Skip to content

Latest commit

 

History

History
106 lines (86 loc) · 3.96 KB

index.md

File metadata and controls

106 lines (86 loc) · 3.96 KB
Raw
title description summary date draft images weight toc community seo
PowerDNS Admin
Integrating PowerDNS Admin with the Authelia OpenID Connect 1.0 Provider.
2024-01-16 08:47:18 +1100
false
620
true
true
title description canonical noindex
false

Tested Versions

{{% oidc-common %}}

Assumptions

This example makes the following assumptions:

  • Application Root URL: https://powerdns.example.com/
  • Authelia Root URL: https://auth.example.com/
  • Client ID: powerdns
  • Client Secret: insecure_secret

Configuration

Authelia

The following YAML configuration is an example Authelia client configuration for use with PowerDNS Admin which will operate with the application example:

identity_providers:
  oidc:
    ## The other portions of the mandatory OpenID Connect 1.0 configuration go here.
    ## See: https://www.authelia.com/c/oidc
    clients:
      - client_id: 'powerdns'
        client_name: 'PowerDNS Admin'
        client_secret: '$pbkdf2-sha512$310000$c8p78n7pUMln0jzvd4aK4Q$JNRBzwAo0ek5qKn50cFzzvE9RXV88h1wJn5KGiHrD0YKtZaR/nCb2CJPOsKaPK0hjf.9yHxzQGZziziccp6Yng'  # The digest of 'insecure_secret'.
        public: false
        authorization_policy: 'two_factor'
        redirect_uris:
          - 'https://powerdns.example.com/oidc/authorized'
        scopes:
          - 'openid'
          - 'profile'
          - 'groups'
          - 'email'
        response_types:
          - 'code'
        grant_types:
          - 'authorization_code'
        userinfo_signed_response_alg: 'none'

Application

To configure PowerDNS Admin to utilize Authelia as an OpenID Connect 1.0 Provider:

  1. Visit Settings
  2. Visit Authentication
  3. Visit OpenID Connect OAuth
  4. Set the following values:
    1. Enable Enable OpenID Connect OAuth
    2. Client ID: powerdns
    3. Client Secret: insecure_secret
    4. Scopes: openid profile groups email
    5. API URL: https://auth.example.com/api/oidc/userinfo
    6. Enable Enable OIDC OAuth Auto-Configurationh
    7. Metadata URL: https://auth.example.com/.well-known/openid-configuration
    8. Username: preferred_username
    9. Email: email
    10. Firstname: preferred_username
    11. Last Name: name
    12. Autoprovision Account Name property: preferred_username
    13. Autoprovision Account Description property : name

*Note: Currently, Authelia only supports the preferred_username and name claims under the profile scope. However PowerDNS-Admin only supports a FirstName LastName system, where the two are separate, instead of using the name claim to fetch the full name. This means that the names in the system are incorrect. (See linked ticket(#4338))

{{< figure src="powerdns.png" alt="PowerDNS Admin" width="736" style="padding-right: 10px" >}}

*Note: Currently, Authelia only supports the preferred_username and name claims under the profile scope. However PowerDNS-Admin only supports a FirstName LastName system, where the two are separate, instead of using the name claim to fetch the full name. This means that the names in the system are incorrect. (See linked ticket(#4338))

{{< figure src="powerdns.png" alt="PowerDNS Admin" width="736" style="padding-right: 10px" >}}

See Also