October 17, 2025Oct 17 I setup an oidc provider to login in unraid.I can't believe i had not seen that before.My unraid server is 7.1.4I used authentik (for now version 2025.8.3) as provider (runs in a compose stack on unraid).Here are my comments:according to the doc you need to fill in the issuer url without a trailing slash. In my case that was not working withoutwhen you type the uri in authentik the docs says: http://YOUR_UNRAID_IP/graphql/api/auth/oidc/callback But if you run unraid on a non standard port you have to include it. On port 80 i run authentik so the result is weird.when you log out of unraid you stay logged in authentik. Many apps implementing oidc provide a choice when logging out to log out from the app or from auth provider toowhen you try to log in with an unauthorized user ( in my case i use group membership as condition) you have a screen indicating "authentication failed" but when you try to login again with an authorized user you can't as you are still logged in authentik but with an unauthorized account. You then have to logout from authentik. That means open a new tab on authentik and log out from authentik. It's not a big deal but it's not very convenient.For authorizing a user i prefer to use a group membership. It's not documented in unraid doc but you can find info on that as jellyfin oauth2 use the same thing.Basically you have to create a user group in authentik and put in all the users you want to authorize.Then you have to create a scope mapping :name: group membershipslug: groupsexpression: return [group.name for group in user.ak_groups.all()]description : see which group the user belong toThen you edit authentik provider and in advanced protocol settings you had the group membership to the already selected scopes.If i understood correctly all authorized users are logged in as root user in unraid.I upgraded my backup server to 7.2 RC1 i will try on this one to see there is the same behavior.I wonder if i could use the same authentik provider for my second server. That could work, i would have just to add the callback uri of the second server to the provider in authentik.Anyway this is a great step forward.😃edit: doesn't work with one provider for 2 servers. Edited October 17, 2025Oct 17 by caplam
October 22, 2025Oct 22 Community Expert ???https://forums.unraid.net/topic/194341-solved-oidc-microsoft-config-nightmare/ https://docs.goauthentik.io/add-secure-apps/flows-stages/stages/authenticator_totp/ https://www.youtube.com/watch?v=N5unsATNpJk&pp=0gcJCdgAo7VqN5tD https://www.reddit.com/r/unRAID/comments/u46n92/authentik_how_to_install_with_docker_and_why_you/
October 31, 2025Oct 31 How did you fix the fact that the issuer URL will not allow a trailing slash, but then Authentik will not work unless you have the trailing slash? It sounds like you overcame it, but how?
October 31, 2025Oct 31 The UI gives me an error but does in fact save with the trailing "/". This was needed for me to get SSO to work with Authentik.
October 31, 2025Oct 31 11 hours ago, vtmikel said:The UI gives me an error but does in fact save with the trailing "/". This was needed for me to get SSO to work with Authentik.Thanks this is right. I hope maybe they will get rid of that error considering the trailing "/" is needed. I am all set now (had some issues whitelisting usernames but emails worked).
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.