From 58b254f9cb923d5d0dfe53df4bca8a0f00bbcf0b Mon Sep 17 00:00:00 2001 From: Aaron Schif Date: Mon, 12 Jun 2023 03:22:46 -0500 Subject: Add OpenID Connect (#5351) * Add OIDC * Update documentation. * Update apache conf adding IfModule * Use IfDefine for OIDC in apache conf * Fix non-oidc support * Fix typing * Use IfDefine to enable OIDC * Add OIDC support to all dockerfiles * Re add apache Require option * Fixes and documentation * A few more fixes * A bit more doc * Change type of environment variable * Update readme * Correct apache config for OIDC support. * Fix README formatting * Update oidc control path * Fix oidc endpoint being cached * A bit more review * Simplify ExpiresActive * Add session refresh and improve caching * Allow more different setups * A bit more documentation * A bit more readme --------- Co-authored-by: Aaron Schif Co-authored-by: Alexandre Alapetite Co-authored-by: maTh --- Docker/FreshRSS.Apache.conf | 24 ++++++++++++++++++++++++ 1 file changed, 24 insertions(+) (limited to 'Docker/FreshRSS.Apache.conf') diff --git a/Docker/FreshRSS.Apache.conf b/Docker/FreshRSS.Apache.conf index b943f9fa7..e5576ac8f 100644 --- a/Docker/FreshRSS.Apache.conf +++ b/Docker/FreshRSS.Apache.conf @@ -10,6 +10,24 @@ AllowEncodedSlashes On ServerTokens OS TraceEnable Off + + + Error "The auth_openidc_module is not available. Install it or unset environment variable OIDC_ENABLED." + + + OIDCProviderMetadataURL ${OIDC_PROVIDER_METADATA_URL} + OIDCClientID ${OIDC_CLIENT_ID} + OIDCClientSecret ${OIDC_CLIENT_SECRET} + + OIDCRedirectURI /i/oidc/ + OIDCCryptoPassphrase ${OIDC_CLIENT_CRYPTO_KEY} + + OIDCRemoteUserClaim preferred_username + OIDCScope "openid" + + OIDCRefreshAccessTokenBeforeExpiry 30 + + AllowOverride None Options FollowSymLinks @@ -28,6 +46,12 @@ TraceEnable Off + ExpiresActive Off + + + AuthType openid-connect + Require valid-user + IncludeOptional /var/www/FreshRSS/p/i/.htaccess -- cgit v1.2.3