habsi/authentik
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
a5babb4976adf7044e1a4ef941def06a4b444d30
authentik/website/integrations/services/freshrss/index.md
ZuluWhiskey 507f9b7ae2 website/integrations: multiple integration edits (#7923) 
* Update authentik aspect of Fresh RSS documentation to flow better

* Changes to standardise documentation across Integrations

* Removing a comma

* Changes to Gravtee to standardise documentation across Integrations

* - Changing Home-Assistant to Home Assistant
- Attempt to standardise the documentation
- Attempted to make the Home Assistant configuration easier to follow

* make website for gravitee and immich#

* Fixing MD formatting

* make website for freshrss and home assistant

* Fix Immich note formatting

* make website immich to fix notes formatting

* fix typo

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* Move authentik section above the Home Assistant section for consistency

---------

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
Co-authored-by: Jens Langhammer <jens@goauthentik.io>
2024-02-23 12:52:17 -06:00

2.9 KiB
Raw Blame History

title
title
FreshRSS

Support level: Community

What is FreshRSS

FreshRSS is a self-hosted RSS feed aggregator.

-- https://github.com/FreshRSS/FreshRSS

Preparation

The following placeholders will be used:

  • freshrss.company is the FQDN of the FreshRSS install.
  • port is the port on which the FreshRSS install is running (usually 443)
  • authentik.company is the FQDN of the authentik install.

authentik configuration

  1. Create an OAuth2/OpenID Provider under Applications > Providers using the following settings:

    • Name: FreshRSS
    • Authorization flow: default-provider-authorization-explicit-consent
    • Protocol Settings:
      • Client Type: Confidential
      • Client ID: Either create your own Client ID or use the auto-populated ID
      • Client Secret: Either create your own Client Secret or use the auto-populated secret :::note Take note of the Client ID and Client Secret, you'll need them later. :::
    • Redirect URIs/Origins:
      • https://freshrss.company/i/oidc/
      • https://freshrss.company:port/i/oidc
    • Signing Key: Any of your signing keys
    • Leave everything else as default

  2. Create an Application under Applications > Applications using the following settings:

    • Name: FreshRSS
    • Slug: freshrss
    • Provider: FreshRSS (the provider you created in step 1)
    • Leave everything else as default

FreshRSS configuration

:::info This integration only works with the Docker or Kubernetes install of FreshRSS, using FreshRSS docker image, on x86_64 systems and without the Alpine version of the image. More information can be found on this issue on FreshRSS GitHub :::

Add those environment variables to your Docker image :

  • OIDC_ENABLED : 1
  • OIDC_PROVIDER_METADATA_URL : https://authentik.company/application/o/<application-slug>/.well-known/openid-configuration replacing <application-slug> with the slug of your created application
  • OIDC_CLIENT_ID : the client ID of your provider
  • OIDC_CLIENT_SECRET : the client secret of your provider
  • OIDC_X_FORWARDED_HEADERS : X-Forwarded-Port X-Forwarded-Proto X-Forwarded-Host
  • OIDC_SCOPES : openid email profile

Before restarting your Docker container, ensure that one of the Admin users of your FreshRSS instance has the same login as one of your Authentik user.

Restart your FreshRSS container, and login as a user that exists on both FreshRSS and your Authentik. Navigate to Settings > Authentication in your FreshRSS instance, and choose as an authentication method HTTP (for advanced users with HTTPS)

You can find additional information on FreshRSS documentation