title | description | summary | date | draft | images | weight | toc | community | seo | ||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
PowerDNS Admin |
Integrating PowerDNS Admin with the Authelia OpenID Connect 1.0 Provider. |
2024-01-16 08:47:18 +1100 |
false |
620 |
true |
true |
|
{{% oidc-common %}}
This example makes the following assumptions:
- Application Root URL:
https://powerdns.example.com/
- Authelia Root URL:
https://auth.example.com/
- Client ID:
powerdns
- Client Secret:
insecure_secret
The following YAML configuration is an example Authelia client configuration for use with PowerDNS Admin which will operate with the application example:
identity_providers:
oidc:
## The other portions of the mandatory OpenID Connect 1.0 configuration go here.
## See: https://www.authelia.com/c/oidc
clients:
- client_id: 'powerdns'
client_name: 'PowerDNS Admin'
client_secret: '$pbkdf2-sha512$310000$c8p78n7pUMln0jzvd4aK4Q$JNRBzwAo0ek5qKn50cFzzvE9RXV88h1wJn5KGiHrD0YKtZaR/nCb2CJPOsKaPK0hjf.9yHxzQGZziziccp6Yng' # The digest of 'insecure_secret'.
public: false
authorization_policy: 'two_factor'
redirect_uris:
- 'https://powerdns.example.com/oidc/authorized'
scopes:
- 'openid'
- 'profile'
- 'groups'
- 'email'
response_types:
- 'code'
grant_types:
- 'authorization_code'
userinfo_signed_response_alg: 'none'
To configure PowerDNS Admin to utilize Authelia as an OpenID Connect 1.0 Provider:
- Visit Settings
- Visit Authentication
- Visit OpenID Connect OAuth
- Set the following values:
- Enable Enable OpenID Connect OAuth
- Client ID:
powerdns
- Client Secret:
insecure_secret
- Scopes:
openid profile groups email
- API URL:
https://auth.example.com/api/oidc/userinfo
- Enable Enable OIDC OAuth Auto-Configurationh
- Metadata URL:
https://auth.example.com/.well-known/openid-configuration
- Username:
preferred_username
- Email:
email
- Firstname:
preferred_username
- Last Name:
name
- Autoprovision Account Name property:
preferred_username
- Autoprovision Account Description property :
name
*Note: Currently, Authelia only supports the preferred_username and name claims under the profile scope. However PowerDNS-Admin only supports a FirstName LastName system, where the two are separate, instead of using the name claim to fetch the full name. This means that the names in the system are incorrect. (See linked ticket(#4338))
{{< figure src="powerdns.png" alt="PowerDNS Admin" width="736" style="padding-right: 10px" >}}
*Note: Currently, Authelia only supports the preferred_username and name claims under the profile scope. However PowerDNS-Admin only supports a FirstName LastName system, where the two are separate, instead of using the name claim to fetch the full name. This means that the names in the system are incorrect. (See linked ticket(#4338))
{{< figure src="powerdns.png" alt="PowerDNS Admin" width="736" style="padding-right: 10px" >}}