: "https://authentik.company/application/o/app-slug/" - client_id: "*client id*" - client_secret: "*client secret*" + issuer: "https://your.authentik.example.org/application/o/your-app-slug/" # TO BE FILLED: domain and slug + client_id: "your client id" # TO BE FILLED + client_secret: "your client secret" # TO BE FILLED scopes: - "openid" - "profile" - "email" user_mapping_provider: config: - localpart_template: "{{ '{{ user.name }}' }}" - display_name_template: "{{ '{{ user.name|capitalize }}' }}" + localpart_template: "{{ user.preferred_username }}}" + display_name_template: "{{ user.preferred_username|capitalize }}" # TO BE FILLED: If your user's have names in Authentik and you want those in Synapse, this should be replaced with user.name|capitalize. ``` ### GitHub From a9bcb0a3a554c0548c000dc1a23598b467671212 Mon Sep 17 00:00:00 2001 From: reivilibre Date: Thu, 28 Oct 2021 11:00:50 +0100 Subject: [PATCH 3/3] Minor typo fix in docs/openid.md --- docs/openid.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/openid.md b/docs/openid.md index 5e92c26e4edc..4a340ef1071c 100644 --- a/docs/openid.md +++ b/docs/openid.md @@ -240,7 +240,7 @@ oidc_providers: user_mapping_provider: config: localpart_template: "{{ user.preferred_username }}}" - display_name_template: "{{ user.preferred_username|capitalize }}" # TO BE FILLED: If your user's have names in Authentik and you want those in Synapse, this should be replaced with user.name|capitalize. + display_name_template: "{{ user.preferred_username|capitalize }}" # TO BE FILLED: If your users have names in Authentik and you want those in Synapse, this should be replaced with user.name|capitalize. ``` ### GitHub