website/integrations: Node-Red integration with openidconnect (#3221)
* add Node-Red integration doc * Node-Red Protocol settings + linting fixes
This commit is contained in:
parent
6f7984d05a
commit
5ec052bd92
106
website/integrations/services/node-red/index.md
Normal file
106
website/integrations/services/node-red/index.md
Normal file
|
@ -0,0 +1,106 @@
|
|||
---
|
||||
title: Node-RED
|
||||
---
|
||||
|
||||
<span class="badge badge--secondary">Support level: Community</span>
|
||||
|
||||
## What is Node-RED
|
||||
|
||||
From https://nodered.org/
|
||||
|
||||
:::note
|
||||
Node-RED is a programming tool for wiring together hardware devices, APIs and online services in new and interesting ways.
|
||||
|
||||
It provides a browser-based editor that makes it easy to wire together flows using the wide range of nodes in the palette that can be deployed to its runtime in a single-click.
|
||||
:::
|
||||
|
||||
:::warning
|
||||
This requires modification of the Node-RED settings.js and installing additional Passport-js packages, see [Securing Node-RED](https://nodered.org/docs/user-guide/runtime/securing-node-red#oauthopenid-based-authentication) documentation for further details.
|
||||
:::
|
||||
|
||||
## Preparation
|
||||
|
||||
The following placeholders will be used:
|
||||
|
||||
- `authentik.company` is the FQDN of authentik.
|
||||
- `nodred.company` is the FQDN of Node-RED.
|
||||
|
||||
### Step 1
|
||||
|
||||
In authentik, create an _OAuth2/OpenID Provider_ (under _Resources/Providers_) with these settings:
|
||||
|
||||
:::note
|
||||
Only settings that have been modified from default have been listed.
|
||||
:::
|
||||
|
||||
- Name: Node-RED
|
||||
|
||||
**Protocol Settings**
|
||||
|
||||
- Redirect URIs/Origins (RegEx): https://nodred.company/auth/strategy/callback/
|
||||
- Signing Key: Select any available key
|
||||
|
||||
:::note
|
||||
Take note of the `Client ID` and `Client Secret`, you'll need to give them to Node-RED in _Step 3_.
|
||||
:::
|
||||
|
||||
### Step 2
|
||||
|
||||
In authentik, create an application (under _Resources/Applications_) which uses this provider. Optionally apply access restrictions to the application using policy bindings.
|
||||
|
||||
:::note
|
||||
Only settings that have been modified from default have been listed.
|
||||
:::
|
||||
|
||||
- Name: Node-RED
|
||||
- Slug: nodered-slug
|
||||
- Provider: Node-RED
|
||||
|
||||
Optionally you can link directly to the authentication strategy
|
||||
|
||||
- Launch URL: https://nodred.company/auth/strategy/
|
||||
|
||||
### Step 3
|
||||
|
||||
:::note
|
||||
Group based permissions are not implemented in the below example
|
||||
:::
|
||||
|
||||
Use npm to install passport-openidconnect
|
||||
|
||||
Navigate to the node-red `node_modules` directory, this is dependant on your chosen install method. In the official Node-RED docker container the `node_modules` directory is located in the data volume `data/node_modules/`. Alternatively enter the docker container `docker exec -it nodered bash` and `cd /data/node_modules` to utilise npm within the docker container.
|
||||
|
||||
Run the command `npm install passport-openidconnect`
|
||||
|
||||
### Step 4
|
||||
|
||||
Edit the node-red settings.js file `/data/settings.js` to use the external authentication source via passport-openidconnect.
|
||||
|
||||
```js
|
||||
adminAuth: {
|
||||
type:"strategy",
|
||||
strategy: {
|
||||
name: "openidconnect",
|
||||
label: 'Sign in with authentik',
|
||||
icon:"fa-cloud",
|
||||
strategy: require("passport-openidconnect").Strategy,
|
||||
options: {
|
||||
issuer: 'https://authentik.company/application/o/<application-slug>/',
|
||||
authorizationURL: 'https://authentik.company/application/o/authorize/',
|
||||
tokenURL: 'https://authentik.company/application/o/token/',
|
||||
userInfoURL: 'https://authentik.company/application/o/userinfo/',
|
||||
clientID: '<Client ID (Key): Step 2>',
|
||||
clientSecret: '<Client Secret: Step 2>',
|
||||
callbackURL: 'https://nodered.company/auth/strategy/callback/',
|
||||
scope: ['email', 'profile', 'openid'],
|
||||
proxy: true,
|
||||
verify: function(issuer, profile, done) {
|
||||
done(null, profile)
|
||||
}
|
||||
}
|
||||
},
|
||||
users: function(user) {
|
||||
return Promise.resolve({ username: user, permissions: "*" });
|
||||
}
|
||||
},
|
||||
```
|
|
@ -88,6 +88,7 @@ module.exports = {
|
|||
],
|
||||
},
|
||||
"services/home-assistant/index",
|
||||
"services/node-red/index",
|
||||
"services/kimai/index",
|
||||
"services/sonarr/index",
|
||||
"services/tautulli/index",
|
||||
|
|
Reference in a new issue