diff options
| author |  Aaron Schif <aaronschif@gmail.com>
| 2023-06-12 03:22:46 -0500 |
|---|---|---|
| committer |  GitHub <noreply@github.com>
| 2023-06-12 10:22:46 +0200 |
| commit | 58b254f9cb923d5d0dfe53df4bca8a0f00bbcf0b (patch) | |
| tree | ccd368d81044a38d1b2713e67f3faff6ada865b9 /docs/en/admins/16_OpenID-Connect.md | |
| parent | 15d143989b8ed1f73f1c574b03e03d4f4c820b11 (diff) | |
Add OpenID Connect (#5351)
* Add OIDC
* Update documentation.
* Update apache conf adding IfModule
* Use IfDefine for OIDC in apache conf
* Fix non-oidc support
* Fix typing
* Use IfDefine to enable OIDC
* Add OIDC support to all dockerfiles
* Re add apache Require option
* Fixes and documentation
* A few more fixes
* A bit more doc
* Change type of environment variable
* Update readme
* Correct apache config for OIDC support.
* Fix README formatting
* Update oidc control path
* Fix oidc endpoint being cached
* A bit more review
* Simplify ExpiresActive
* Add session refresh and improve caching
* Allow more different setups
* A bit more documentation
* A bit more readme
---------
Co-authored-by: Aaron Schif <aschif@netdevgroup.com>
Co-authored-by: Alexandre Alapetite <alexandre@alapetite.fr>
Co-authored-by: maTh <math-home@web.de>
Diffstat (limited to 'docs/en/admins/16_OpenID-Connect.md')
| -rw-r--r-- | docs/en/admins/16_OpenID-Connect.md | 36 |
1 files changed, 36 insertions, 0 deletions
diff --git a/docs/en/admins/16_OpenID-Connect.md b/docs/en/admins/16_OpenID-Connect.md new file mode 100644 index 000000000..16adb4532 --- /dev/null +++ b/docs/en/admins/16_OpenID-Connect.md @@ -0,0 +1,36 @@ +# OpenID Connect (OIDC) + +See: [What is OpenID Connect?](https://openid.net/connect/). + +This is one of the [access control methods](09_AccessControl.md) supported by FreshRSS. + +OIDC support is provided by [mod_auth_openidc](https://github.com/OpenIDC/mod_auth_openidc). +Additional documentation can be found in that project. + +## Using Docker + +OIDC support in Docker is activated by the presence of a non-empty non-zero `OIDC_ENABLED` environment variable. + +> ℹ️ Only available in our Debian image. + +## The config is done with these environment variables + +* `OIDC_ENABLED`: Activates OIDC support. +* `OIDC_PROVIDER_METADATA_URL`: The config URL. Usually looks like: `<issuer>/.well-known/openid-configuration` +* `OIDC_CLIENT_ID`: The OIDC client id from your issuer. +* `OIDC_CLIENT_SECRET`: The OIDC client secret issuer. +* `OIDC_CLIENT_CRYPTO_KEY`: An opaque key used for internal encryption. + +You may add additional custom configuration in a new `./FreshRSS/p/i/.htaccess` file. + +## Using own Apache installation + +See our reference [Apache configuration](https://github.com/FreshRSS/FreshRSS/blob/edge/Docker/FreshRSS.Apache.conf) for more information. + +## Setup + +After being properly configured, OIDC support can be activated in FreshRSS. + +During a new FreshRSS install, the **HTTP Authentication Method** must be picked. + +After install, the method can be changed in *Administration > Authentication*. |