Added Synology DSM integration
This commit is contained in:
Bob van Mierlo
parent
3e44e9d3f6
commit
34046ff687
|
|
@ -0,0 +1,60 @@
|
||||||
|
---
|
||||||
|
title: Synology DSM
|
||||||
|
---
|
||||||
|
|
||||||
|
<span class="badge badge--secondary">Support level: Community</span>
|
||||||
|
|
||||||
|
## What is Synology DSM
|
||||||
|
|
||||||
|
> Synology Inc. is a Taiwanese corporation that specializes in network-attached storage (NAS) appliances. Synology's line of NAS is known as the DiskStation for desktop models, FlashStation for all-flash models, and RackStation for rack-mount models. Synology's products are distributed worldwide and localized in several languages.
|
||||||
|
>
|
||||||
|
> -- https://www.synology.com/en-global/dsm
|
||||||
|
|
||||||
|
:::caution
|
||||||
|
This is tested with DSM 7.1 or newer.
|
||||||
|
:::
|
||||||
|
|
||||||
|
## Preparation
|
||||||
|
|
||||||
|
The following placeholders will be used:
|
||||||
|
|
||||||
|
- `synology.company` is the FQDN of the Synology DSM server.
|
||||||
|
- `authentik.company` is the FQDN of the authentik install.
|
||||||
|
|
||||||
|
### Step 1
|
||||||
|
|
||||||
|
Under _Providers_, create an OAuth2/OpenID provider with these settings:
|
||||||
|
|
||||||
|
- Name: synology
|
||||||
|
- Redirect URI: `https://synology.company/#/signin` (Note the absence of the trailing slash, and the inclusion of the webinterface port)
|
||||||
|
- Signing Key: Select any available key
|
||||||
|
- Subject mode: Based on the Users's Email (Matching on username could work, but not if you have duplicates due to e.g. a LDAP connection)
|
||||||
|
- Take note of the 'Client ID' and 'Client secret'
|
||||||
|
|
||||||
|
### Step 2
|
||||||
|
|
||||||
|
Create an application which uses this provider. Optionally apply access restrictions to the application.
|
||||||
|
|
||||||
|
## Synology DSM setup
|
||||||
|
|
||||||
|
To configure Synology DSM to utilize Authelia as an OpenID Connect 1.0 Provider:
|
||||||
|
|
||||||
|
1. Go to DSM.
|
||||||
|
2. Go to Control Panel.
|
||||||
|
3. Go To Domain/LDAP.
|
||||||
|
4. Go to SSO Client.
|
||||||
|
5. Check the Enable OpenID Connect SSO service checkbox in the OpenID Connect SSO Service section.
|
||||||
|
6. Configure the following values:
|
||||||
|
7. Profile: OIDC
|
||||||
|
8. Name: Authentik
|
||||||
|
9. Well Known URL: Copy this from the 'OpenID Configuration URL' in the authentik provider (URL ends with '/.well-known/openid-configuration')
|
||||||
|
10. Application ID: The 'Client ID' from the authentik provider
|
||||||
|
11. Application Key: The 'Client secret' from the authentik provider
|
||||||
|
12. Redirect URL: https://synology.company/#/signin (This should match the 'Redirect URI' in authentik exactly)
|
||||||
|
13. Authorization Scope: openid profile email
|
||||||
|
14. Username Claim: preferred_username
|
||||||
|
15. Save the settings.
|
||||||
|
|
||||||
|
|
||||||
|
## See also:
|
||||||
|
[Synology DSM SSO Client Documentation](https://kb.synology.com/en-af/DSM/help/DSM/AdminCenter/file_directory_service_sso?version=7)
|
||||||
Reference in New Issue