f2199f1712
* website/integrations: add documentation for OIDC setup with Xen Orchestra * Dot removed Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com> Signed-off-by: pgumpoldsberger <60177408+pgumpoldsberger@users.noreply.github.com> * Dot added Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com> Signed-off-by: pgumpoldsberger <60177408+pgumpoldsberger@users.noreply.github.com> * Update website/integrations/services/xen-orchestra/index.md Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com> Signed-off-by: pgumpoldsberger <60177408+pgumpoldsberger@users.noreply.github.com> * Update website/integrations/services/xen-orchestra/index.md Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com> Signed-off-by: pgumpoldsberger <60177408+pgumpoldsberger@users.noreply.github.com> * Update website/integrations/services/xen-orchestra/index.md Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com> Signed-off-by: pgumpoldsberger <60177408+pgumpoldsberger@users.noreply.github.com> * Update website/integrations/services/xen-orchestra/index.md Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com> Signed-off-by: pgumpoldsberger <60177408+pgumpoldsberger@users.noreply.github.com> * Update website/integrations/services/xen-orchestra/index.md Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com> Signed-off-by: pgumpoldsberger <60177408+pgumpoldsberger@users.noreply.github.com> * moved XO-configuration-values into a list instead of having numerous steps * remove config params, that are retrieved by Auto-discovery URl anyways * add information about user mapping using the e-mail-address * changed note since auto-user-creation is implemented in the XO OIDC plugin * fix typos Signed-off-by: Jens Langhammer <jens@goauthentik.io> --------- Signed-off-by: pgumpoldsberger <60177408+pgumpoldsberger@users.noreply.github.com> Signed-off-by: Jens Langhammer <jens@goauthentik.io> Co-authored-by: Tana M Berry <tanamarieberry@yahoo.com> Co-authored-by: Jens Langhammer <jens@goauthentik.io>
70 lines
2.8 KiB
Markdown
70 lines
2.8 KiB
Markdown
---
|
|
title: Xen Orchestra
|
|
---
|
|
|
|
<span class="badge badge--secondary">Support level: Community</span>
|
|
|
|
## What is Xen Orchestra
|
|
|
|
> Xen Orchestra provides a user friendly web interface for every Xen based hypervisor (XenServer, xcp-ng, etc.).
|
|
>
|
|
> -- https://xen-orchestra.com/
|
|
|
|
:::note
|
|
Xen Orchestra offers authentication plugins for OpenID Connect, SAML and LDAP. This guide is using the OpenID Connect plugin.
|
|
If you are using the Xen Orchestra Appliance, the OIDC Plugin should be present. If you are using Xen Orchestra compiled from sources, make sure the plugin `auth-oidc` is installed.
|
|
:::
|
|
|
|
## Preparation
|
|
|
|
The following placeholders will be used:
|
|
|
|
- `xenorchestra.company` is the FQDN of the Xen Orchestra instance.
|
|
- `authentik.company` is the FQDN of the authentik install.
|
|
|
|
## authentik configuration
|
|
|
|
### 1. Provider
|
|
|
|
Under _Providers_, create an OAuth2/OpenID provider with these settings:
|
|
|
|
- Name: Provider for XenOrchestra
|
|
- Authorization Flow: Select one of the available Flows.
|
|
- Client type: Confidential
|
|
- Redirect URIs/Origins: `https://xenorchestra.company/signin/oidc/callback`
|
|
|
|
Take note of the Client ID and the Client Secret, because we need them for the configuration of Xen Orchestra.
|
|
|
|
### 2. Application
|
|
|
|
Create an application with the following details:
|
|
|
|
- Slug: `xenorchestra` (If you want to choose a different slug, your URLs for the Xen Orchestra Configuration may vary.)
|
|
- Provider: Select the one we have created in Step 1
|
|
- Set the Launch URL to `https://xenorchestra.company/`
|
|
|
|
Optionally apply access restrictions to the application.
|
|
|
|
## Xen Orchestra configuration
|
|
|
|
Xen Orchestra allows the configuration of the OpenID Connect authentication in the plugin-section.
|
|
All of the URLs mentioned below can be copied & pasted from authentik (_Applications -> Providers -> *the provider created earlier*_).
|
|
|
|
1. Navigate to Settings -> Plugins
|
|
2. Scroll to **auth-oidc** and click on the **+** icon on the right hand side.
|
|
3. Configure the auth-oidc plugin with the following configuration values:
|
|
|
|
- Set the `Auto-discovery URL` to `https://authentik.company/application/o/xenorchestra/.well-known/openid-configuration`.
|
|
- Set the `Client identifier (key)` to the Client ID from your notes.
|
|
- Set the `Client secret` to the Client Secret from your notes.
|
|
- Check the `Fill information (optional)`-Checkbox to open the advanced menu.
|
|
- Set the `Username field` to `username`
|
|
- Set the `Scopes` to `openid profile email`
|
|
|
|
4. Enable the `auth-oidc`-Plugin by toggling the switch above the configuration.
|
|
5. You should be able to login with OIDC.
|
|
|
|
:::note
|
|
The first time a user signs in, Xen Orchesta will create a new user with the same username used in authentik. If you want to map the users by their e-mail-address instead of their username, you have to set the `Username field` to `email` in the Xen Orchestra plugin configuration.
|
|
:::
|