mirror of
https://github.com/joaovitoriasilva/endurain.git
synced 2026-01-08 23:38:01 -05:00
1568 lines
42 KiB
HTML
1568 lines
42 KiB
HTML
|
|
<!doctype html>
|
|
<html lang="en" class="no-js">
|
|
<head>
|
|
|
|
<meta charset="utf-8">
|
|
<meta name="viewport" content="width=device-width,initial-scale=1">
|
|
|
|
|
|
|
|
|
|
<link rel="prev" href="../../getting-started/maria-to-postgres-migration/">
|
|
|
|
|
|
<link rel="next" href="../sleep-scoring/">
|
|
|
|
|
|
<link rel="icon" href="../../assets/images/favicon.png">
|
|
<meta name="generator" content="mkdocs-1.6.1, mkdocs-material-9.6.22">
|
|
|
|
|
|
|
|
<title>Single Sign-On (SSO) - Endurain documentation</title>
|
|
|
|
|
|
|
|
<link rel="stylesheet" href="../../assets/stylesheets/main.84d31ad4.min.css">
|
|
|
|
|
|
<link rel="stylesheet" href="../../assets/stylesheets/palette.06af60db.min.css">
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
<style>:root{--md-admonition-icon--alert:url('data:image/svg+xml;charset=utf-8,%3Csvg%20xmlns%3D%22http%3A//www.w3.org/2000/svg%22%20viewBox%3D%220%200%2024%2024%22%3E%3Cpath%20d%3D%22M13%2014h-2V9h2m0%209h-2v-2h2M1%2021h22L12%202z%22/%3E%3C/svg%3E');--md-admonition-icon--note:url('data:image/svg+xml;charset=utf-8,%3Csvg%20xmlns%3D%22http%3A//www.w3.org/2000/svg%22%20viewBox%3D%220%200%2024%2024%22%3E%3Cpath%20d%3D%22M13%209h-2V7h2m0%2010h-2v-6h2m-1-9A10%2010%200%200%200%202%2012a10%2010%200%200%200%2010%2010%2010%2010%200%200%200%2010-10A10%2010%200%200%200%2012%202%22/%3E%3C/svg%3E');--md-admonition-icon--tip:url('data:image/svg+xml;charset=utf-8,%3Csvg%20xmlns%3D%22http%3A//www.w3.org/2000/svg%22%20viewBox%3D%220%200%2024%2024%22%3E%3Cpath%20d%3D%22M12%206a6%206%200%200%201%206%206c0%202.22-1.21%204.16-3%205.2V19a1%201%200%200%201-1%201h-4a1%201%200%200%201-1-1v-1.8c-1.79-1.04-3-2.98-3-5.2a6%206%200%200%201%206-6m2%2015v1a1%201%200%200%201-1%201h-2a1%201%200%200%201-1-1v-1zm6-10h3v2h-3zM1%2011h3v2H1zM13%201v3h-2V1zM4.92%203.5l2.13%202.14-1.42%201.41L3.5%204.93zm12.03%202.13%202.12-2.13%201.43%201.43-2.13%202.12z%22/%3E%3C/svg%3E');}</style>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
<link rel="preconnect" href="https://fonts.gstatic.com" crossorigin>
|
|
<link rel="stylesheet" href="https://fonts.googleapis.com/css?family=Roboto:300,300i,400,400i,700,700i%7CRoboto+Mono:400,400i,700,700i&display=fallback">
|
|
<style>:root{--md-text-font:"Roboto";--md-code-font:"Roboto Mono"}</style>
|
|
|
|
|
|
|
|
<script>__md_scope=new URL("../..",location),__md_hash=e=>[...e].reduce(((e,_)=>(e<<5)-e+_.charCodeAt(0)),0),__md_get=(e,_=localStorage,t=__md_scope)=>JSON.parse(_.getItem(t.pathname+"."+e)),__md_set=(e,_,t=localStorage,a=__md_scope)=>{try{t.setItem(a.pathname+"."+e,JSON.stringify(_))}catch(e){}}</script>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
</head>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
<body dir="ltr" data-md-color-scheme="default" data-md-color-primary="indigo" data-md-color-accent="indigo">
|
|
|
|
|
|
<input class="md-toggle" data-md-toggle="drawer" type="checkbox" id="__drawer" autocomplete="off">
|
|
<input class="md-toggle" data-md-toggle="search" type="checkbox" id="__search" autocomplete="off">
|
|
<label class="md-overlay" for="__drawer"></label>
|
|
<div data-md-component="skip">
|
|
|
|
|
|
<a href="#single-sign-on-sso-configuration" class="md-skip">
|
|
Skip to content
|
|
</a>
|
|
|
|
</div>
|
|
<div data-md-component="announce">
|
|
|
|
</div>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
<header class="md-header md-header--shadow" data-md-component="header">
|
|
<nav class="md-header__inner md-grid" aria-label="Header">
|
|
<a href="../.." title="Endurain documentation" class="md-header__button md-logo" aria-label="Endurain documentation" data-md-component="logo">
|
|
|
|
|
|
<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M12 8a3 3 0 0 0 3-3 3 3 0 0 0-3-3 3 3 0 0 0-3 3 3 3 0 0 0 3 3m0 3.54C9.64 9.35 6.5 8 3 8v11c3.5 0 6.64 1.35 9 3.54 2.36-2.19 5.5-3.54 9-3.54V8c-3.5 0-6.64 1.35-9 3.54"/></svg>
|
|
|
|
</a>
|
|
<label class="md-header__button md-icon" for="__drawer">
|
|
|
|
<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M3 6h18v2H3zm0 5h18v2H3zm0 5h18v2H3z"/></svg>
|
|
</label>
|
|
<div class="md-header__title" data-md-component="header-title">
|
|
<div class="md-header__ellipsis">
|
|
<div class="md-header__topic">
|
|
<span class="md-ellipsis">
|
|
Endurain documentation
|
|
</span>
|
|
</div>
|
|
<div class="md-header__topic" data-md-component="header-topic">
|
|
<span class="md-ellipsis">
|
|
|
|
Single Sign-On (SSO)
|
|
|
|
</span>
|
|
</div>
|
|
</div>
|
|
</div>
|
|
|
|
|
|
<form class="md-header__option" data-md-component="palette">
|
|
|
|
|
|
|
|
|
|
<input class="md-option" data-md-color-media="(prefers-color-scheme: light)" data-md-color-scheme="default" data-md-color-primary="indigo" data-md-color-accent="indigo" aria-label="Switch to dark mode" type="radio" name="__palette" id="__palette_0">
|
|
|
|
<label class="md-header__button md-icon" title="Switch to dark mode" for="__palette_1" hidden>
|
|
<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M12 8a4 4 0 0 0-4 4 4 4 0 0 0 4 4 4 4 0 0 0 4-4 4 4 0 0 0-4-4m0 10a6 6 0 0 1-6-6 6 6 0 0 1 6-6 6 6 0 0 1 6 6 6 6 0 0 1-6 6m8-9.31V4h-4.69L12 .69 8.69 4H4v4.69L.69 12 4 15.31V20h4.69L12 23.31 15.31 20H20v-4.69L23.31 12z"/></svg>
|
|
</label>
|
|
|
|
|
|
|
|
|
|
|
|
<input class="md-option" data-md-color-media="(prefers-color-scheme: dark)" data-md-color-scheme="slate" data-md-color-primary="indigo" data-md-color-accent="indigo" aria-label="Switch to light mode" type="radio" name="__palette" id="__palette_1">
|
|
|
|
<label class="md-header__button md-icon" title="Switch to light mode" for="__palette_0" hidden>
|
|
<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M12 18c-.89 0-1.74-.2-2.5-.55C11.56 16.5 13 14.42 13 12s-1.44-4.5-3.5-5.45C10.26 6.2 11.11 6 12 6a6 6 0 0 1 6 6 6 6 0 0 1-6 6m8-9.31V4h-4.69L12 .69 8.69 4H4v4.69L.69 12 4 15.31V20h4.69L12 23.31 15.31 20H20v-4.69L23.31 12z"/></svg>
|
|
</label>
|
|
|
|
|
|
</form>
|
|
|
|
|
|
|
|
<script>var palette=__md_get("__palette");if(palette&&palette.color){if("(prefers-color-scheme)"===palette.color.media){var media=matchMedia("(prefers-color-scheme: light)"),input=document.querySelector(media.matches?"[data-md-color-media='(prefers-color-scheme: light)']":"[data-md-color-media='(prefers-color-scheme: dark)']");palette.color.media=input.getAttribute("data-md-color-media"),palette.color.scheme=input.getAttribute("data-md-color-scheme"),palette.color.primary=input.getAttribute("data-md-color-primary"),palette.color.accent=input.getAttribute("data-md-color-accent")}for(var[key,value]of Object.entries(palette.color))document.body.setAttribute("data-md-color-"+key,value)}</script>
|
|
|
|
|
|
|
|
|
|
|
|
<label class="md-header__button md-icon" for="__search">
|
|
|
|
<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M9.5 3A6.5 6.5 0 0 1 16 9.5c0 1.61-.59 3.09-1.56 4.23l.27.27h.79l5 5-1.5 1.5-5-5v-.79l-.27-.27A6.52 6.52 0 0 1 9.5 16 6.5 6.5 0 0 1 3 9.5 6.5 6.5 0 0 1 9.5 3m0 2C7 5 5 7 5 9.5S7 14 9.5 14 14 12 14 9.5 12 5 9.5 5"/></svg>
|
|
</label>
|
|
<div class="md-search" data-md-component="search" role="dialog">
|
|
<label class="md-search__overlay" for="__search"></label>
|
|
<div class="md-search__inner" role="search">
|
|
<form class="md-search__form" name="search">
|
|
<input type="text" class="md-search__input" name="query" aria-label="Search" placeholder="Search" autocapitalize="off" autocorrect="off" autocomplete="off" spellcheck="false" data-md-component="search-query" required>
|
|
<label class="md-search__icon md-icon" for="__search">
|
|
|
|
<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M9.5 3A6.5 6.5 0 0 1 16 9.5c0 1.61-.59 3.09-1.56 4.23l.27.27h.79l5 5-1.5 1.5-5-5v-.79l-.27-.27A6.52 6.52 0 0 1 9.5 16 6.5 6.5 0 0 1 3 9.5 6.5 6.5 0 0 1 9.5 3m0 2C7 5 5 7 5 9.5S7 14 9.5 14 14 12 14 9.5 12 5 9.5 5"/></svg>
|
|
|
|
<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M20 11v2H8l5.5 5.5-1.42 1.42L4.16 12l7.92-7.92L13.5 5.5 8 11z"/></svg>
|
|
</label>
|
|
<nav class="md-search__options" aria-label="Search">
|
|
|
|
<button type="reset" class="md-search__icon md-icon" title="Clear" aria-label="Clear" tabindex="-1">
|
|
|
|
<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M19 6.41 17.59 5 12 10.59 6.41 5 5 6.41 10.59 12 5 17.59 6.41 19 12 13.41 17.59 19 19 17.59 13.41 12z"/></svg>
|
|
</button>
|
|
</nav>
|
|
|
|
</form>
|
|
<div class="md-search__output">
|
|
<div class="md-search__scrollwrap" tabindex="0" data-md-scrollfix>
|
|
<div class="md-search-result" data-md-component="search-result">
|
|
<div class="md-search-result__meta">
|
|
Initializing search
|
|
</div>
|
|
<ol class="md-search-result__list" role="presentation"></ol>
|
|
</div>
|
|
</div>
|
|
</div>
|
|
</div>
|
|
</div>
|
|
|
|
|
|
|
|
<div class="md-header__source">
|
|
<a href="https://github.com/endurain-project/endurain" title="Go to repository" class="md-source" data-md-component="source">
|
|
<div class="md-source__icon md-icon">
|
|
|
|
<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 448 512"><!--! Font Awesome Free 7.1.0 by @fontawesome - https://fontawesome.com License - https://fontawesome.com/license/free (Icons: CC BY 4.0, Fonts: SIL OFL 1.1, Code: MIT License) Copyright 2025 Fonticons, Inc.--><path d="M439.6 236.1 244 40.5c-5.4-5.5-12.8-8.5-20.4-8.5s-15 3-20.4 8.4L162.5 81l51.5 51.5c27.1-9.1 52.7 16.8 43.4 43.7l49.7 49.7c34.2-11.8 61.2 31 35.5 56.7-26.5 26.5-70.2-2.9-56-37.3L240.3 199v121.9c25.3 12.5 22.3 41.8 9.1 55-6.4 6.4-15.2 10.1-24.3 10.1s-17.8-3.6-24.3-10.1c-17.6-17.6-11.1-46.9 11.2-56v-123c-20.8-8.5-24.6-30.7-18.6-45L142.6 101 8.5 235.1C3 240.6 0 247.9 0 255.5s3 15 8.5 20.4l195.6 195.7c5.4 5.4 12.7 8.4 20.4 8.4s15-3 20.4-8.4l194.7-194.7c5.4-5.4 8.4-12.8 8.4-20.4s-3-15-8.4-20.4"/></svg>
|
|
</div>
|
|
<div class="md-source__repository">
|
|
GitHub
|
|
</div>
|
|
</a>
|
|
</div>
|
|
|
|
</nav>
|
|
|
|
</header>
|
|
|
|
<div class="md-container" data-md-component="container">
|
|
|
|
|
|
|
|
|
|
|
|
|
|
<main class="md-main" data-md-component="main">
|
|
<div class="md-main__inner md-grid">
|
|
|
|
|
|
|
|
<div class="md-sidebar md-sidebar--primary" data-md-component="sidebar" data-md-type="navigation" >
|
|
<div class="md-sidebar__scrollwrap">
|
|
<div class="md-sidebar__inner">
|
|
|
|
|
|
|
|
|
|
<nav class="md-nav md-nav--primary" aria-label="Navigation" data-md-level="0">
|
|
<label class="md-nav__title" for="__drawer">
|
|
<a href="../.." title="Endurain documentation" class="md-nav__button md-logo" aria-label="Endurain documentation" data-md-component="logo">
|
|
|
|
|
|
<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M12 8a3 3 0 0 0 3-3 3 3 0 0 0-3-3 3 3 0 0 0-3 3 3 3 0 0 0 3 3m0 3.54C9.64 9.35 6.5 8 3 8v11c3.5 0 6.64 1.35 9 3.54 2.36-2.19 5.5-3.54 9-3.54V8c-3.5 0-6.64 1.35-9 3.54"/></svg>
|
|
|
|
</a>
|
|
Endurain documentation
|
|
</label>
|
|
|
|
<div class="md-nav__source">
|
|
<a href="https://github.com/endurain-project/endurain" title="Go to repository" class="md-source" data-md-component="source">
|
|
<div class="md-source__icon md-icon">
|
|
|
|
<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 448 512"><!--! Font Awesome Free 7.1.0 by @fontawesome - https://fontawesome.com License - https://fontawesome.com/license/free (Icons: CC BY 4.0, Fonts: SIL OFL 1.1, Code: MIT License) Copyright 2025 Fonticons, Inc.--><path d="M439.6 236.1 244 40.5c-5.4-5.5-12.8-8.5-20.4-8.5s-15 3-20.4 8.4L162.5 81l51.5 51.5c27.1-9.1 52.7 16.8 43.4 43.7l49.7 49.7c34.2-11.8 61.2 31 35.5 56.7-26.5 26.5-70.2-2.9-56-37.3L240.3 199v121.9c25.3 12.5 22.3 41.8 9.1 55-6.4 6.4-15.2 10.1-24.3 10.1s-17.8-3.6-24.3-10.1c-17.6-17.6-11.1-46.9 11.2-56v-123c-20.8-8.5-24.6-30.7-18.6-45L142.6 101 8.5 235.1C3 240.6 0 247.9 0 255.5s3 15 8.5 20.4l195.6 195.7c5.4 5.4 12.7 8.4 20.4 8.4s15-3 20.4-8.4l194.7-194.7c5.4-5.4 8.4-12.8 8.4-20.4s-3-15-8.4-20.4"/></svg>
|
|
</div>
|
|
<div class="md-source__repository">
|
|
GitHub
|
|
</div>
|
|
</a>
|
|
</div>
|
|
|
|
<ul class="md-nav__list" data-md-scrollfix>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
<li class="md-nav__item">
|
|
<a href="../.." class="md-nav__link">
|
|
|
|
|
|
|
|
<span class="md-ellipsis">
|
|
Home
|
|
|
|
</span>
|
|
|
|
|
|
</a>
|
|
</li>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
<li class="md-nav__item md-nav__item--nested">
|
|
|
|
|
|
|
|
<input class="md-nav__toggle md-toggle " type="checkbox" id="__nav_2" >
|
|
|
|
|
|
<label class="md-nav__link" for="__nav_2" id="__nav_2_label" tabindex="0">
|
|
|
|
|
|
|
|
<span class="md-ellipsis">
|
|
Hosting Guide
|
|
|
|
</span>
|
|
|
|
|
|
<span class="md-nav__icon md-icon"></span>
|
|
</label>
|
|
|
|
<nav class="md-nav" data-md-level="1" aria-labelledby="__nav_2_label" aria-expanded="false">
|
|
<label class="md-nav__title" for="__nav_2">
|
|
<span class="md-nav__icon md-icon"></span>
|
|
Hosting Guide
|
|
</label>
|
|
<ul class="md-nav__list" data-md-scrollfix>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
<li class="md-nav__item">
|
|
<a href="../../getting-started/getting-started/" class="md-nav__link">
|
|
|
|
|
|
|
|
<span class="md-ellipsis">
|
|
Getting started easy
|
|
|
|
</span>
|
|
|
|
|
|
</a>
|
|
</li>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
<li class="md-nav__item">
|
|
<a href="../../getting-started/advanced-started/" class="md-nav__link">
|
|
|
|
|
|
|
|
<span class="md-ellipsis">
|
|
Getting started advanced
|
|
|
|
</span>
|
|
|
|
|
|
</a>
|
|
</li>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
<li class="md-nav__item">
|
|
<a href="../../getting-started/bare-metal/" class="md-nav__link">
|
|
|
|
|
|
|
|
<span class="md-ellipsis">
|
|
Bare-Metal installation guide
|
|
|
|
</span>
|
|
|
|
|
|
</a>
|
|
</li>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
<li class="md-nav__item">
|
|
<a href="https://community-scripts.github.io/ProxmoxVE/scripts?id=endurain&category=Gaming+%26+Leisure" class="md-nav__link">
|
|
|
|
|
|
|
|
<span class="md-ellipsis">
|
|
Proxmox community script
|
|
|
|
</span>
|
|
|
|
|
|
</a>
|
|
</li>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
<li class="md-nav__item">
|
|
<a href="../../getting-started/maria-to-postgres-migration/" class="md-nav__link">
|
|
|
|
|
|
|
|
<span class="md-ellipsis">
|
|
MariaDB to Postgres migration
|
|
|
|
</span>
|
|
|
|
|
|
</a>
|
|
</li>
|
|
|
|
|
|
|
|
|
|
</ul>
|
|
</nav>
|
|
|
|
</li>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
<li class="md-nav__item md-nav__item--active md-nav__item--nested">
|
|
|
|
|
|
|
|
<input class="md-nav__toggle md-toggle " type="checkbox" id="__nav_3" checked>
|
|
|
|
|
|
<label class="md-nav__link" for="__nav_3" id="__nav_3_label" tabindex="0">
|
|
|
|
|
|
|
|
<span class="md-ellipsis">
|
|
Features
|
|
|
|
</span>
|
|
|
|
|
|
<span class="md-nav__icon md-icon"></span>
|
|
</label>
|
|
|
|
<nav class="md-nav" data-md-level="1" aria-labelledby="__nav_3_label" aria-expanded="true">
|
|
<label class="md-nav__title" for="__nav_3">
|
|
<span class="md-nav__icon md-icon"></span>
|
|
Features
|
|
</label>
|
|
<ul class="md-nav__list" data-md-scrollfix>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
<li class="md-nav__item md-nav__item--active">
|
|
|
|
<input class="md-nav__toggle md-toggle" type="checkbox" id="__toc">
|
|
|
|
|
|
|
|
|
|
|
|
<label class="md-nav__link md-nav__link--active" for="__toc">
|
|
|
|
|
|
|
|
<span class="md-ellipsis">
|
|
Single Sign-On (SSO)
|
|
|
|
</span>
|
|
|
|
|
|
<span class="md-nav__icon md-icon"></span>
|
|
</label>
|
|
|
|
<a href="./" class="md-nav__link md-nav__link--active">
|
|
|
|
|
|
|
|
<span class="md-ellipsis">
|
|
Single Sign-On (SSO)
|
|
|
|
</span>
|
|
|
|
|
|
</a>
|
|
|
|
|
|
|
|
<nav class="md-nav md-nav--secondary" aria-label="Table of contents">
|
|
|
|
|
|
|
|
|
|
|
|
|
|
<label class="md-nav__title" for="__toc">
|
|
<span class="md-nav__icon md-icon"></span>
|
|
Table of contents
|
|
</label>
|
|
<ul class="md-nav__list" data-md-component="toc" data-md-scrollfix>
|
|
|
|
<li class="md-nav__item">
|
|
<a href="#important-notes" class="md-nav__link">
|
|
<span class="md-ellipsis">
|
|
Important Notes
|
|
</span>
|
|
</a>
|
|
|
|
</li>
|
|
|
|
<li class="md-nav__item">
|
|
<a href="#supported-identity-providers" class="md-nav__link">
|
|
<span class="md-ellipsis">
|
|
Supported Identity Providers
|
|
</span>
|
|
</a>
|
|
|
|
</li>
|
|
|
|
<li class="md-nav__item">
|
|
<a href="#configuration-examples" class="md-nav__link">
|
|
<span class="md-ellipsis">
|
|
Configuration Examples
|
|
</span>
|
|
</a>
|
|
|
|
<nav class="md-nav" aria-label="Configuration Examples">
|
|
<ul class="md-nav__list">
|
|
|
|
<li class="md-nav__item">
|
|
<a href="#pocket-id" class="md-nav__link">
|
|
<span class="md-ellipsis">
|
|
Pocket ID
|
|
</span>
|
|
</a>
|
|
|
|
<nav class="md-nav" aria-label="Pocket ID">
|
|
<ul class="md-nav__list">
|
|
|
|
<li class="md-nav__item">
|
|
<a href="#step-1-configure-pocket-id" class="md-nav__link">
|
|
<span class="md-ellipsis">
|
|
Step 1: Configure Pocket ID
|
|
</span>
|
|
</a>
|
|
|
|
</li>
|
|
|
|
<li class="md-nav__item">
|
|
<a href="#step-2-configure-endurain" class="md-nav__link">
|
|
<span class="md-ellipsis">
|
|
Step 2: Configure Endurain
|
|
</span>
|
|
</a>
|
|
|
|
</li>
|
|
|
|
<li class="md-nav__item">
|
|
<a href="#step-3-test-the-integration" class="md-nav__link">
|
|
<span class="md-ellipsis">
|
|
Step 3: Test the Integration
|
|
</span>
|
|
</a>
|
|
|
|
</li>
|
|
|
|
</ul>
|
|
</nav>
|
|
|
|
</li>
|
|
|
|
<li class="md-nav__item">
|
|
<a href="#tailscale-tsidp" class="md-nav__link">
|
|
<span class="md-ellipsis">
|
|
Tailscale TSIDP
|
|
</span>
|
|
</a>
|
|
|
|
<nav class="md-nav" aria-label="Tailscale TSIDP">
|
|
<ul class="md-nav__list">
|
|
|
|
<li class="md-nav__item">
|
|
<a href="#step-1-configure-tsidp" class="md-nav__link">
|
|
<span class="md-ellipsis">
|
|
Step 1: Configure TSIDP
|
|
</span>
|
|
</a>
|
|
|
|
</li>
|
|
|
|
<li class="md-nav__item">
|
|
<a href="#step-2-configure-endurain_1" class="md-nav__link">
|
|
<span class="md-ellipsis">
|
|
Step 2: Configure Endurain
|
|
</span>
|
|
</a>
|
|
|
|
</li>
|
|
|
|
<li class="md-nav__item">
|
|
<a href="#step-3-test-the-integration_1" class="md-nav__link">
|
|
<span class="md-ellipsis">
|
|
Step 3: Test the Integration
|
|
</span>
|
|
</a>
|
|
|
|
</li>
|
|
|
|
</ul>
|
|
</nav>
|
|
|
|
</li>
|
|
|
|
</ul>
|
|
</nav>
|
|
|
|
</li>
|
|
|
|
<li class="md-nav__item">
|
|
<a href="#general-configuration-steps" class="md-nav__link">
|
|
<span class="md-ellipsis">
|
|
General Configuration Steps
|
|
</span>
|
|
</a>
|
|
|
|
<nav class="md-nav" aria-label="General Configuration Steps">
|
|
<ul class="md-nav__list">
|
|
|
|
<li class="md-nav__item">
|
|
<a href="#1-configure-your-identity-provider" class="md-nav__link">
|
|
<span class="md-ellipsis">
|
|
1. Configure Your Identity Provider
|
|
</span>
|
|
</a>
|
|
|
|
</li>
|
|
|
|
<li class="md-nav__item">
|
|
<a href="#2-configure-endurain" class="md-nav__link">
|
|
<span class="md-ellipsis">
|
|
2. Configure Endurain
|
|
</span>
|
|
</a>
|
|
|
|
</li>
|
|
|
|
<li class="md-nav__item">
|
|
<a href="#3-verify-the-configuration" class="md-nav__link">
|
|
<span class="md-ellipsis">
|
|
3. Verify the Configuration
|
|
</span>
|
|
</a>
|
|
|
|
</li>
|
|
|
|
</ul>
|
|
</nav>
|
|
|
|
</li>
|
|
|
|
<li class="md-nav__item">
|
|
<a href="#troubleshooting" class="md-nav__link">
|
|
<span class="md-ellipsis">
|
|
Troubleshooting
|
|
</span>
|
|
</a>
|
|
|
|
<nav class="md-nav" aria-label="Troubleshooting">
|
|
<ul class="md-nav__list">
|
|
|
|
<li class="md-nav__item">
|
|
<a href="#common-issues" class="md-nav__link">
|
|
<span class="md-ellipsis">
|
|
Common Issues
|
|
</span>
|
|
</a>
|
|
|
|
</li>
|
|
|
|
<li class="md-nav__item">
|
|
<a href="#logs" class="md-nav__link">
|
|
<span class="md-ellipsis">
|
|
Logs
|
|
</span>
|
|
</a>
|
|
|
|
</li>
|
|
|
|
</ul>
|
|
</nav>
|
|
|
|
</li>
|
|
|
|
<li class="md-nav__item">
|
|
<a href="#security-considerations" class="md-nav__link">
|
|
<span class="md-ellipsis">
|
|
Security Considerations
|
|
</span>
|
|
</a>
|
|
|
|
</li>
|
|
|
|
<li class="md-nav__item">
|
|
<a href="#additional-resources" class="md-nav__link">
|
|
<span class="md-ellipsis">
|
|
Additional Resources
|
|
</span>
|
|
</a>
|
|
|
|
</li>
|
|
|
|
</ul>
|
|
|
|
</nav>
|
|
|
|
</li>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
<li class="md-nav__item">
|
|
<a href="../sleep-scoring/" class="md-nav__link">
|
|
|
|
|
|
|
|
<span class="md-ellipsis">
|
|
Sleep Scoring
|
|
|
|
</span>
|
|
|
|
|
|
</a>
|
|
</li>
|
|
|
|
|
|
|
|
|
|
</ul>
|
|
</nav>
|
|
|
|
</li>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
<li class="md-nav__item md-nav__item--nested">
|
|
|
|
|
|
|
|
<input class="md-nav__toggle md-toggle " type="checkbox" id="__nav_4" >
|
|
|
|
|
|
<label class="md-nav__link" for="__nav_4" id="__nav_4_label" tabindex="0">
|
|
|
|
|
|
|
|
<span class="md-ellipsis">
|
|
Integrations
|
|
|
|
</span>
|
|
|
|
|
|
<span class="md-nav__icon md-icon"></span>
|
|
</label>
|
|
|
|
<nav class="md-nav" data-md-level="1" aria-labelledby="__nav_4_label" aria-expanded="false">
|
|
<label class="md-nav__title" for="__nav_4">
|
|
<span class="md-nav__icon md-icon"></span>
|
|
Integrations
|
|
</label>
|
|
<ul class="md-nav__list" data-md-scrollfix>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
<li class="md-nav__item">
|
|
<a href="../../integrations/3rd-party-apps/" class="md-nav__link">
|
|
|
|
|
|
|
|
<span class="md-ellipsis">
|
|
3rd party apps
|
|
|
|
</span>
|
|
|
|
|
|
</a>
|
|
</li>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
<li class="md-nav__item">
|
|
<a href="../../integrations/3rd-party-services/" class="md-nav__link">
|
|
|
|
|
|
|
|
<span class="md-ellipsis">
|
|
3rd party services
|
|
|
|
</span>
|
|
|
|
|
|
</a>
|
|
</li>
|
|
|
|
|
|
|
|
|
|
</ul>
|
|
</nav>
|
|
|
|
</li>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
<li class="md-nav__item md-nav__item--nested">
|
|
|
|
|
|
|
|
<input class="md-nav__toggle md-toggle " type="checkbox" id="__nav_5" >
|
|
|
|
|
|
<label class="md-nav__link" for="__nav_5" id="__nav_5_label" tabindex="0">
|
|
|
|
|
|
|
|
<span class="md-ellipsis">
|
|
Developer guide
|
|
|
|
</span>
|
|
|
|
|
|
<span class="md-nav__icon md-icon"></span>
|
|
</label>
|
|
|
|
<nav class="md-nav" data-md-level="1" aria-labelledby="__nav_5_label" aria-expanded="false">
|
|
<label class="md-nav__title" for="__nav_5">
|
|
<span class="md-nav__icon md-icon"></span>
|
|
Developer guide
|
|
</label>
|
|
<ul class="md-nav__list" data-md-scrollfix>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
<li class="md-nav__item">
|
|
<a href="../../developer-guide/setup-dev-env/" class="md-nav__link">
|
|
|
|
|
|
|
|
<span class="md-ellipsis">
|
|
Setup a development environment
|
|
|
|
</span>
|
|
|
|
|
|
</a>
|
|
</li>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
<li class="md-nav__item">
|
|
<a href="../../developer-guide/authentication/" class="md-nav__link">
|
|
|
|
|
|
|
|
<span class="md-ellipsis">
|
|
Authentication
|
|
|
|
</span>
|
|
|
|
|
|
</a>
|
|
</li>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
<li class="md-nav__item">
|
|
<a href="../../developer-guide/supported-types/" class="md-nav__link">
|
|
|
|
|
|
|
|
<span class="md-ellipsis">
|
|
Supported types
|
|
|
|
</span>
|
|
|
|
|
|
</a>
|
|
</li>
|
|
|
|
|
|
|
|
|
|
</ul>
|
|
</nav>
|
|
|
|
</li>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
<li class="md-nav__item">
|
|
<a href="../../gallery/" class="md-nav__link">
|
|
|
|
|
|
|
|
<span class="md-ellipsis">
|
|
Gallery
|
|
|
|
</span>
|
|
|
|
|
|
</a>
|
|
</li>
|
|
|
|
|
|
|
|
</ul>
|
|
</nav>
|
|
</div>
|
|
</div>
|
|
</div>
|
|
|
|
|
|
|
|
<div class="md-sidebar md-sidebar--secondary" data-md-component="sidebar" data-md-type="toc" >
|
|
<div class="md-sidebar__scrollwrap">
|
|
<div class="md-sidebar__inner">
|
|
|
|
|
|
<nav class="md-nav md-nav--secondary" aria-label="Table of contents">
|
|
|
|
|
|
|
|
|
|
|
|
|
|
<label class="md-nav__title" for="__toc">
|
|
<span class="md-nav__icon md-icon"></span>
|
|
Table of contents
|
|
</label>
|
|
<ul class="md-nav__list" data-md-component="toc" data-md-scrollfix>
|
|
|
|
<li class="md-nav__item">
|
|
<a href="#important-notes" class="md-nav__link">
|
|
<span class="md-ellipsis">
|
|
Important Notes
|
|
</span>
|
|
</a>
|
|
|
|
</li>
|
|
|
|
<li class="md-nav__item">
|
|
<a href="#supported-identity-providers" class="md-nav__link">
|
|
<span class="md-ellipsis">
|
|
Supported Identity Providers
|
|
</span>
|
|
</a>
|
|
|
|
</li>
|
|
|
|
<li class="md-nav__item">
|
|
<a href="#configuration-examples" class="md-nav__link">
|
|
<span class="md-ellipsis">
|
|
Configuration Examples
|
|
</span>
|
|
</a>
|
|
|
|
<nav class="md-nav" aria-label="Configuration Examples">
|
|
<ul class="md-nav__list">
|
|
|
|
<li class="md-nav__item">
|
|
<a href="#pocket-id" class="md-nav__link">
|
|
<span class="md-ellipsis">
|
|
Pocket ID
|
|
</span>
|
|
</a>
|
|
|
|
<nav class="md-nav" aria-label="Pocket ID">
|
|
<ul class="md-nav__list">
|
|
|
|
<li class="md-nav__item">
|
|
<a href="#step-1-configure-pocket-id" class="md-nav__link">
|
|
<span class="md-ellipsis">
|
|
Step 1: Configure Pocket ID
|
|
</span>
|
|
</a>
|
|
|
|
</li>
|
|
|
|
<li class="md-nav__item">
|
|
<a href="#step-2-configure-endurain" class="md-nav__link">
|
|
<span class="md-ellipsis">
|
|
Step 2: Configure Endurain
|
|
</span>
|
|
</a>
|
|
|
|
</li>
|
|
|
|
<li class="md-nav__item">
|
|
<a href="#step-3-test-the-integration" class="md-nav__link">
|
|
<span class="md-ellipsis">
|
|
Step 3: Test the Integration
|
|
</span>
|
|
</a>
|
|
|
|
</li>
|
|
|
|
</ul>
|
|
</nav>
|
|
|
|
</li>
|
|
|
|
<li class="md-nav__item">
|
|
<a href="#tailscale-tsidp" class="md-nav__link">
|
|
<span class="md-ellipsis">
|
|
Tailscale TSIDP
|
|
</span>
|
|
</a>
|
|
|
|
<nav class="md-nav" aria-label="Tailscale TSIDP">
|
|
<ul class="md-nav__list">
|
|
|
|
<li class="md-nav__item">
|
|
<a href="#step-1-configure-tsidp" class="md-nav__link">
|
|
<span class="md-ellipsis">
|
|
Step 1: Configure TSIDP
|
|
</span>
|
|
</a>
|
|
|
|
</li>
|
|
|
|
<li class="md-nav__item">
|
|
<a href="#step-2-configure-endurain_1" class="md-nav__link">
|
|
<span class="md-ellipsis">
|
|
Step 2: Configure Endurain
|
|
</span>
|
|
</a>
|
|
|
|
</li>
|
|
|
|
<li class="md-nav__item">
|
|
<a href="#step-3-test-the-integration_1" class="md-nav__link">
|
|
<span class="md-ellipsis">
|
|
Step 3: Test the Integration
|
|
</span>
|
|
</a>
|
|
|
|
</li>
|
|
|
|
</ul>
|
|
</nav>
|
|
|
|
</li>
|
|
|
|
</ul>
|
|
</nav>
|
|
|
|
</li>
|
|
|
|
<li class="md-nav__item">
|
|
<a href="#general-configuration-steps" class="md-nav__link">
|
|
<span class="md-ellipsis">
|
|
General Configuration Steps
|
|
</span>
|
|
</a>
|
|
|
|
<nav class="md-nav" aria-label="General Configuration Steps">
|
|
<ul class="md-nav__list">
|
|
|
|
<li class="md-nav__item">
|
|
<a href="#1-configure-your-identity-provider" class="md-nav__link">
|
|
<span class="md-ellipsis">
|
|
1. Configure Your Identity Provider
|
|
</span>
|
|
</a>
|
|
|
|
</li>
|
|
|
|
<li class="md-nav__item">
|
|
<a href="#2-configure-endurain" class="md-nav__link">
|
|
<span class="md-ellipsis">
|
|
2. Configure Endurain
|
|
</span>
|
|
</a>
|
|
|
|
</li>
|
|
|
|
<li class="md-nav__item">
|
|
<a href="#3-verify-the-configuration" class="md-nav__link">
|
|
<span class="md-ellipsis">
|
|
3. Verify the Configuration
|
|
</span>
|
|
</a>
|
|
|
|
</li>
|
|
|
|
</ul>
|
|
</nav>
|
|
|
|
</li>
|
|
|
|
<li class="md-nav__item">
|
|
<a href="#troubleshooting" class="md-nav__link">
|
|
<span class="md-ellipsis">
|
|
Troubleshooting
|
|
</span>
|
|
</a>
|
|
|
|
<nav class="md-nav" aria-label="Troubleshooting">
|
|
<ul class="md-nav__list">
|
|
|
|
<li class="md-nav__item">
|
|
<a href="#common-issues" class="md-nav__link">
|
|
<span class="md-ellipsis">
|
|
Common Issues
|
|
</span>
|
|
</a>
|
|
|
|
</li>
|
|
|
|
<li class="md-nav__item">
|
|
<a href="#logs" class="md-nav__link">
|
|
<span class="md-ellipsis">
|
|
Logs
|
|
</span>
|
|
</a>
|
|
|
|
</li>
|
|
|
|
</ul>
|
|
</nav>
|
|
|
|
</li>
|
|
|
|
<li class="md-nav__item">
|
|
<a href="#security-considerations" class="md-nav__link">
|
|
<span class="md-ellipsis">
|
|
Security Considerations
|
|
</span>
|
|
</a>
|
|
|
|
</li>
|
|
|
|
<li class="md-nav__item">
|
|
<a href="#additional-resources" class="md-nav__link">
|
|
<span class="md-ellipsis">
|
|
Additional Resources
|
|
</span>
|
|
</a>
|
|
|
|
</li>
|
|
|
|
</ul>
|
|
|
|
</nav>
|
|
</div>
|
|
</div>
|
|
</div>
|
|
|
|
|
|
|
|
<div class="md-content" data-md-component="content">
|
|
<article class="md-content__inner md-typeset">
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
<h1 id="single-sign-on-sso-configuration">Single Sign-On (SSO) Configuration</h1>
|
|
<p>Endurain supports Single Sign-On (SSO) integration through OAuth 2.0 and OpenID Connect (OIDC) protocols. This allows users to authenticate using their existing identity provider accounts.</p>
|
|
<h2 id="important-notes">Important Notes</h2>
|
|
<div class="admonition warning">
|
|
<p class="admonition-title">Email Address Matching</p>
|
|
<p>If you already have an existing Endurain account, the email address in your SSO provider <strong>must match</strong> your Endurain account email. If the email addresses don't match, Endurain will create a new user account with the SSO email address.</p>
|
|
</div>
|
|
<div class="admonition tip">
|
|
<p class="admonition-title">Requirements</p>
|
|
<p>You'll need:</p>
|
|
<ul>
|
|
<li>The fully qualified domain name (FQDN) of your OIDC provider</li>
|
|
<li>The FQDN of your Endurain installation</li>
|
|
<li>Administrator access to both your identity provider and Endurain</li>
|
|
</ul>
|
|
</div>
|
|
<h2 id="supported-identity-providers">Supported Identity Providers</h2>
|
|
<p>Endurain provides built-in support for the following identity providers:</p>
|
|
<ul>
|
|
<li><strong>Authelia</strong></li>
|
|
<li><strong>Authentik</strong></li>
|
|
<li><strong>Casdoor</strong></li>
|
|
<li><strong>Keycloak</strong></li>
|
|
<li><strong>Pocket ID</strong></li>
|
|
</ul>
|
|
<p>The system also supports custom OIDC providers including:</p>
|
|
<ul>
|
|
<li>Google</li>
|
|
<li>GitHub</li>
|
|
<li>Microsoft Entra ID</li>
|
|
<li>Any other OIDC-compliant provider</li>
|
|
</ul>
|
|
<h2 id="configuration-examples">Configuration Examples</h2>
|
|
<h3 id="pocket-id">Pocket ID</h3>
|
|
<p>Pocket ID is a lightweight, self-hosted identity provider that works seamlessly with Endurain.</p>
|
|
<h4 id="step-1-configure-pocket-id">Step 1: Configure Pocket ID</h4>
|
|
<ol>
|
|
<li>Log into your Pocket ID instance</li>
|
|
<li>Navigate to <strong>Administration</strong> → <strong>OIDC Clients</strong></li>
|
|
<li>Select <strong>Add OIDC client</strong></li>
|
|
<li>Configure the following settings:<ul>
|
|
<li><strong>Name</strong>: <code>Endurain</code></li>
|
|
<li><strong>Client Launch URL</strong>: Your Endurain FQDN (e.g., <code>https://endurain.mydomain.com</code>)</li>
|
|
<li><strong>Callback URLs</strong>: <code>https://endurain.mydomain.com/api/v1/public/idp/callback/pocket-id</code></li>
|
|
</ul>
|
|
</li>
|
|
<li>Click <strong>Save</strong></li>
|
|
<li><strong>Important</strong>: Make a note of your <strong>Client ID</strong> and <strong>Client Secret</strong></li>
|
|
</ol>
|
|
<h4 id="step-2-configure-endurain">Step 2: Configure Endurain</h4>
|
|
<ol>
|
|
<li>Log into your Endurain instance</li>
|
|
<li>Navigate to <strong>Settings</strong> → <strong>Identity Providers</strong></li>
|
|
<li>Select <strong>Add Identity Provider</strong> → <strong>Select Pocket ID</strong></li>
|
|
<li>Configure the following settings:<ul>
|
|
<li><strong>Provider Name</strong>: <code>Pocket ID</code></li>
|
|
<li><strong>Slug</strong>: <code>pocket-id</code></li>
|
|
<li><strong>Provider Type</strong>: <code>OIDC</code></li>
|
|
<li><strong>Issuer URL</strong>: Your Pocket ID FQDN (e.g., <code>https://pocketid.mydomain.com</code>) - <strong>no trailing slash</strong></li>
|
|
<li><strong>Client ID</strong>: The Client ID from Step 1</li>
|
|
<li><strong>Client Secret</strong>: The Client Secret from Step 1</li>
|
|
<li><strong>Scopes</strong>: <code>openid profile email</code></li>
|
|
</ul>
|
|
</li>
|
|
<li>Click <strong>Save</strong></li>
|
|
</ol>
|
|
<h4 id="step-3-test-the-integration">Step 3: Test the Integration</h4>
|
|
<ol>
|
|
<li>Log out of Endurain</li>
|
|
<li>On the login page, you should see a <strong>Sign in with Pocket ID</strong> button</li>
|
|
<li>Click the button to test the SSO flow</li>
|
|
</ol>
|
|
<hr />
|
|
<h3 id="tailscale-tsidp">Tailscale TSIDP</h3>
|
|
<p>Tailscale's identity provider (TSIDP) can be used for secure authentication within your Tailscale network.</p>
|
|
<h4 id="step-1-configure-tsidp">Step 1: Configure TSIDP</h4>
|
|
<ol>
|
|
<li>Log into your TSIDP instance</li>
|
|
<li>Select <strong>Add new client</strong></li>
|
|
<li>Configure the following settings:<ul>
|
|
<li><strong>Client Name</strong>: <code>Endurain</code></li>
|
|
<li><strong>Redirect URIs</strong>: <code>https://endurain.mydomain.com/api/v1/public/idp/callback/tsidp</code></li>
|
|
</ul>
|
|
</li>
|
|
<li>Click <strong>Create client</strong></li>
|
|
<li><strong>Important</strong>: Make a note of your <strong>Client ID</strong> and <strong>Client Secret</strong></li>
|
|
</ol>
|
|
<h4 id="step-2-configure-endurain_1">Step 2: Configure Endurain</h4>
|
|
<ol>
|
|
<li>Log into your Endurain instance</li>
|
|
<li>Navigate to <strong>Settings</strong> → <strong>Identity Providers</strong></li>
|
|
<li>Select <strong>Add Identity Provider</strong> → <strong>Custom</strong></li>
|
|
<li>Configure the following settings:<ul>
|
|
<li><strong>Provider Name</strong>: <code>TSIDP</code></li>
|
|
<li><strong>Slug</strong>: <code>tsidp</code></li>
|
|
<li><strong>Provider Type</strong>: <code>OIDC</code></li>
|
|
<li><strong>Issuer URL</strong>: Your TSIDP FQDN (e.g., <code>https://tsidp.mydomain.com</code>) - <strong>no trailing slash</strong></li>
|
|
<li><strong>Client ID</strong>: The Client ID from Step 1</li>
|
|
<li><strong>Client Secret</strong>: The Client Secret from Step 1</li>
|
|
<li><strong>Scopes</strong>: <code>openid profile email</code></li>
|
|
</ul>
|
|
</li>
|
|
<li>Click <strong>Save</strong></li>
|
|
</ol>
|
|
<h4 id="step-3-test-the-integration_1">Step 3: Test the Integration</h4>
|
|
<ol>
|
|
<li>Log out of Endurain</li>
|
|
<li>On the login page, you should see a <strong>Sign in with TSIDP</strong> button</li>
|
|
<li>Click the button to test the SSO flow</li>
|
|
</ol>
|
|
<hr />
|
|
<h2 id="general-configuration-steps">General Configuration Steps</h2>
|
|
<p>For any OIDC-compliant identity provider, follow these general steps:</p>
|
|
<h3 id="1-configure-your-identity-provider">1. Configure Your Identity Provider</h3>
|
|
<p>Create an OAuth 2.0/OIDC client application with the following settings:</p>
|
|
<ul>
|
|
<li><strong>Application Name</strong>: <code>Endurain</code></li>
|
|
<li><strong>Redirect/Callback URI</strong>: <code>https://<your-endurain-domain>/api/v1/public/idp/callback/<slug></code></li>
|
|
<li><strong>Grant Type</strong>: <code>Authorization Code</code></li>
|
|
<li><strong>Scopes</strong>: At minimum <code>openid profile email</code></li>
|
|
</ul>
|
|
<p>Save the generated <strong>Client ID</strong> and <strong>Client Secret</strong>.</p>
|
|
<h3 id="2-configure-endurain">2. Configure Endurain</h3>
|
|
<ol>
|
|
<li>Log into Endurain as an administrator</li>
|
|
<li>Navigate to <strong>Settings</strong> → <strong>Identity Providers</strong></li>
|
|
<li>Click <strong>Add Identity Provider</strong></li>
|
|
<li>Select your provider type or choose <strong>Custom</strong> for OIDC providers</li>
|
|
<li>Fill in the required fields (see table below)</li>
|
|
<li>Click <strong>Save</strong></li>
|
|
</ol>
|
|
<table>
|
|
<thead>
|
|
<tr>
|
|
<th>Field</th>
|
|
<th>Description</th>
|
|
<th>Example</th>
|
|
</tr>
|
|
</thead>
|
|
<tbody>
|
|
<tr>
|
|
<td><strong>Provider Name</strong></td>
|
|
<td>Display name shown on login button</td>
|
|
<td><code>Google</code>, <code>GitHub</code>, etc.</td>
|
|
</tr>
|
|
<tr>
|
|
<td><strong>Slug</strong></td>
|
|
<td>URL-safe identifier (lowercase, hyphens)</td>
|
|
<td><code>google</code>, <code>github</code></td>
|
|
</tr>
|
|
<tr>
|
|
<td><strong>Provider Type</strong></td>
|
|
<td>Protocol type</td>
|
|
<td><code>OIDC</code> or <code>OAuth2</code></td>
|
|
</tr>
|
|
<tr>
|
|
<td><strong>Issuer URL</strong></td>
|
|
<td>Provider's base URL (no trailing slash)</td>
|
|
<td><code>https://accounts.google.com</code></td>
|
|
</tr>
|
|
<tr>
|
|
<td><strong>Client ID</strong></td>
|
|
<td>OAuth client identifier</td>
|
|
<td>From Step 1</td>
|
|
</tr>
|
|
<tr>
|
|
<td><strong>Client Secret</strong></td>
|
|
<td>OAuth client secret</td>
|
|
<td>From Step 1</td>
|
|
</tr>
|
|
<tr>
|
|
<td><strong>Scopes</strong></td>
|
|
<td>Space-separated OAuth scopes</td>
|
|
<td><code>openid profile email</code></td>
|
|
</tr>
|
|
</tbody>
|
|
</table>
|
|
<h3 id="3-verify-the-configuration">3. Verify the Configuration</h3>
|
|
<ol>
|
|
<li>Log out of Endurain</li>
|
|
<li>Visit the login page</li>
|
|
<li>Verify that a <strong>Sign in with <code>Provider Name</code></strong> button appears</li>
|
|
<li>Test the authentication flow</li>
|
|
</ol>
|
|
<h2 id="troubleshooting">Troubleshooting</h2>
|
|
<h3 id="common-issues">Common Issues</h3>
|
|
<p><strong>Problem</strong>: "Invalid redirect URI" error</p>
|
|
<ul>
|
|
<li><strong>Solution</strong>: Ensure the callback URL in your identity provider matches exactly: <code>https://<your-domain>/api/v1/public/idp/callback/<slug></code></li>
|
|
</ul>
|
|
<p><strong>Problem</strong>: "Email address mismatch" creates duplicate account</p>
|
|
<ul>
|
|
<li><strong>Solution</strong>: Update your existing Endurain account email to match your SSO provider email, or link the identity provider to your existing account</li>
|
|
</ul>
|
|
<p><strong>Problem</strong>: SSO button doesn't appear on login page</p>
|
|
<ul>
|
|
<li><strong>Solution</strong>: <ul>
|
|
<li>Verify the identity provider is enabled in Endurain settings</li>
|
|
<li>Check if external authentication is enabled on server settings</li>
|
|
<li>Check that the provider configuration is saved correctly</li>
|
|
<li>Clear your browser cache and refresh the page</li>
|
|
</ul>
|
|
</li>
|
|
</ul>
|
|
<p><strong>Problem</strong>: "Invalid issuer URL" error</p>
|
|
<ul>
|
|
<li><strong>Solution</strong>: Ensure the Issuer URL does not have a trailing slash and is the correct base URL for your identity provider</li>
|
|
</ul>
|
|
<h3 id="logs">Logs</h3>
|
|
<p>For detailed troubleshooting, check the Endurain backend logs:</p>
|
|
<div class="highlight"><pre><span></span><code>docker<span class="w"> </span>logs<span class="w"> </span>endurain-backend
|
|
<span class="c1"># and/or</span>
|
|
tail<span class="w"> </span>-n<span class="w"> </span><span class="m">100</span><span class="w"> </span>logs/app.log
|
|
</code></pre></div>
|
|
<p>Look for authentication-related errors that can help identify configuration issues.</p>
|
|
<h2 id="security-considerations">Security Considerations</h2>
|
|
<div class="admonition warning">
|
|
<p class="admonition-title">Security Best Practices</p>
|
|
<ul>
|
|
<li>Always use <strong>HTTPS</strong> for both Endurain and your identity provider</li>
|
|
<li>Keep your <strong>Client Secret</strong> confidential and never commit it to version control</li>
|
|
<li>Regularly rotate client secrets</li>
|
|
<li>Use strong, randomly generated secrets</li>
|
|
<li>Limit OAuth scopes to only what's necessary (<code>openid profile email</code> is typically sufficient)</li>
|
|
<li>Monitor authentication logs for suspicious activity</li>
|
|
</ul>
|
|
</div>
|
|
<h2 id="additional-resources">Additional Resources</h2>
|
|
<ul>
|
|
<li><a href="../../developer-guide/authentication/">Authentication Developer Guide</a> - Technical details about Endurain's authentication system</li>
|
|
<li><a href="../../getting-started/getting-started/">Getting Started Guide</a> - General setup instructions</li>
|
|
<li><a href="https://oauth.net/2/">OAuth 2.0 Specification</a> - Official OAuth 2.0 documentation</li>
|
|
<li><a href="https://openid.net/connect/">OpenID Connect Specification</a> - Official OIDC documentation</li>
|
|
</ul>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
</article>
|
|
</div>
|
|
|
|
|
|
<script>var target=document.getElementById(location.hash.slice(1));target&&target.name&&(target.checked=target.name.startsWith("__tabbed_"))</script>
|
|
</div>
|
|
|
|
</main>
|
|
|
|
<footer class="md-footer">
|
|
|
|
<div class="md-footer-meta md-typeset">
|
|
<div class="md-footer-meta__inner md-grid">
|
|
<div class="md-copyright">
|
|
|
|
|
|
Made with
|
|
<a href="https://squidfunk.github.io/mkdocs-material/" target="_blank" rel="noopener">
|
|
Material for MkDocs
|
|
</a>
|
|
|
|
</div>
|
|
|
|
</div>
|
|
</div>
|
|
</footer>
|
|
|
|
</div>
|
|
<div class="md-dialog" data-md-component="dialog">
|
|
<div class="md-dialog__inner md-typeset"></div>
|
|
</div>
|
|
|
|
|
|
|
|
|
|
<script id="__config" type="application/json">{"base": "../..", "features": [], "search": "../../assets/javascripts/workers/search.973d3a69.min.js", "tags": null, "translations": {"clipboard.copied": "Copied to clipboard", "clipboard.copy": "Copy to clipboard", "search.result.more.one": "1 more on this page", "search.result.more.other": "# more on this page", "search.result.none": "No matching documents", "search.result.one": "1 matching document", "search.result.other": "# matching documents", "search.result.placeholder": "Type to start searching", "search.result.term.missing": "Missing", "select.version": "Select version"}, "version": null}</script>
|
|
|
|
|
|
<script src="../../assets/javascripts/bundle.f55a23d4.min.js"></script>
|
|
|
|
|
|
</body>
|
|
</html> |