Comments (2)
Please note this response was created using generative AI leveraging previously available information from the repository. This information may be helpful however it is our strong recommendation that you carefully consider the information before blindly applying it.
Based on the information provided in the context and the use case you've described, it seems you're looking to configure access control for different applications (app1 and app2) using Authelia with LDAP as the user directory and OpenID Connect for authentication. You want to restrict access to these applications based on group membership in LDAP (g1 for app1 and g2 for app2).
Authelia does support LDAP integration for authentication and can use group membership information for access control decisions. However, the specific functionality of adding a ldap_users_filter
or allow_groups
parameter directly within the identity_providers.oidc.clients[]
configuration for OpenID Connect clients is not directly supported as per the provided documentation.
Instead, you should leverage Authelia's access control rules to restrict access based on group membership. This is done in the access control configuration section of Authelia, not directly within the OpenID Connect client configuration. You can define rules that specify which groups are allowed to access specific applications.
Here's a simplified example of how you might configure this in Authelia's configuration:
access_control:
rules:
- domain: app1.example.com
policy: one_factor # or two_factor, depending on your security requirements
subject: "group:g1"
- domain: app2.example.com
policy: one_factor
subject: "group:g2"
This configuration assumes that g1
and g2
are the names of the groups in LDAP that contain the users allowed to access app1
and app2
, respectively. The subject
field is used to specify which users or groups should be allowed or denied access based on the policy.
For LDAP integration, ensure your LDAP configuration in Authelia is correctly set up to query your LDAP directory for users and their group memberships. This involves configuring the users_filter
, groups_filter
, username_attribute
, group_name_attribute
, and other relevant LDAP settings in Authelia's configuration.
Remember, the actual implementation details and the specific configuration syntax may vary depending on your environment and the version of Authelia you are using. Always refer to the official Authelia documentation for the most accurate and up-to-date information.
This comment was generated by Glime.
from authelia.
See #2621
from authelia.
Related Issues (20)
- Issues with Outline with newest version of Authelia HOT 18
- SWAG config issue HOT 2
- Authelia failing to start because of GLIBC dips HOT 6
- Bug with Portainer redirect HOT 44
- Missing DB Table Upgrade to 4.38.2 HOT 6
- Latest update broke ownCloud Ocis and Outline HOT 22
- `HeaderProxyAuthorization` auth strategy still runs when route access should be bypassed HOT 9
- Can't run Authelia on Ubuntu 20.04 because of glibc version mismatch HOT 4
- Open ID Connect not working with Firezone due to client_secret field not properly recognized as hashed HOT 9
- Panic (recovered) when client secret is nil due to filters HOT 4
- `lifespan_name` cannot be changed to a different custom name HOT 4
- Update from v4.37.5 to v4.38 fails HOT 4
- Example config has incorrect config parameter (token_lifespan instead of jwt_lifespan) HOT 1
- FR: add option for additional 2FA verification for elevated session HOT 2
- Upgrading from v4.38 beta 2 to v4.38.6 failed HOT 1
- Authelia shows "Wrong credentials"-Info when a user was banned HOT 2
- Bypass all domains without apply the two-factor rules HOT 3
- Allow specifying cookies config with environment variables HOT 4
- Connection impossible HOT 5
- wrong error message for old config of "host" value HOT 2
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from authelia.