User Tools

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
services:immich [2025/02/24 10:32] – [SSO authentication setup] willyservices:immich [2025/03/19 10:04] (current) – [SSO authentication setup] willy
Line 18: Line 18:
 Immich needs to be installed using a docker compose file. This is the official and only supported installation method. I will show you, of course, how to run it rootless with podman. Immich installation is detailed [[https://immich.app/docs/install/docker-compose|here]], and i suggest you take a look at. Immich needs to be installed using a docker compose file. This is the official and only supported installation method. I will show you, of course, how to run it rootless with podman. Immich installation is detailed [[https://immich.app/docs/install/docker-compose|here]], and i suggest you take a look at.
  
-I assume you have already created the photo user and group (see [[services:photomanagement|here]], but in case you didn't, here you go:+I assume you have already created the photo user and group (see [[selfhost:photomanagement|here]], but in case you didn't, here you go:
 <code bash> <code bash>
 useradd -d /data/daemons/photos photos useradd -d /data/daemons/photos photos
Line 125: Line 125:
       - client_id: << see below to generate ClientID >>       - client_id: << see below to generate ClientID >>
         client_name: 'immich'         client_name: 'immich'
-        client_secret: << see below to generale ClientSecret >>+        client_secret: << see below to generale ClientSecret, put the digest here >>
         public: false         public: false
         authorization_policy: 'one_factor'         authorization_policy: 'one_factor'
Line 143: Line 143:
 authelia crypto rand --length 72 --charset rfc3986 authelia crypto rand --length 72 --charset rfc3986
 </code> </code>
 +This information will need to copied to both authelia config and immich settings.
  
 To generate a Client Secret: To generate a Client Secret:
Line 152: Line 153:
 Then you need to configure Immich to use Authelia SSO, so go to //Immich web gui → administration → settings → Authentication settings// and enter the following information: Then you need to configure Immich to use Authelia SSO, so go to //Immich web gui → administration → settings → Authentication settings// and enter the following information:
   * Issuer URL: https://auth.example.com/.well-known/openid-configuration.   * Issuer URL: https://auth.example.com/.well-known/openid-configuration.
-  * Client ID: immich+  * Client ID: << the generated ClientID >>
-  * Client Secret: insecure_secret.+  * Client Secret: << the random password generated above, not the digest >>.
   * Scope: openid profile email.   * Scope: openid profile email.
   * Button Text: Login with Authelia.   * Button Text: Login with Authelia.

This website uses technical cookies only. No information is shared with anybody or used in any way but provide the website in your browser.

More information