Allow different OIDC clients to use different group policies or ldap users_filter about authelia HOT 2 CLOSED

Please note this response was created using generative AI leveraging previously available information from the repository. This information may be helpful however it is our strong recommendation that you carefully consider the information before blindly applying it.

Based on the information provided in the context and the use case you've described, it seems you're looking to configure access control for different applications (app1 and app2) using Authelia with LDAP as the user directory and OpenID Connect for authentication. You want to restrict access to these applications based on group membership in LDAP (g1 for app1 and g2 for app2).

Authelia does support LDAP integration for authentication and can use group membership information for access control decisions. However, the specific functionality of adding a ldap_users_filter or allow_groups parameter directly within the identity_providers.oidc.clients[] configuration for OpenID Connect clients is not directly supported as per the provided documentation.

Instead, you should leverage Authelia's access control rules to restrict access based on group membership. This is done in the access control configuration section of Authelia, not directly within the OpenID Connect client configuration. You can define rules that specify which groups are allowed to access specific applications.

Here's a simplified example of how you might configure this in Authelia's configuration:

access_control:
  rules:
    - domain: app1.example.com
      policy: one_factor # or two_factor, depending on your security requirements
      subject: "group:g1"
    - domain: app2.example.com
      policy: one_factor
      subject: "group:g2"

This configuration assumes that g1 and g2 are the names of the groups in LDAP that contain the users allowed to access app1 and app2, respectively. The subject field is used to specify which users or groups should be allowed or denied access based on the policy.

For LDAP integration, ensure your LDAP configuration in Authelia is correctly set up to query your LDAP directory for users and their group memberships. This involves configuring the users_filter, groups_filter, username_attribute, group_name_attribute, and other relevant LDAP settings in Authelia's configuration.

Remember, the actual implementation details and the specific configuration syntax may vary depending on your environment and the version of Authelia you are using. Always refer to the official Authelia documentation for the most accurate and up-to-date information.

This comment was generated by Glime.

from authelia.

See #2621

from authelia.