I can confirm this works with kanidm

[ieugen]

Hello,

I tried this plugin with kanidm 1.3.3 https://github.com/kanidm/kanidm

• https://kanidm.github.io/kanidm/stable/integrations/oauth2.html

I've tested it with the docker compose test setup of traefik-oidc-auth .

# Configure oauth2 app for https://github.com/sevensolutions/traefik-oidc-auth.git

kanidm system oauth2 create my-app "My Awesome app" https://app.example.com

kanidm system oauth2 add-redirect-url my-app https://app.example.com
kanidm system oauth2 add-redirect-url my-app http://localhost:8080
kanidm system oauth2 add-redirect-url my-app http://localhost:9080

# Create group for app access
kanidm group create my_app_users --name idm_admin
kanidm group add-members my_app_users bob --name idm_admin
kanidm group add-members my_app_users alice --name idm_admin

kanidm system oauth2 update-scope-map my-app my_app_users openid email profile

kanidm system oauth2 show-basic-secret my-app

PROVIDER_URL=https://idm.example.com/oauth2/openid/my-app
CLIENT_ID=my-app
CLIENT_SECRET=____REDACTED___

[sevensolutions]

Hi @ieugen
great to hear that and thanks for sharing this information. 👍

[ieugen]

Using this middleware config:

    my-oidc:
      plugin:
        traefik-oidc-auth:
          Provider:
            UrlEnv: "PROVIDER_URL"
            ClientIdEnv: "CLIENT_ID"
            ClientSecretEnv: "CLIENT_SECRET"
            UsePkce: true 
          Scopes: ["openid", "profile", "email"]
          Headers:
            MapClaims:
              - Claim: "preferred_username"
                Header: "X-Oidc-Username"
              - Claim: "sub"
                Header: "X-Oidc-Subject"

[sevensolutions]

Does anyone want to create a PR to document the use of kanidm on the website?