Synology DSM (and apps) with Authelia #4160
Replies: 8 comments 38 replies
-
Check this out: https://deploy-preview-4167--authelia-staging.netlify.app/integration/openid-connect/synology-dsm/ If you could check that looks fine that'd be good. Also a cropped screenshot with the exact settings from the article in the UI would be nice. |
Beta Was this translation helpful? Give feedback.
-
Looks good for me. Only two typos: Maybe it should be mentioned that LDAP is also needed on Synology. I was brave and deleted my whole LDAP config, but Synology DSM doesn't create any user automatically after a successful login with OIDC. I think a local user with the same username must be created in advance if there is no LDAP configured. But I wasn't brave enough to try this out too. It's my productive system and don't want to restore if anything goes crazy. Here is a screenshot with your used data: |
Beta Was this translation helpful? Give feedback.
-
I've been trying to set this up in DSM 7.1. I enter the information in the DSM UI as noted in the doc, and this thread, and hit save. However, the DSM doesn't appear to be able to hit the .well-known url and retrieve the 2 endpoints: Does the Redirect URI have to use a real domain? I can go back to reverse proxying my DSM if necessary, but I was trying that before, with same results. When I try to login via SSO, I get the error from DSM login: Unable to get the URL for SSO authentication. |
Beta Was this translation helpful? Give feedback.
-
Hi @helmut72 ! Can you provide the config you use for putting DSM behind a reserve proxy? I have this setup as well, using nginx, but I'm wondering if what I'm doing isn't good enough for this use case. Thanks! |
Beta Was this translation helpful? Give feedback.
-
Nothing special. I use Caddy:
Do you have LDAP enabled and configured in DSM? |
Beta Was this translation helpful? Give feedback.
-
Has anyone managed to get it working with the photos and drive apps as well? I can only get it working using one of the services. If I add more than one Redirect URI in synology it fails. To clarify I have three subdomains, nas.domain.com, photos.domain.com and drive.domain.com. Authelia is configured to have all three as well. The first sign in can be done in any of the tree domains, but if I try to sign in later to any of the other services I get the following error. `The 'redirect_uri' from this request does not match the one from the authorize request.
|
Beta Was this translation helpful? Give feedback.
-
Whoa, am I understanding that it is not enough to set up OIDC, but I ALSO need to configure LDAP on Synology as well? I've got OIDC working great for a number of applications. But for Synology, it returns no user ID from Authentik. It replies with an Invalid Account or Password error. |
Beta Was this translation helpful? Give feedback.
-
@lbalogh
|
Beta Was this translation helpful? Give feedback.
-
If someone also need this setup. This example makes the following assumptions:
In DSM go to Control Panel -> Domain/LDAP -> SSO-Client. Enable OpenID Connect SSO service and use these settings:
In Authelia use this configuration:
Both, Synology DSM and Authelia runs behind a reverse proxy. Synology DSM is connected to the same LDAP server that also Authelia use. I think my biggest mistake was an empty Authorization Scope field in DSM.
Beta Was this translation helpful? Give feedback.
All reactions