zhouhongbo
/
JZ_QGNB
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
You cannot select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
main
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '93107afa10'
${ noResults }
JZ_QGNB/DigitalHumanWeb/docs/self-hosting/advanced/auth/next-auth/authelia.mdx

76 lines
3.3 KiB
Markdown
Raw Blame History

---
title: Configuring Authelia Authentication Service for LobeChat
description: >-
Learn how to configure Authelia authentication service in LobeChat, including
creating a provider, configuring environment variables, and deploying
LobeChat. Detailed steps and necessary environment variable settings.
tags:
- Authelia Configuration
- Single Sign-On (SSO)
- LobeChat Authentication
- Environment Variables
- Deployment Instructions
---
## Configuring Authelia Authentication Service
## Authelia Configuration Flow
<Steps>
### Create an Authelia Identity Provider
We assume you are already familiar with using Authelia. Let's say your LobeChat instance is deployed at https://lobe.example.com/.
Note that currently only localhost supports HTTP access; other domains need to enable TLS, otherwise Authelia will actively interrupt authentication by default.
Now, let's open and edit the configuration file of your Authelia instance:
Add a new lobe-chat item under identity_providers -> oidc:
```yaml
identity_providers:
oidc:
...
## The other portions of the mandatory OpenID Connect 1.0 configuration go here.
## See: https://www.authelia.com/c/oidc
- id: lobe-chat
description: LobeChat
secret: '$pbkdf2-sha512$310000$c8p78n7pUMln0jzvd4aK4Q$JNRBzwAo0ek5qKn50cFzzvE9RXV88h1wJn5KGiHrD0YKtZaR/nCb2CJPOsKaPK0hjf.9yHxzQGZziziccp6Yng' # The digest of 'insecure_secret'.
public: false
authorization_policy: two_factor
redirect_uris:
- https://chat.example.com/api/auth/callback/authelia
scopes:
- openid
- profile
- email
userinfo_signing_algorithm: none
```
Make sure to replace secret and redirect_urls with your own values.
Note! The secret configured in Authelia is ciphertext, i.e., a salted hash value. Its corresponding plaintext needs to be filled in LobeChat later.
Save the configuration file and restart the Authelia service. Now we have completed the Authelia configuration.
### Configure Environment Variables
When deploying LobeChat, you need to configure the following environment variables:
| Environment Variable | Type | Description |
| --- | --- | --- |
| `NEXT_AUTH_SECRET` | Required | The secret used to encrypt Auth.js session tokens. You can generate a secret using the following command: `openssl rand -base64 32` |
| `NEXT_AUTH_SSO_PROVIDERS` | Required | Select the SSO provider for LoboChat. Use `authentik` for Authentik. |
| `AUTH_AUTHELIA_ID` | Required | The id just configured in Authelia, example value is lobe-chat |
| `AUTH_AUTHELIA_SECRET` | Required | The plaintext corresponding to the secret just configured in Authelia, example value is insecure_secret |
| `AUTH_AUTHELIA_ISSUER` | Required | Your Authelia URL, for example https://sso.example.com |
| `NEXTAUTH_URL` | Required | This URL is used to specify the callback address for Auth.js when performing OAuth verification. It only needs to be set when the default generated redirect address is incorrect. https://chat.example.com/api/auth |
<Callout type={'tip'}>
Go to [📘 Environment Variables](/docs/self-hosting/environment-variable#Authelia) for details about the variables.
</Callout>
</Steps>
<Callout type={'info'}>
After a successful deployment, users will be able to use LobeChat by authenticating with the users
configured in Authelia.
</Callout>
Reference in New Issue View Git Blame Copy Permalink