trustchain-oc1-orchestral
/
authentik
Archived
10
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Added Synology DSM integration

This commit is contained in:
Bob van Mierlo 2024-01-07 22:30:58 +01:00
parent 3e44e9d3f6
commit 34046ff687
1 changed files with 60 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

60
website/integrations/services/synology-dsm/index.md Normal file
View File

@ -0,0 +1,60 @@
---
title: Synology DSM
---
<span class="badge badge--secondary">Support level: Community</span>
## What is Synology DSM
> Synology Inc. is a Taiwanese corporation that specializes in network-attached storage (NAS) appliances. Synology's line of NAS is known as the DiskStation for desktop models, FlashStation for all-flash models, and RackStation for rack-mount models. Synology's products are distributed worldwide and localized in several languages.
>
> -- https://www.synology.com/en-global/dsm
:::caution
This is tested with DSM 7.1 or newer.
:::
## Preparation
The following placeholders will be used:
- `synology.company` is the FQDN of the Synology DSM server.
- `authentik.company` is the FQDN of the authentik install.
### Step 1
Under _Providers_, create an OAuth2/OpenID provider with these settings:
- Name: synology
- Redirect URI: `https://synology.company/#/signin` (Note the absence of the trailing slash, and the inclusion of the webinterface port)
- Signing Key: Select any available key
- Subject mode: Based on the Users's Email (Matching on username could work, but not if you have duplicates due to e.g. a LDAP connection)
- Take note of the 'Client ID' and 'Client secret'
### Step 2
Create an application which uses this provider. Optionally apply access restrictions to the application.
## Synology DSM setup
To configure Synology DSM to utilize Authelia as an OpenID Connect 1.0 Provider:
1. Go to DSM.
2. Go to Control Panel.
3. Go To Domain/LDAP.
4. Go to SSO Client.
5. Check the Enable OpenID Connect SSO service checkbox in the OpenID Connect SSO Service section.
6. Configure the following values:
7. Profile: OIDC
8. Name: Authentik
9. Well Known URL: Copy this from the 'OpenID Configuration URL' in the authentik provider (URL ends with '/.well-known/openid-configuration')
10. Application ID: The 'Client ID' from the authentik provider
11. Application Key: The 'Client secret' from the authentik provider
12. Redirect URL: https://synology.company/#/signin (This should match the 'Redirect URI' in authentik exactly)
13. Authorization Scope: openid profile email
14. Username Claim: preferred_username
15. Save the settings.
## See also:
[Synology DSM SSO Client Documentation](https://kb.synology.com/en-af/DSM/help/DSM/AdminCenter/file_directory_service_sso?version=7)