diff --git a/website/integrations/services/apache-guacamole/index.mdx b/website/integrations/services/apache-guacamole/index.mdx index a4b0dc512d..2a39c0d971 100644 --- a/website/integrations/services/apache-guacamole/index.mdx +++ b/website/integrations/services/apache-guacamole/index.mdx @@ -64,8 +64,8 @@ Docker containers are typically configured using environment variables. To ensur ```yaml showLineNumbers OPENID_AUTHORIZATION_ENDPOINT=https://authentik.company/application/o/authorize/ OPENID_CLIENT_ID= - OPENID_ISSUER=https://authentik.company/application/o// - OPENID_JWKS_ENDPOINT=https://authentik.company/application/o//jwks/ + OPENID_ISSUER=https://authentik.company/application/o// + OPENID_JWKS_ENDPOINT=https://authentik.company/application/o//jwks/ OPENID_REDIRECT_URI=https://guacamole.company/ OPENID_USERNAME_CLAIM_TYPE=preferred_username ``` @@ -83,8 +83,8 @@ Additionally, ensure your `guacamole.properties` file (typically located in `/et ```yaml showLineNumbers title="/etc/guacamole/guacamole.properties" openid-authorization-endpoint=https://authentik.company/application/o/authorize/ openid-client-id= - openid-issuer=https://authentik.company/application/o// - openid-jwks-endpoint=https://authentik.company/application/o//jwks/ + openid-issuer=https://authentik.company/application/o// + openid-jwks-endpoint=https://authentik.company/application/o//jwks/ openid-redirect-uri=https://guacamole.company/ openid-username-claim-type=preferred_username ``` diff --git a/website/integrations/services/argocd/index.md b/website/integrations/services/argocd/index.md index 73fdb1ff02..8973998e8a 100644 --- a/website/integrations/services/argocd/index.md +++ b/website/integrations/services/argocd/index.md @@ -78,7 +78,7 @@ url: https://argocd.company dex.config: | connectors: - config: - issuer: https://authentik.company/application/o// + issuer: https://authentik.company/application/o// clientID: clientSecret: $dex.authentik.clientSecret insecureEnableGroups: true diff --git a/website/integrations/services/aruba-orchestrator/index.md b/website/integrations/services/aruba-orchestrator/index.md index 13afdcde27..184c66841b 100644 --- a/website/integrations/services/aruba-orchestrator/index.md +++ b/website/integrations/services/aruba-orchestrator/index.md @@ -65,7 +65,7 @@ To support the integration of Aruba Orchestrator with authentik, you need to cre - **Name**: `authentik` - **Username Attribute**: `http://schemas.goauthentik.io/2021/02/saml/username` - **Issuer URL**: `https://arubaorchestrator.company/gms/rest/authentication/saml2/consume` - - **SSO Endpoint**: `https://authentik.company/application/saml//sso/binding/init/` (replace \ with application slug name) + - **SSO Endpoint**: `https://authentik.company/application/saml//sso/binding/init/` - **IdP X509 Cert**: (paste in the downloaded signing certificate) - **ACS URL**: `https://arubaorchestrator.company/gms/rest/authentication/saml2/consume` - **EdgeConnect SLO Endpoint**: `https://arubaorchestrator.company/gms/rest/authentication/saml2/logout` diff --git a/website/integrations/services/atlassian/index.mdx b/website/integrations/services/atlassian/index.mdx index 0dfc5f4748..b8e2e0cb64 100644 --- a/website/integrations/services/atlassian/index.mdx +++ b/website/integrations/services/atlassian/index.mdx @@ -67,7 +67,7 @@ To support the integration of Atlassian Cloud with authentik, you need to create 5. Click **Set up SAML single sign-on** and then **Next**. 6. Set the following required configurations: - **Identity provider Entity ID**: `authentik` - - **Identity provider SSO URL**: `https://authentik.company/application/saml//sso/binding/redirect/` + - **Identity provider SSO URL**: `https://authentik.company/application/saml//sso/binding/redirect/` - **Public x509 certificate**: enter the contents of the certificate that was downloaded in the previous section. 7. Click **Add**. 8. You will be shown a **Service provider entity URL** and **Service provider assertion consumer service URL**. Copy both, they will be required in authentik. diff --git a/website/integrations/services/awx-tower/index.md b/website/integrations/services/awx-tower/index.md index cb2bcdecd5..c072c282ab 100644 --- a/website/integrations/services/awx-tower/index.md +++ b/website/integrations/services/awx-tower/index.md @@ -81,7 +81,7 @@ In the `SAML Enabled Identity Providers` paste the following configuration: "attr_username": "http://schemas.goauthentik.io/2021/02/saml/username", "attr_user_permanent_id": "http://schemas.goauthentik.io/2021/02/saml/uid", "x509cert": "MIIDEjCCAfqgAwIBAgIRAJZ9pOZ1g0xjiHtQAAejsMEwDQYJKoZIhvcNAQELBQAwMDEuMCwGA1UEAwwlcGFzc2Jvb2sgU2VsZi1zaWduZWQgU0FNTCBDZXJ0aWZpY2F0ZTAeFw0xOTEyMjYyMDEwNDFaFw0yMDEyMjYyMDEwNDFaMFkxLjAsBgNVBAMMJXBhc3Nib29rIFNlbGYtc2lnbmVkIFNBTUwgQ2VydGlmaWNhdGUxETAPBgNVBAoMCHBhc3Nib29rMRQwEgYDVQQLDAtTZWxmLXNpZ25lZDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAO/ktBYZkY9xAijF4acvzX6Q1K8KoIZeyde8fVgcWBz4L5FgDQ4/dni4k2YAcPdwteGL4nKVzetUzjbRCBUNuO6lqU4J4WNNX4Xg4Ir7XLRoAQeo+omTPBdpJ1p02HjtN5jT01umN3bK2yto1e37CJhK6WJiaXqRewPxh4lI4aqdj3BhFkJ3I3r2qxaWOAXQ6X7fg3w/ny7QP53//ouZo7hSLY3GIcRKgvdjjVM3OW5C3WLpOq5Dez5GWVJ17aeFCfGQ8bwFKde6qfYqyGcU9xHB36TtVHB9hSFP/tUFhkiSOxtsrYwCgCyXm4UTSpP+wiNyjKfFw7qGLBvA2hGTNw8CAwEAATANBgkqhkiG9w0BAQsFAAOCAQEAh9PeAqPRQk1/SSygIFADZBi08O/DPCshFwEHvJATIcTzcDD8UGAjXh+H5OlkDyX7KyrcaNvYaafCUo63A+WprdtdY5Ty6SBEwTYyiQyQfwM9BfK+imCoif1Ai7xAelD7p9lNazWq7JU+H/Ep7U7Q7LvpxAbK0JArt+IWTb2NcMb3OWE1r0gFbs44O1l6W9UbJTbyLMzbGbe5i+NHlgnwPwuhtRMh0NUYabGHKcHbhwyFhfGAQv2dAp5KF1E5gu6ZzCiFePzc0FrqXQyb2zpFYcJHXquiqaOeG7cZxRHYcjrl10Vxzki64XVA9BpdELgKSnupDGUEJsRUt3WVOmvZuA==", - "url": "https://authentik.company/application/saml//sso/binding/redirect/", + "url": "https://authentik.company/application/saml//sso/binding/redirect/", "entity_id": "https://awx.company/sso/metadata/saml/", "attr_email": "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress", "attr_first_name": "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name" diff --git a/website/integrations/services/bitwarden/index.mdx b/website/integrations/services/bitwarden/index.mdx index ef02329db7..350554436f 100644 --- a/website/integrations/services/bitwarden/index.mdx +++ b/website/integrations/services/bitwarden/index.mdx @@ -143,8 +143,8 @@ To support the integration of Bitwarden with authentik, you need to create an ap - **Expect signed assertions**: Select this option. - Under **SAML identity provider configuration**: - **Entity ID**: `authentik` - - **Single sign-on service URL**: `https://authentik.company/application/saml//sso/binding/redirect/` - - **Single log-out service URL**: `https://authentik.company/application/saml//slo/binding/redirect/` + - **Single sign-on service URL**: `https://authentik.company/application/saml//sso/binding/redirect/` + - **Single log-out service URL**: `https://authentik.company/application/saml//slo/binding/redirect/` - **X509 public certificate**: Paste the contents of your certificate file. 3. Under **SAML service provider configuration**, take note of the **SP entity ID** and **Assertion consumer service (ACS) URL** values. These will be required in the next section. 4. Click **Save**. diff --git a/website/integrations/services/coder/index.md b/website/integrations/services/coder/index.md index ab1e37c5d5..c09df5c2f3 100644 --- a/website/integrations/services/coder/index.md +++ b/website/integrations/services/coder/index.md @@ -45,7 +45,7 @@ To support the integration of Coder with authentik, you need to create an applic To support the integration of Coder with authentik, add the following environment variables to your Coder deployment: ```yaml showLineNumbers -CODER_OIDC_ISSUER_URL=https://authentik.company/application/o// +CODER_OIDC_ISSUER_URL=https://authentik.company/application/o// CODER_OIDC_EMAIL_DOMAIN=acme.company,acme-corp.company CODER_OIDC_CLIENT_ID= CODER_OIDC_CLIENT_SECRET= diff --git a/website/integrations/services/filerise/index.mdx b/website/integrations/services/filerise/index.mdx index 192d6ab2eb..acba0c5c2b 100644 --- a/website/integrations/services/filerise/index.mdx +++ b/website/integrations/services/filerise/index.mdx @@ -45,7 +45,7 @@ To support the integration of FileRise with authentik, you need to create an app 1. Log in to FileRise as an administrator. 2. Click on your profile icon in the upper right corner, then select **Admin Panel**. 3. Open the **OIDC Configuration & TOTP** section and configure the following settings: - - **OIDC Provider URL**: `https://authentik.company/application/o//` + - **OIDC Provider URL**: `https://authentik.company/application/o//` - **OIDC Client OpenID**: Client ID from authentik. - **OIDC Client Secret**: Client Secret from authentik. - **OIDC Redirect URI**: `https://filerise.company/api/auth/auth.php?oidc=callback` diff --git a/website/integrations/services/fortigate-admin/index.md b/website/integrations/services/fortigate-admin/index.md index 28491fabda..b889f481d6 100644 --- a/website/integrations/services/fortigate-admin/index.md +++ b/website/integrations/services/fortigate-admin/index.md @@ -69,20 +69,17 @@ Under **IdP Details**, set the following values: - **SP entity ID**: `https` - **IdP Type**: `Custom` - **IdP entity ID**: `https://authentik.company` -- **IdP Login URL**: `https://authentik.company/application/saml/slug-from-authentik/sso/binding/redirect/` -- **IdP Logout URL**: `https://authentik.company/application/saml/slug-from-authentik/slo/binding/redirect/` +- **IdP Login URL**: `https://authentik.company/application/saml//sso/binding/redirect/` +- **IdP Logout URL**: `https://authentik.company/application/saml//slo/binding/redirect/` FortiGate creates a new user by default if one does not exist, so you will need to set the Default Admin Profile to the permissions you want any new users to have. (I have created a `no_permissions` profile to assign by default.) Under `SP Details` set the **SP entity ID** to `https`. Note it for later use (this is your Audience value of the authentik SP-provider). -> [!IMPORTANT] -> On both `IdP Login and Logout URL` change the `` to your own from the authentik application you have created. - - Set `IdP Type` to `Custom` - Set `IdP entity ID` to `https://authentik.company` -- Set `IdP Login URL` to `https://authentik.company/application/saml//sso/binding/redirect/` -- Set `IdP Logout URL` to `https://authentik.company/application/saml//slo/binding/redirect/` +- Set `IdP Login URL` to `https://authentik.company/application/saml//sso/binding/redirect/` +- Set `IdP Logout URL` to `https://authentik.company/application/saml//slo/binding/redirect/` - Set `IdP Certificate` to `ak.cert` ## Troubleshooting diff --git a/website/integrations/services/fortimanager/index.md b/website/integrations/services/fortimanager/index.md index b8e1d50ad0..e257eefd2a 100644 --- a/website/integrations/services/fortimanager/index.md +++ b/website/integrations/services/fortimanager/index.md @@ -34,7 +34,7 @@ To support the integration of FortiManager with authentik, you need to create an - **Choose a Provider type**: select **SAML Provider** as the provider type. - **Configure the Provider**: provide a name (or accept the auto-provided name), the authorization flow to use for this provider, and the following required configurations. - Set the **ACS URL** to `https://fortimanager.company/saml/?acs`. - - Set the **Issuer** to `https://authentik.company/application/saml/application-slug/sso/binding/redirect/`. + - Set the **Issuer** to `https://authentik.company/application/saml//sso/binding/redirect/`. - Set the **Service Provider Binding** to `Post`. - **Configure Bindings** _(optional)_: you can create a [binding](/docs/add-secure-apps/flows-stages/bindings/) (policy, group, or user) to manage the listing and access to applications on a user's **My applications** page. @@ -48,8 +48,8 @@ To support the integration of FortiManager with authentik, you need to create an 4. Choose the **Default Login Page** as either **Normal** or **Single Sign-On**. Selecting **Normal** allows both local and SAML authentication, while **Single Sign-On** restricts login to SAML only. 5. By default, FortiManager creates a new user if one does not exist. Set the **Default Admin Profile** to assign the desired permissions to new users. A `no_permissions` profile is created by default for this purpose. 6. Set the **IdP Type** field to **Custom**. -7. For the **IdP Entity ID** field, enter: `https://authentik.company/application/saml/application-slug/sso/binding/redirect/` -8. Set the **IdP Login URL** to: `https://authentik.company/application/saml/application-slug/sso/binding/redirect/` +7. For the **IdP Entity ID** field, enter: `https://authentik.company/application/saml//sso/binding/redirect/` +8. Set the **IdP Login URL** to: `https://authentik.company/application/saml//sso/binding/redirect/` 9. Set the **IdP Logout URL** to: `https://authentik.company/` 10. In the **IdP Certificate** field, import your authentik certificate (either self-signed or valid). diff --git a/website/integrations/services/gitea/index.md b/website/integrations/services/gitea/index.md index e26533eeaa..763a37a503 100644 --- a/website/integrations/services/gitea/index.md +++ b/website/integrations/services/gitea/index.md @@ -50,7 +50,7 @@ To support the integration of Gitea with authentik, you need to create an applic - **Client ID (Key)**: Enter the Client ID from authentik. - **Client Secret**: Enter the Client Secret from authentik. - **Icon URL**: `https://authentik.company/static/dist/assets/icons/icon.png` - - **OpenID Connect Auto Discovery URL**: `https://authentik.company/application/o//.well-known/openid-configuration` + - **OpenID Connect Auto Discovery URL**: `https://authentik.company/application/o//.well-known/openid-configuration` - **Additional Scopes**: `email profile` ![](./gitea1.png) @@ -158,7 +158,7 @@ gitea: provider: "openidConnect" key: "" secret: "" - autoDiscoverUrl: "https://authentik.company/application/o//.well-known/openid-configuration" + autoDiscoverUrl: "https://authentik.company/application/o//.well-known/openid-configuration" iconUrl: "https://authentik.company/static/dist/assets/icons/icon.png" scopes: "email profile" ``` @@ -188,7 +188,7 @@ gitea: - name: "authentik" provider: "openidConnect" existingSecret: gitea-authentik-secret - autoDiscoverUrl: "https://authentik.company/application/o//.well-known/openid-configuration" + autoDiscoverUrl: "https://authentik.company/application/o//.well-known/openid-configuration" iconUrl: "https://authentik.company/static/dist/assets/icons/icon.png" scopes: "email profile" ``` diff --git a/website/integrations/services/github-enterprise-cloud/index.md b/website/integrations/services/github-enterprise-cloud/index.md index 6caab23ce7..7e0dd569fc 100644 --- a/website/integrations/services/github-enterprise-cloud/index.md +++ b/website/integrations/services/github-enterprise-cloud/index.md @@ -55,7 +55,7 @@ In the left-hand navigation, within the `Settings` section, click `Authenticatio On this page: - Select the `Require SAML authentication` checkbox. -- In `Sign on URL`, type `https://authentik.company/application/saml//sso/binding/redirect/` +- In `Sign on URL`, type `https://authentik.company/application/saml//sso/binding/redirect/` - For `Issuer`, type `https://github.com/enterprises/foo` or the `Audience` you set in authentik - For `Public certificate`, paste the _full_ signing certificate into this field. - Verify that the `Signature method` and `Digest method` match your SAML provider settings in authentik. diff --git a/website/integrations/services/github-organization/index.md b/website/integrations/services/github-organization/index.md index 7f08f1967f..ce2f3c8d45 100644 --- a/website/integrations/services/github-organization/index.md +++ b/website/integrations/services/github-organization/index.md @@ -51,7 +51,7 @@ In the left-hand navigation, scroll down to the Security section and click `Auth On this page: - Select the `Enable SAML authentication` checkbox. -- In `sign-on URL`, type `https://authentik.company/application/saml//sso/binding/redirect/` +- In `sign-on URL`, type `https://authentik.company/application/saml//sso/binding/redirect/` - For `Issuer`, type `https://github.com/orgs/foo` or the `Audience` you set in authentik - For `Public certificate`, paste the _full_ signing certificate into this field. - Verify that the `Signature method` and `Digest method` match your SAML provider settings in authentik. diff --git a/website/integrations/services/gitlab/index.mdx b/website/integrations/services/gitlab/index.mdx index b933c96777..eeccc84328 100644 --- a/website/integrations/services/gitlab/index.mdx +++ b/website/integrations/services/gitlab/index.mdx @@ -78,7 +78,7 @@ gitlab_rails['omniauth_providers'] = [ assertion_consumer_service_url: 'https://gitlab.company/users/auth/saml/callback', # Shown when navigating to certificates in authentik idp_cert_fingerprint: '4E:1E:CD:67:4A:67:5A:E9:6A:D0:3C:E6:DD:7A:F2:44:2E:76:00:6A', - idp_sso_target_url: 'https://authentik.company/application/saml//sso/binding/redirect/', + idp_sso_target_url: 'https://authentik.company/application/saml//sso/binding/redirect/', issuer: 'https://gitlab.company', name_identifier_format: 'urn:oasis:names:tc:SAML:2.0:nameid-format:persistent', attribute_statements: { @@ -138,7 +138,7 @@ gitlab_rails['omniauth_providers'] = [ name: 'openid_connect', scope: ['openid','profile','email'], response_type: 'code', - issuer: 'https://authentik.company/application/o/gitlab-slug/', + issuer: 'https://authentik.company/application/o//', discovery: true, client_auth_method: 'query', uid_field: 'preferred_username', diff --git a/website/integrations/services/glitchtip/index.md b/website/integrations/services/glitchtip/index.md index 063184372c..1ed3088ddc 100644 --- a/website/integrations/services/glitchtip/index.md +++ b/website/integrations/services/glitchtip/index.md @@ -60,7 +60,7 @@ sudo docker exec -it glitchtip-web-1 ./manage.py createsuperuser - Client ID: <Client ID from authentik> - Secret key: <Client Secret from authentik> - Key: leave blank -- Settings: `{"server_url": "https://authentik.company/application/o//"}` +- Settings: `{"server_url": "https://authentik.company/application/o//"}` The URL should match the **OpenID Configuration Issuer** URL for the authentik provider. This will add a **Log in with Authentik** button to the GlitchTip log in page. To add an authentik account to an existing GlitchTip account, log in using the username/password, click _Profile_, then click _Add Account_ in the _Social Auth Accounts_ section. diff --git a/website/integrations/services/globalprotect/index.md b/website/integrations/services/globalprotect/index.md index 805eccb088..16972e6d1d 100644 --- a/website/integrations/services/globalprotect/index.md +++ b/website/integrations/services/globalprotect/index.md @@ -39,7 +39,7 @@ To support the integration of GlobalProtect with authentik, you need to create a - **Choose a Provider type**: Select **SAML Provider**. - **Configure the Provider**: - Set the **ACS URL** to `https://gp.company:443/SAML20/SP/ACS`. (Note the absence of the trailing slash and the inclusion of the web interface port) - - Set the **Issuer** to `https://authentik.company/application/saml/application-slug/sso/binding/redirect/`. + - Set the **Issuer** to `https://authentik.company/application/saml//sso/binding/redirect/`. - Set the **Service Provider Binding** to `Post`. - Under **Advanced protocol settings**, select an available signing certificate. 3. Click **Submit** to save the new application and provider. diff --git a/website/integrations/services/grafana/index.mdx b/website/integrations/services/grafana/index.mdx index e4867ee47b..def36f1b56 100644 --- a/website/integrations/services/grafana/index.mdx +++ b/website/integrations/services/grafana/index.mdx @@ -124,7 +124,7 @@ environment: GF_AUTH_GENERIC_OAUTH_AUTH_URL: "https://authentik.company/application/o/authorize/" GF_AUTH_GENERIC_OAUTH_TOKEN_URL: "https://authentik.company/application/o/token/" GF_AUTH_GENERIC_OAUTH_API_URL: "https://authentik.company/application/o/userinfo/" - GF_AUTH_SIGNOUT_REDIRECT_URL: "https://authentik.company/application/o//end-session/" + GF_AUTH_SIGNOUT_REDIRECT_URL: "https://authentik.company/application/o//end-session/" # Optionally enable auto-login (bypasses Grafana login screen) GF_AUTH_OAUTH_AUTO_LOGIN: "true" # Optionally map user groups to Grafana roles @@ -139,7 +139,7 @@ If you are using a config-file instead, you have to set these options: ```ini [auth] -signout_redirect_url = https://authentik.company/application/o//end-session/ +signout_redirect_url = https://authentik.company/application/o//end-session/ # Optionally enable auto-login oauth_auto_login = true @@ -163,7 +163,7 @@ If you are using a Helm `values.yaml` file instead, you have to set these option ```yaml grafana.ini: auth: - signout_redirect_url: "https://authentik.company/application/o//end-session/" + signout_redirect_url: "https://authentik.company/application/o//end-session/" oauth_auto_login: true auth.generic_oauth: name: authentik diff --git a/website/integrations/services/gravitee/index.md b/website/integrations/services/gravitee/index.md index fb1ac0ed2a..a17c3792e5 100644 --- a/website/integrations/services/gravitee/index.md +++ b/website/integrations/services/gravitee/index.md @@ -56,5 +56,5 @@ Only settings that have been modified from default have been listed. - **Token Endpoint**: `https://authentik.company/application/o/token/` - **Authorize Endpoint**: `https://authentik.company/application/o/authorize/` - **Userinfo Endpoint**: `https://authentik.company/application/o/userinfo/` -- **Userinfo Logout Endpoint**: `https://authentik.company/application/o/application-slug/end-session/` +- **Userinfo Logout Endpoint**: `https://authentik.company/application/o//end-session/` - **Scopes**: `email openid profile` diff --git a/website/integrations/services/gravity/index.md b/website/integrations/services/gravity/index.md index 4c32fef73c..2068539f1c 100644 --- a/website/integrations/services/gravity/index.md +++ b/website/integrations/services/gravity/index.md @@ -49,7 +49,7 @@ To support the integration of Gravity with authentik, you need to create an appl 1. From the **Gravity administrative interface**, navigate to **Cluster** > **Roles** and click **API**. 2. Under the **OIDC** sub-section, configure the following values: -- **Issuer**: `https://authentik.company/application/o/application-slug/` +- **Issuer**: `https://authentik.company/application/o//` - **Client ID**: Your Client ID from authentik - **Client Secret**: Your Client Secret from authentik - **Redirect URL**: `https://gravity.company/auth/oidc/callback` diff --git a/website/integrations/services/hashicorp-vault/index.md b/website/integrations/services/hashicorp-vault/index.md index b3329ba9fd..349a666228 100644 --- a/website/integrations/services/hashicorp-vault/index.md +++ b/website/integrations/services/hashicorp-vault/index.md @@ -53,7 +53,7 @@ Configure the oidc auth method, oidc discovery url is the OpenID Configuration I ``` vault write auth/oidc/config \ - oidc_discovery_url="https://authentik.company/application/o/vault-slug/" \ + oidc_discovery_url="https://authentik.company/application/o//" \ oidc_client_id="Client ID" \ oidc_client_secret="Client Secret" \ default_role="reader" diff --git a/website/integrations/services/homarr/index.md b/website/integrations/services/homarr/index.md index 78c016bd7b..4a14fdbca9 100644 --- a/website/integrations/services/homarr/index.md +++ b/website/integrations/services/homarr/index.md @@ -48,7 +48,7 @@ Add the following environment variables to your Homarr configuration. Make sure AUTH_PROVIDERS="oidc,credentials" AUTH_OIDC_CLIENT_ID= AUTH_OIDC_CLIENT_SECRET= -AUTH_OIDC_ISSUER=https://authentik.company/application/o// +AUTH_OIDC_ISSUER=https://authentik.company/application/o// AUTH_OIDC_URI=https://authentik.company/application/o/authorize AUTH_OIDC_CLIENT_NAME=authentik OAUTH_ALLOW_DANGEROUS_EMAIL_ACCOUNT_LINKING=true diff --git a/website/integrations/services/jenkins/index.md b/website/integrations/services/jenkins/index.md index d68faf44cc..d1e776edb7 100644 --- a/website/integrations/services/jenkins/index.md +++ b/website/integrations/services/jenkins/index.md @@ -50,7 +50,7 @@ Modify the **Security Realm** option to select `Login with Openid Connect`. In the **Client id** and **Client secret** fields, enter the Client ID and Client Secret values from the provider you created. -Set the configuration mode to **Automatic configuration** and set the **Well-known configuration endpoint** to `https://authentik.company/application/o//.well-known/openid-configuration` +Set the configuration mode to **Automatic configuration** and set the **Well-known configuration endpoint** to `https://authentik.company/application/o//.well-known/openid-configuration` Check the checkbox **Override scopes** and input the scopes `openid profile email` into the new input field. diff --git a/website/integrations/services/kimai/index.md b/website/integrations/services/kimai/index.md index 12de340e7d..9e438d8721 100644 --- a/website/integrations/services/kimai/index.md +++ b/website/integrations/services/kimai/index.md @@ -82,11 +82,11 @@ kimai: idp: entityId: "https://authentik.company/" singleSignOnService: - url: "https://authentik.company/application/saml//sso/binding/redirect/" + url: "https://authentik.company/application/saml//sso/binding/redirect/" binding: "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" # the "single logout" feature was not yet tested, if you want to help, please let me know! singleLogoutService: - url: "https://authentik.company/application/saml//slo/binding/redirect/" + url: "https://authentik.company/application/saml//slo/binding/redirect/" binding: "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" # Signing certificate from *Advanced protocol settings* x509cert: "XXXXXXXXXXXXXXXXXXXXXXXXXXX==" diff --git a/website/integrations/services/komga/index.md b/website/integrations/services/komga/index.md index ed1c30079d..8a3d31d578 100644 --- a/website/integrations/services/komga/index.md +++ b/website/integrations/services/komga/index.md @@ -69,5 +69,5 @@ spring: provider: authentik: user-name-attribute: preferred_username - issuer-uri: https://authentik.company/application/o// + issuer-uri: https://authentik.company/application/o// ``` diff --git a/website/integrations/services/komodo/index.mdx b/website/integrations/services/komodo/index.mdx index 9a3d347723..5f2e8785b8 100644 --- a/website/integrations/services/komodo/index.mdx +++ b/website/integrations/services/komodo/index.mdx @@ -48,7 +48,7 @@ To support the integration of Komodo with authentik, you need to create an appli ```yaml KOMODO_OIDC_ENABLED=true -KOMODO_OIDC_PROVIDER=https://authentik.company/application/o// +KOMODO_OIDC_PROVIDER=https://authentik.company/application/o// KOMODO_OIDC_CLIENT_ID= KOMODO_OIDC_CLIENT_SECRET= ``` diff --git a/website/integrations/services/linkwarden/index.md b/website/integrations/services/linkwarden/index.md index a10262c805..deb2beff9f 100644 --- a/website/integrations/services/linkwarden/index.md +++ b/website/integrations/services/linkwarden/index.md @@ -47,7 +47,7 @@ To configure Linkwarden to use authentik, add the following values to your `.env ``` NEXT_PUBLIC_AUTHENTIK_ENABLED=true AUTHENTIK_CUSTOM_NAME=authentik # Optionally set a custom provider name. Will be displayed on the login page -AUTHENTIK_ISSUER=https://authentik.company/application/o/ +AUTHENTIK_ISSUER=https://authentik.company/application/o/ AUTHENTIK_CLIENT_ID= AUTHENTIK_CLIENT_SECRET= ``` diff --git a/website/integrations/services/matrix-synapse/index.md b/website/integrations/services/matrix-synapse/index.md index 269aa28e4c..5c17dfb576 100644 --- a/website/integrations/services/matrix-synapse/index.md +++ b/website/integrations/services/matrix-synapse/index.md @@ -53,7 +53,7 @@ oidc_providers: - idp_id: authentik idp_name: authentik discover: true - issuer: "https://authentik.company/application/o/app-slug/" + issuer: "https://authentik.company/application/o//" client_id: "*client id*" client_secret: "*client secret*" scopes: diff --git a/website/integrations/services/mealie/index.md b/website/integrations/services/mealie/index.md index f0b0878948..bfa91982fe 100644 --- a/website/integrations/services/mealie/index.md +++ b/website/integrations/services/mealie/index.md @@ -52,7 +52,7 @@ To enable OIDC login with Mealie, update your environment variables to include t ```yaml showLineNumbers OIDC_AUTH_ENABLED=true OIDC_PROVIDER_NAME=authentik -OIDC_CONFIGURATION_URL=https://authentik.company/application/o//.well-known/openid-configuration +OIDC_CONFIGURATION_URL=https://authentik.company/application/o//.well-known/openid-configuration OIDC_CLIENT_ID= OIDC_CLIENT_SECRET= OIDC_SIGNUP_ENABLED=true diff --git a/website/integrations/services/minio/index.md b/website/integrations/services/minio/index.md index d2777dd1a9..07f9f33dc4 100644 --- a/website/integrations/services/minio/index.md +++ b/website/integrations/services/minio/index.md @@ -87,7 +87,7 @@ You can set up OpenID in two different ways: via the web interface or the comman From the sidebar of the main page, go to **Identity -> OpenID**, click **Create**, and then define the configuration as follows: - Name: MinIO -- Config URL: `https://authentik.company/application/o//.well-known/openid-configuration` +- Config URL: `https://authentik.company/application/o//.well-known/openid-configuration` - Client ID: Your client ID from the previous step - Client Secret: Your client secret from the previous step - Scopes: `openid, email, profile, minio` @@ -103,7 +103,7 @@ After that is done, run the following command to configure the OpenID provider: ``` ~ mc admin config set myminio identity_openid \ - config_url="https://authentik.company/application/o//.well-known/openid-configuration" \ + config_url="https://authentik.company/application/o//.well-known/openid-configuration" \ client_id="" \ client_secret="" \ scopes="openid,profile,email,minio" diff --git a/website/integrations/services/netbird/index.md b/website/integrations/services/netbird/index.md index 90436cb6e2..6bd90fd29b 100644 --- a/website/integrations/services/netbird/index.md +++ b/website/integrations/services/netbird/index.md @@ -88,7 +88,7 @@ NetBird requires the service account to have full administrative access to the a To configure NetBird to use authentik, add the following environment variables to your NetBird deployment: ```yaml showLineNumbers title="setup.env" -NETBIRD_AUTH_OIDC_CONFIGURATION_ENDPOINT="https://authentik.company/application/o//.well-known/openid-configuration" +NETBIRD_AUTH_OIDC_CONFIGURATION_ENDPOINT="https://authentik.company/application/o//.well-known/openid-configuration" NETBIRD_USE_AUTH0=false NETBIRD_AUTH_CLIENT_ID="" NETBIRD_AUTH_SUPPORTED_SCOPES="openid profile email offline_access api" diff --git a/website/integrations/services/netbox/index.md b/website/integrations/services/netbox/index.md index 5d7410f888..8682335e22 100644 --- a/website/integrations/services/netbox/index.md +++ b/website/integrations/services/netbox/index.md @@ -54,11 +54,11 @@ REMOTE_AUTH_ENABLED='true' REMOTE_AUTH_BACKEND='social_core.backends.open_id_connect.OpenIdConnectAuth' # python-social-auth config -SOCIAL_AUTH_OIDC_OIDC_ENDPOINT='https://authentik.company/application/o//' +SOCIAL_AUTH_OIDC_OIDC_ENDPOINT='https://authentik.company/application/o//' SOCIAL_AUTH_OIDC_KEY='' SOCIAL_AUTH_OIDC_SECRET='' SOCIAL_AUTH_OIDC_SCOPE=openid profile email roles -LOGOUT_REDIRECT_URL='https://authentik.company/application/o//end-session/' +LOGOUT_REDIRECT_URL='https://authentik.company/application/o//end-session/' ``` The Netbox configuration needs to be extended, for this you can create a new file in the configuration folder, for example `authentik.py`. @@ -90,7 +90,7 @@ LOGOUT_REDIRECT_URL = environ.get('LOGOUT_REDIRECT_URL') #SOCIAL_AUTH_OIDC_ENDPOINT = 'https://authentik.company/application/o//end-session/ ``` ### Groups diff --git a/website/integrations/services/nextcloud/index.mdx b/website/integrations/services/nextcloud/index.mdx index fe259e57a4..d59631d91e 100644 --- a/website/integrations/services/nextcloud/index.mdx +++ b/website/integrations/services/nextcloud/index.mdx @@ -145,7 +145,7 @@ Depending on your Nextcloud configuration, you may need to use `https://nextclou - **Identifier**: `authentik` - **Client ID**: Client ID from authentik - **Client secret**: Client secret from authentik - - **Discovery endpoint**: `https://authentik.company/application/o//.well-known/openid-configuration` + - **Discovery endpoint**: `https://authentik.company/application/o//.well-known/openid-configuration` - **Scope**: `email profile openid` - Under **Attribute mappings**: @@ -309,8 +309,8 @@ To grant Nextcloud admin access to authentik users you will need to create a pro - **Optional display name**: `authentik` - **Identifier of the IdP entity**: `https://authentik.company` - - **URL target for authentication requests**: `https://authentik.company/application/saml//sso/binding/redirect/` - - **URL for SLO requests**: `https://authentik.company/application/saml//slo/binding/redirect/` + - **URL target for authentication requests**: `https://authentik.company/application/saml//sso/binding/redirect/` + - **URL for SLO requests**: `https://authentik.company/application/saml//slo/binding/redirect/` - **Public X.509 certificate of the IdP**: Paste the contents of your certificate file. - **Set attribute mappings**: - **Display name**: `http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name` diff --git a/website/integrations/services/node-red/index.md b/website/integrations/services/node-red/index.md index 5c5c0f5899..74a07e89cd 100644 --- a/website/integrations/services/node-red/index.md +++ b/website/integrations/services/node-red/index.md @@ -73,7 +73,7 @@ strategy: { icon:"fa-cloud", strategy: require("passport-openidconnect").Strategy, options: { - issuer: 'https://authentik.company/application/o//', + issuer: 'https://authentik.company/application/o//', authorizationURL: 'https://authentik.company/application/o/authorize/', tokenURL: 'https://authentik.company/application/o/token/', userInfoURL: 'https://authentik.company/application/o/userinfo/', diff --git a/website/integrations/services/open-webui/index.md b/website/integrations/services/open-webui/index.md index 37f0bd8bad..07eb410f0f 100644 --- a/website/integrations/services/open-webui/index.md +++ b/website/integrations/services/open-webui/index.md @@ -49,7 +49,7 @@ Enter the following details from the authentik provider: - Set **OAUTH_CLIENT_ID** to the Client ID copied from authentik. - Set **OAUTH_CLIENT_SECRET** to the Client Secret copied from authentik. - Set **OAUTH_PROVIDER_NAME** to `authentik`. -- Set **OPENID_PROVIDER_URL** to `https://authentik.company/application/o/your-slug-here/.well-known/openid-configuration`. +- Set **OPENID_PROVIDER_URL** to `https://authentik.company/application/o//.well-known/openid-configuration`. - Set **OPENID_REDIRECT_URI** to `https://openwebui.company/oauth/oidc/callback`. - If you wish for new users to be created on Open Web UI, set **ENABLE_OAUTH_SIGNUP** to 'true'. diff --git a/website/integrations/services/outline/index.md b/website/integrations/services/outline/index.md index de6034f1fd..924d774238 100644 --- a/website/integrations/services/outline/index.md +++ b/website/integrations/services/outline/index.md @@ -53,7 +53,7 @@ OIDC_CLIENT_SECRET= OIDC_AUTH_URI=https://authentik.company/application/o/authorize/ OIDC_TOKEN_URI=https://authentik.company/application/o/token/ OIDC_USERINFO_URI=https://authentik.company/application/o/userinfo/ -OIDC_LOGOUT_URI=https://authentik.company/application/o/wiki/end-session/ +OIDC_LOGOUT_URI=https://authentik.company/application/o//end-session/ OIDC_USERNAME_CLAIM=preferred_username OIDC_DISPLAY_NAME=authentik OIDC_SCOPES=openid profile email diff --git a/website/integrations/services/paperless-ngx/index.mdx b/website/integrations/services/paperless-ngx/index.mdx index 3d29f1738d..aaa033532c 100644 --- a/website/integrations/services/paperless-ngx/index.mdx +++ b/website/integrations/services/paperless-ngx/index.mdx @@ -71,7 +71,7 @@ environment: "client_id": "", "secret": "", "settings": { - "server_url": "https://authentik.company/application/o//.well-known/openid-configuration" + "server_url": "https://authentik.company/application/o//.well-known/openid-configuration" } } ], diff --git a/website/integrations/services/pgadmin/index.md b/website/integrations/services/pgadmin/index.md index 8bcd41fbcf..d2e2712080 100644 --- a/website/integrations/services/pgadmin/index.md +++ b/website/integrations/services/pgadmin/index.md @@ -68,7 +68,7 @@ To configure OAuth in pgAdmin, you can either use the `config_local.py` file or 'OAUTH2_AUTHORIZATION_URL': 'https://authentik.company/application/o/authorize/', 'OAUTH2_API_BASE_URL': 'https://authentik.company/', 'OAUTH2_USERINFO_ENDPOINT': 'https://authentik.company/application/o/userinfo/', - 'OAUTH2_SERVER_METADATA_URL': 'https://authentik.company/application/o//.well-known/openid-configuration', + 'OAUTH2_SERVER_METADATA_URL': 'https://authentik.company/application/o//.well-known/openid-configuration', 'OAUTH2_SCOPE': 'openid email profile', 'OAUTH2_ICON': '', 'OAUTH2_BUTTON_COLOR': '' @@ -90,7 +90,7 @@ For deployments using Docker or Kubernetes, you can configure OAuth using the fo ```bash PGADMIN_CONFIG_AUTHENTICATION_SOURCES="['oauth2', 'internal']" PGADMIN_CONFIG_OAUTH2_AUTO_CREATE_USER=True -PGADMIN_CONFIG_OAUTH2_CONFIG="[{'OAUTH2_NAME':'authentik','OAUTH2_DISPLAY_NAME':'Login with authentik','OAUTH2_CLIENT_ID':'','OAUTH2_CLIENT_SECRET':'','OAUTH2_TOKEN_URL':'https://authentik.company/application/o/token/','OAUTH2_AUTHORIZATION_URL':'https://authentik.company/application/o/authorize/','OAUTH2_API_BASE_URL':'https://authentik.company/','OAUTH2_USERINFO_ENDPOINT':'https://authentik.company/application/o/userinfo/','OAUTH2_SERVER_METADATA_URL':'https://authentik.company/application/o//.well-known/openid-configuration','OAUTH2_SCOPE':'openid email profile','OAUTH2_ICON':'','OAUTH2_BUTTON_COLOR':''}]" +PGADMIN_CONFIG_OAUTH2_CONFIG="[{'OAUTH2_NAME':'authentik','OAUTH2_DISPLAY_NAME':'Login with authentik','OAUTH2_CLIENT_ID':'','OAUTH2_CLIENT_SECRET':'','OAUTH2_TOKEN_URL':'https://authentik.company/application/o/token/','OAUTH2_AUTHORIZATION_URL':'https://authentik.company/application/o/authorize/','OAUTH2_API_BASE_URL':'https://authentik.company/','OAUTH2_USERINFO_ENDPOINT':'https://authentik.company/application/o/userinfo/','OAUTH2_SERVER_METADATA_URL':'https://authentik.company/application/o//.well-known/openid-configuration','OAUTH2_SCOPE':'openid email profile','OAUTH2_ICON':'','OAUTH2_BUTTON_COLOR':''}]" ``` ### General Notes diff --git a/website/integrations/services/powerdns-admin/index.md b/website/integrations/services/powerdns-admin/index.md index e88ade5e29..6ab827a342 100644 --- a/website/integrations/services/powerdns-admin/index.md +++ b/website/integrations/services/powerdns-admin/index.md @@ -41,9 +41,9 @@ Set the following values: ```env SAML_ENABLED=True SAML_PATH=os.path.join(os.path.dirname(file), 'saml') -SAML_METADATA_URL=https://authentik.company/application/saml//metadata/ +SAML_METADATA_URL=https://authentik.company/application/saml//metadata/ SAML_METADATA_CACHE_LIFETIME=1 -SAML_LOGOUT_URL=https://authentik.company/application/saml//slo/binding/redirect/ +SAML_LOGOUT_URL=https://authentik.company/application/saml//slo/binding/redirect/ SAML_SP_ENTITY_ID=pdns-admin SAML_SP_CONTACT_NAME=me SAML_SP_CONTACT_MAIL=me diff --git a/website/integrations/services/push-security/index.mdx b/website/integrations/services/push-security/index.mdx index a7719de95f..3e6bcf6c47 100644 --- a/website/integrations/services/push-security/index.mdx +++ b/website/integrations/services/push-security/index.mdx @@ -91,7 +91,7 @@ Push Security requires separate first and last names for each user, but authenti 3. Click **Get Started**, select **Custom SAML**, and click **Next**. 4. Copy both the **Single Sign-On URL** and the **Service Provider Entity URL**. You’ll need these values in the next section. 5. Click **Next**. -6. Choose **Manual**, and enter the following as the **Single Sign-On Login URL**: `https://authentik.company/application/saml//sso/binding/post/` +6. Choose **Manual**, and enter the following as the **Single Sign-On Login URL**: `https://authentik.company/application/saml//sso/binding/post/` 7. Click **Upload signing certificate**, and upload the certificate downloaded from authentik. 8. _(Optional but recommended)_ Under **Advanced Settings**, enable **Sign request**. Then download the verification certificate. You’ll need to import this into authentik. Refer to the [authentik certificate documentation](../../../docs/sys-mgmt/certificates#external-certificates) for guidance. 9. Click **Next**. diff --git a/website/integrations/services/rustdesk-pro/index.mdx b/website/integrations/services/rustdesk-pro/index.mdx index 768b8933eb..cd1dda812c 100644 --- a/website/integrations/services/rustdesk-pro/index.mdx +++ b/website/integrations/services/rustdesk-pro/index.mdx @@ -54,11 +54,11 @@ To support the integration of Rustdesk Server Pro with authentik, you need to cr - Set **Name** to `authentik` - Set **Client ID** to the Client ID copied from authentik. - Set **Client secret** to the Client Secret copied from authentik. - - Set **Issuer** to `https://authentik.company/application/o/slug/` + - Set **Issuer** to `https://authentik.company/application/o//` - Set **Authorization Endpoint** to `https://authentik.company/application/o/authorize/` - Set **Token Endpoint** to `https://authentik.company/application/o/token/` - Set **Userinfo Endpoint** to `https://authentik.company/application/o/userinfo/` - - Set **JWKS Endpoint** to `https://authentik.company/application/o/slug/jwks/` + - Set **JWKS Endpoint** to `https://authentik.company/application/o//jwks/` :::info Users are created automatically on login. Permissions must be assigned by an administrator after user creation. diff --git a/website/integrations/services/semaphore/index.mdx b/website/integrations/services/semaphore/index.mdx index f7c734365d..bc469c0e38 100644 --- a/website/integrations/services/semaphore/index.mdx +++ b/website/integrations/services/semaphore/index.mdx @@ -53,7 +53,7 @@ Add the `oidc_providers` configuration: "oidc_providers": { "authentik": { "display_name": "Sign in with authentik", - "provider_url": "https://authentik.company/application/o//", + "provider_url": "https://authentik.company/application/o//", "client_id": "", "client_secret": "", "redirect_url": "https://semaphore.company/api/auth/oidc/authentik/redirect/", diff --git a/website/integrations/services/semgrep/index.md b/website/integrations/services/semgrep/index.md index d1218915a9..f955b728a4 100644 --- a/website/integrations/services/semgrep/index.md +++ b/website/integrations/services/semgrep/index.md @@ -55,7 +55,7 @@ This documentation lists only the settings that you need to change from their de 5. Fill in the following: - **Display name**: Anything you like. - **Email domain**: `company` - - **IdP SSO URL**: `https://authentik.company/application/saml//sso/binding/post/` + - **IdP SSO URL**: `https://authentik.company/application/saml//sso/binding/post/` - **IdP Issuer ID**: `https://authentik.company` - **Upload/paste certificate**: Downloaded from the previous step. diff --git a/website/integrations/services/skyhigh/index.md b/website/integrations/services/skyhigh/index.md index 8d7a202561..eef5ecae7e 100644 --- a/website/integrations/services/skyhigh/index.md +++ b/website/integrations/services/skyhigh/index.md @@ -31,11 +31,11 @@ This documentation lists only the settings that you need to change from their de While logged in to your Skyhigh Security Dashboard, click the configuration gear and navigate to `User Management` -> `SAML Configuration` -> `Skyhigh Cloud Users` tab -Under the `Identity Provider` section enter the following values (replace `` with the name of the application slug you will use): +Under the `Identity Provider` section enter the following values: - Issuer: `https://authentik.company/skyhigh-dashboard` - Certificate: Upload the signing certificate you will use for the Authentik provider -- Login URL: `https://authentik.company/application/saml//sso/binding/init/` +- Login URL: `https://authentik.company/application/saml//sso/binding/init/` - SP-Initiated Request Binding: HTTP-POST - User exclusions: Select at least one administrator account to login directly (in case something goes wrong with SAML) @@ -78,11 +78,11 @@ While logged in to your Skyhigh Security Dashboard, click the configuration gear Under the `Setup SAML` section click the `New SAML` button. -Configure your SAML provider as follows (replace `` with the name of your slug): +Configure your SAML provider as follows: - SAML Configuration Name: Enter a descriptive name here - Service Provider Entity ID: `https://login.auth.ui.trellix.com/sso/saml2` -- SAML Identity Provider URL: `https://authentik.company/application/saml//sso/binding/post/` +- SAML Identity Provider URL: `https://authentik.company/application/saml//sso/binding/post/` - Identity Provider Entity ID: `https://authentik.company/skyhigh-swg` - User ID Attribute in SAML Response: `http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress` - Group ID Attribute in SAML Response: `http://schemas.xmlsoap.org/claims/Group` diff --git a/website/integrations/services/tandoor/index.md b/website/integrations/services/tandoor/index.md index 5cd4cfbfd6..811a8a9777 100644 --- a/website/integrations/services/tandoor/index.md +++ b/website/integrations/services/tandoor/index.md @@ -46,7 +46,7 @@ Add the following environment variables to your tandoor configuration. Make sure ```sh SOCIAL_PROVIDERS=allauth.socialaccount.providers.openid_connect -SOCIALACCOUNT_PROVIDERS='{"openid_connect":{"APPS":[{"provider_id":"authentik","name":"authentik","client_id":"","secret":"","settings":{"server_url":"https://authentik.company/application/o//.well-known/openid-configuration"}}]}}' +SOCIALACCOUNT_PROVIDERS='{"openid_connect":{"APPS":[{"provider_id":"authentik","name":"authentik","client_id":"","secret":"","settings":{"server_url":"https://authentik.company/application/o//.well-known/openid-configuration"}}]}}' ``` Restart the Tandoor service for the changes to take effect. diff --git a/website/integrations/services/terrakube/index.md b/website/integrations/services/terrakube/index.md index a1437c6b8b..4e85dfb6d3 100644 --- a/website/integrations/services/terrakube/index.md +++ b/website/integrations/services/terrakube/index.md @@ -56,7 +56,7 @@ This guide assumes that you have environment variables `$TERRAKUBE_OIDC_CLIENT_I id: TerrakubeClient name: TerrakubeClient config: - issuer: "https://authentik.company/application/o//" + issuer: "https://authentik.company/application/o//" clientID: $TERRAKUBE_OIDC_CLIENT_ID clientSecret: $TERRAKUBE_OIDC_CLIENT_SECRET redirectURI: "https://terrakube-dex.company/dex/callback" diff --git a/website/integrations/services/ubuntu-landscape/index.md b/website/integrations/services/ubuntu-landscape/index.md index 8d17c63e0c..11a8455b9e 100644 --- a/website/integrations/services/ubuntu-landscape/index.md +++ b/website/integrations/services/ubuntu-landscape/index.md @@ -51,7 +51,7 @@ To support the integration of Landscape with authentik, you need to create an ap On the Landscape Server, edit the file `/etc/landscape/service.conf` and add the following snippet under the `[landscape]` section: ``` -oidc-issuer = https://authentik.company/application/o// +oidc-issuer = https://authentik.company/application/o// oidc-client-id = oidc-client-secret = ``` diff --git a/website/integrations/services/weblate/index.md b/website/integrations/services/weblate/index.md index a0e1da3de1..755c2919d8 100644 --- a/website/integrations/services/weblate/index.md +++ b/website/integrations/services/weblate/index.md @@ -73,7 +73,7 @@ To support the integration of Weblate with authentik, you need to create an appl - **Configure the Provider**: provide a name (or accept the auto-provided name), the authorization flow to use for this provider, and the following required configurations. - Set the **ACS URL** to `https://weblate.company/accounts/complete/saml/`. - Set the **Audience** to `https://weblate.company/accounts/metadata/saml/`. - - Set the **Issuer** to `https://authentik.company/application/saml/application-slug/sso/binding/redirect/`. + - Set the **Issuer** to `https://authentik.company/application/saml//sso/binding/redirect/`. - Set the **Service Provider Binding** to `Post`. - Under **Advanced protocol settings**, select an available signing certificate. Then, under **Property mappings**, add the ones you just created. - **Configure Bindings** _(optional)_: you can create a [binding](/docs/add-secure-apps/flows-stages/bindings/) (policy, group, or user) to manage the listing and access to applications on a user's **My applications** page. @@ -90,8 +90,8 @@ The variables below need to be set, depending on if you deploy in a container or Variables to set - ENABLE_HTTPS: `1` -- SAML_IDP_ENTITY_ID: `https://authentik.company/application/saml/weblate-slug/sso/binding/redirect/` -- SAML_IDP_URL: `https://authentik.company/application/saml/weblate-slug/sso/binding/redirect/` +- SAML_IDP_ENTITY_ID: `https://authentik.company/application/saml//sso/binding/redirect/` +- SAML_IDP_URL: `https://authentik.company/application/saml//sso/binding/redirect/` - SAML_IDP_X509CERT: `MIIFDjCCAvagAwIBAgIRAJV8hH0wGkhGvbhhDKppWIYwDQYJKoZIhvcNAQELBQAw....F9lT9hHwHhsnA=` The `SAML_IDP_X509CERT` is the certificate in the SAML Metadata `X509Certificate` key. diff --git a/website/integrations/services/youtrack/index.md b/website/integrations/services/youtrack/index.md index 8d98e26887..3d1e494ea9 100644 --- a/website/integrations/services/youtrack/index.md +++ b/website/integrations/services/youtrack/index.md @@ -54,7 +54,7 @@ To support the integration of YouTrack with authentik, you need to create an app 2. Click **New module**, then select **SAML 2.0**. 3. Fill out the form with the following information: - **Name**: Set an appropriate name (e.g. `authentik`) - - **SAML SSO URL**: `https://authentik.company/application/saml//sso/binding/redirect/` + - **SAML SSO URL**: `https://authentik.company/application/saml//sso/binding/redirect/` - **IdP entity ID**: `https://youtrack.company/admin/hub/` - **Certificate fingerprint**: Set to the SHA-256 fingerprint retrieved in the previous step. 4. Click **Create** to submit the form and take note of the **ACS URL**. diff --git a/website/integrations/services/zulip/index.md b/website/integrations/services/zulip/index.md index e951cda029..3db934549d 100644 --- a/website/integrations/services/zulip/index.md +++ b/website/integrations/services/zulip/index.md @@ -65,7 +65,7 @@ SOCIAL_AUTH_SAML_ENABLED_IDPS: Dict[str, Any] = { # KEEP OTHER SETTINGS AS DEFAULT OR CONFIGURE THEM ACCORDING TO YOUR PREFERENCES "entity_id": "https://authentik.company", - "url": "https://authentik.company/application/saml//sso/binding/redirect/", + "url": "https://authentik.company/application/saml//sso/binding/redirect/", "display_name": "authentik SAML", }, }