diff options
Diffstat (limited to 'docs/en/admins')
| -rw-r--r-- | docs/en/admins/01_Index.md | 1 | ||||
| -rw-r--r-- | docs/en/admins/09_AccessControl.md | 4 | ||||
| -rw-r--r-- | docs/en/admins/16_OpenID-Connect.md | 36 |
3 files changed, 41 insertions, 0 deletions
diff --git a/docs/en/admins/01_Index.md b/docs/en/admins/01_Index.md index 8bf07c021..a7aa01140 100644 --- a/docs/en/admins/01_Index.md +++ b/docs/en/admins/01_Index.md @@ -20,6 +20,7 @@ Learn how to install, update, and backup FreshRSS, as well as how to use the com * [Updating on Debian 9/Ubuntu 16.04](07_LinuxUpdate.md) * [Setting Up Automatic Feed Updating](08_FeedUpdates.md) * [Access Control](09_AccessControl.md) +* [OpenID Connect](16_OpenID-Connect.md) * [Apache/Nginx configuration files](10_ServerConfig.md) * [Database configuration](DatabaseConfig.md) * [Using the command line interface (CLI)](https://github.com/FreshRSS/FreshRSS/tree/edge/cli) diff --git a/docs/en/admins/09_AccessControl.md b/docs/en/admins/09_AccessControl.md index 4bd4dc8b5..870d3a6ad 100644 --- a/docs/en/admins/09_AccessControl.md +++ b/docs/en/admins/09_AccessControl.md @@ -37,6 +37,10 @@ WARNING: FreshRSS will trust any IP configured in the `trusted_sources` option, Not using authentication on your server is dangerous, as anyone with access to your server would be able to make changes as an admin. It is never advisable to not use any form of authentication, but **never** chose this option on a server that is able to be accessed outside of your home network. +## OpenID Connect + +* See [dedicated section](16_OpenID-Connect.md). + ## Hints You can switch your authentication method at any time by editing the `./data/config.php` file, on the line that begins `'auth_type'`. diff --git a/docs/en/admins/16_OpenID-Connect.md b/docs/en/admins/16_OpenID-Connect.md new file mode 100644 index 000000000..16adb4532 --- /dev/null +++ b/docs/en/admins/16_OpenID-Connect.md @@ -0,0 +1,36 @@ +# OpenID Connect (OIDC) + +See: [What is OpenID Connect?](https://openid.net/connect/). + +This is one of the [access control methods](09_AccessControl.md) supported by FreshRSS. + +OIDC support is provided by [mod_auth_openidc](https://github.com/OpenIDC/mod_auth_openidc). +Additional documentation can be found in that project. + +## Using Docker + +OIDC support in Docker is activated by the presence of a non-empty non-zero `OIDC_ENABLED` environment variable. + +> ℹ️ Only available in our Debian image. + +## The config is done with these environment variables + +* `OIDC_ENABLED`: Activates OIDC support. +* `OIDC_PROVIDER_METADATA_URL`: The config URL. Usually looks like: `<issuer>/.well-known/openid-configuration` +* `OIDC_CLIENT_ID`: The OIDC client id from your issuer. +* `OIDC_CLIENT_SECRET`: The OIDC client secret issuer. +* `OIDC_CLIENT_CRYPTO_KEY`: An opaque key used for internal encryption. + +You may add additional custom configuration in a new `./FreshRSS/p/i/.htaccess` file. + +## Using own Apache installation + +See our reference [Apache configuration](https://github.com/FreshRSS/FreshRSS/blob/edge/Docker/FreshRSS.Apache.conf) for more information. + +## Setup + +After being properly configured, OIDC support can be activated in FreshRSS. + +During a new FreshRSS install, the **HTTP Authentication Method** must be picked. + +After install, the method can be changed in *Administration > Authentication*. |