Provider Kanidm

Provider: Kanidm

Kanidm OAuth2 Configuration

Create an OAuth2 resource server in Kanidm:

kanidm system oauth2 create jellyfin "Jellyfin" https://<your-jellyfin-domain>
kanidm system oauth2 add-redirect-url jellyfin https://<your-jellyfin-domain>/sso/OID/redirect/kanidm
kanidm system oauth2 update-scope-map jellyfin <group-name> openid profile email groups

Retrieve the client secret:

kanidm system oauth2 show-basic-secret jellyfin

Jellyfin Plugin Configuration

Field	Value
Provider Name	`kanidm`
OpenID Endpoint	`https://<kanidm-domain>/oauth2/openid/jellyfin`
Client ID	`jellyfin`
Client Secret	from `show-basic-secret`
Role Claim	`groups`
Request Additional Scopes	`groups`

RBAC Configuration

Set Roles to Kanidm group names that are allowed to log in. Kanidm exposes groups as the groups claim when the groups scope is granted.

Redirect URI

https://<your-jellyfin-domain>/sso/OID/redirect/kanidm

SSO Authentication Plugin

Getting Started

Configuration

Providers

Reference

Development

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Provider Kanidm

Provider: Kanidm

Kanidm OAuth2 Configuration

Jellyfin Plugin Configuration

RBAC Configuration

Redirect URI

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

SSO Authentication Plugin

Clone this wiki locally