habsi/authentik
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
f1c5f43419fb080ee4347955bc13cdcc4eadb06f
authentik/website/integrations/services/freshrss/index.mdx
Dominic R 07f0666a6f website/integrations: general cleanup and updates (#12716) 
* squash commits for future merge conflict resolution, if any

* adventurelog cleanup + lint

* lint (again)

* Update website/integrations/services/adventurelog/index.mdx

Co-authored-by: Dewi Roberts <dewi@goauthentik.io>
Signed-off-by: Dominic R <dominic@sdko.org>

* Update website/integrations/services/actual-budget/index.mdx

Co-authored-by: Dewi Roberts <dewi@goauthentik.io>
Signed-off-by: Dominic R <dominic@sdko.org>

* Update website/integrations/services/apache-guacamole/index.mdx

Co-authored-by: Dewi Roberts <dewi@goauthentik.io>
Signed-off-by: Dominic R <dominic@sdko.org>

* Update website/integrations/services/gatus/index.mdx

Co-authored-by: Dewi Roberts <dewi@goauthentik.io>
Signed-off-by: Dominic R <dominic@sdko.org>

* Update website/integrations/services/bookstack/index.mdx

Co-authored-by: Dewi Roberts <dewi@goauthentik.io>
Signed-off-by: Dominic R <dominic@sdko.org>

* Update website/integrations/services/freshrss/index.mdx

Co-authored-by: Dewi Roberts <dewi@goauthentik.io>
Signed-off-by: Dominic R <dominic@sdko.org>

* Update website/integrations/services/budibase/index.md

Co-authored-by: Dewi Roberts <dewi@goauthentik.io>
Signed-off-by: Dominic R <dominic@sdko.org>

* Update website/integrations/services/cloudflare-access/index.md

Co-authored-by: Dewi Roberts <dewi@goauthentik.io>
Signed-off-by: Dominic R <dominic@sdko.org>

* Update website/integrations/services/dokuwiki/index.md

Co-authored-by: Dewi Roberts <dewi@goauthentik.io>
Signed-off-by: Dominic R <dominic@sdko.org>

* Update website/integrations/services/frappe/index.md

Co-authored-by: Dewi Roberts <dewi@goauthentik.io>
Signed-off-by: Dominic R <dominic@sdko.org>

* Update website/integrations/services/espocrm/index.md

Co-authored-by: Dewi Roberts <dewi@goauthentik.io>
Signed-off-by: Dominic R <dominic@sdko.org>

* Update website/integrations/services/fortimanager/index.md

Co-authored-by: Dewi Roberts <dewi@goauthentik.io>
Signed-off-by: Dominic R <dominic@sdko.org>

* Update website/integrations/services/fortigate-admin/index.md

Co-authored-by: Dewi Roberts <dewi@goauthentik.io>
Signed-off-by: Dominic R <dominic@sdko.org>

* Update website/integrations/services/firezone/index.md

Co-authored-by: Dewi Roberts <dewi@goauthentik.io>
Signed-off-by: Dominic R <dominic@sdko.org>

* fix

Signed-off-by: Dominic R <dominic@sdko.org>

* wip: migr actual budget integration to new codeblock

* Replaced multilinecodeblocks with docusaurus style codeblocks

* Fixed linting and removed kbd and em tags from codeblock

---------

Signed-off-by: Dominic R <dominic@sdko.org>
Co-authored-by: Dewi Roberts <dewi@goauthentik.io>
2025-04-16 15:16:01 -05:00

77 lines
4.0 KiB
Plaintext
Raw Blame History

---
title: Integrate with FreshRSS
sidebar_label: FreshRSS
---
# Integrate with FreshRSS
<span class="badge badge--secondary">Support level: Community</span>
## What is FreshRSS
> FreshRSS is a self-hosted RSS feed aggregator.
>
> -- https://github.com/FreshRSS/FreshRSS
## Preparation
The following placeholders are used in this guide:
- `freshrss.company` is the FQDN of the FreshRSS installation.
- `authentik.company` is the FQDN of the authentik installation.
:::note
This documentation only lists the settings that have been changed from their default values. Please verify your changes carefully to avoid any issues accessing your application.
:::
## authentik configuration
To support the integration of FreshRss with authentik, you need to create an application/provider pair in authentik.
### Create an application and provider in authentik
1. Log in to authentik as an admin, and open the authentik Admin interface.
2. Navigate to **Applications** > **Applications** and click **Create with Provider** to create an application and provider pair. (Alternatively you can first create a provider separately, then create the application and connect it with the provider.)
- **Application**: provide a descriptive name, an optional group for the type of application, the policy engine mode, and optional UI settings.
- **Choose a Provider type**: select **OAuth2/OpenID Connect** as the provider type.
- **Configure the Provider**: provide a name (or accept the auto-provided name), the authorization flow to use for this provider, and the following required configurations.
- Note the **Client ID**,**Client Secret**, and **slug** values because they will be required later.
- Add two `Strict` redirect URI and set them to <kbd>https://<em>freshrss.company</em>/i/oidc/</kbd> and <kbd>https://<em>freshrss.company:443</em>/i/oidc/</kbd>. If FreshRSS is exposed on a port other than `443`, update the second redirect URI accordingly.
- Select any available signing key.
- **Configure Bindings** _(optional)_: you can create a [binding](/docs/add-secure-apps/flows-stages/bindings/) (policy, group, or user) to manage the listing and access to applications on a user's **My applications** page.
3. Click **Submit** to save the new application and provider.
## FreshRSS configuration
:::info
This integration is compatible only with Docker or Kubernetes installations of FreshRSS that use the [FreshRSS Docker image](https://hub.docker.com/r/freshrss/freshrss/) on x86_64 systems. Note that the Alpine version of the image is not supported. For more details, see [this issue on the FreshRSS GitHub repository](https://github.com/FreshRSS/FreshRSS/issues/5722).
:::
:::warning
Before restarting your Docker container, ensure that at least one Admin user in your FreshRSS instance has a username that matches an authentik user.
:::
To enable OIDC login with FreshRSS, update your `.env` file to include the following variables:
```yaml showLineNumbers
OIDC_ENABLED=1
OIDC_PROVIDER_METADATA_URL=https://authentik.company/application/o/<your-application-slug>/.well-known/openid-configuration
OIDC_CLIENT_ID=<Your Client ID from authentik<>
OIDC_CLIENT_SECRET=<Your Client Secret from authentik>
OIDC_X_FORWARDED_HEADERS=X-Forwarded-Port X-Forwarded-Proto X-Forwarded-Host
OIDC_SCOPES=openid email profile
```
Once your container or pod is restarted, attempt to login as a user that exists in both FreshRSS and authentik. Go to **Settings** -> **Authentication** and set the authentication method to **HTTP**.
## Resources
- [FreshRSS documentation for OpenID Connect](https://freshrss.github.io/FreshRSS/en/admins/16_OpenID-Connect.html).
- [FreshRSS documentation for OIDC with authentik](https://freshrss.github.io/FreshRSS/en/admins/16_OpenID-Connect-Authentik.html)
## Configuration verification
To verify that authentik is correctly set up with FreshRSS, log out of FreshRSS and try logging back in using authentik. You should see a new button on the login page for OIDC authentication.
Reference in New Issue View Git Blame Copy Permalink