User Tools

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
services:alist [2025/03/19 09:40] willyservices:alist [2025/03/19 10:40] (current) willy
Line 200: Line 200:
 === SSO === === SSO ===
  
-If yo uhave setup your SSO backend, like i describe in [[selfhost:sso|this]] page, go to //management// -> //settings// -> //Single Sign ON// to enable the link to your Authelia.+**Note:** so far i failed at setting up Authelia in AList. The following notes are as far as i got, but currently there seems to be no communication between Authelia and AList itself. 
 + 
 +If you have setup your SSO backend, like i describe in [[selfhost:sso|this]] page, go to //management// -> //settings// -> //Single Sign ON// to enable the link to your Authelia
 + 
 +The official documentation [[https://alist.nn.ci/guide/advanced/sso.html#sso-full-fill-demo|here]] is very detailed, hoping you can read Chinese (i cannot)... Otherwise, follow the indications below. 
 + 
 +Authelia configuration section, to be added to /home/authelia/configuration.yml: 
 +<code> 
 +    clients: 
 +      - client_id: '<< generate a custom client id, see below >>' 
 +        client_secret: '<< generate a custom client secret, see below, the digest goes here >>' 
 +        client_name: 'alist' 
 +        public: false 
 +        authorization_policy: 'one_factor' 
 +        redirect_uris: 
 +          - https://drive.mydomain.com/api/auth/sso_callback\?method=sso_get_token 
 +          - https://drive.mydomain.com/api/auth/sso_callback\?method=get_sso_id 
 +        scopes: 
 +          - 'openid' 
 +          - 'profile' 
 +          - 'email' 
 +        userinfo_signed_response_alg: 'none' 
 +</code> 
 + 
 +To generate a ClientID: 
 +<code bash> 
 +authelia crypto rand --length 72 --charset rfc3986 
 +</code> 
 + 
 +To generate a Client Secret: 
 +<code bash> 
 +authelia crypto hash generate pbkdf2 --variant sha512 --random --random.length 72 --random.charset rfc3986 
 +</code> 
 +Please note **both** the digest and the password itself! 
 + 
 +In AList use the following information: 
 +  * Platform: OIDC 
 +  * Client ID: use the one generated above 
 +  * Client secret: use the one generated above, the password, not the digest 
 +  * Sso oidc username key: preferred_username 
 +  * Sso organization name: user 
 +  * Sso application name: user 
 +  * Sso extra scopes: openid email profile 
 +  * SSO endpoint name: https://login.mydomain.com/.well-known/openid-configuration 
 +  * SSO auto register: create AList users from SSO users 
 +  * SSO default permission: a sum of all the extra permissions. Use 768 for WebDAV access and editing.
  
-.... WIP ... 
  
  

This website uses technical cookies only. No information is shared with anybody or used in any way but provide the website in your browser.

More information