Add Authelia OIDC SSO to Open WebUI

- Add open-webui OIDC client to Authelia config
- Configure open-webui with OIDC env vars pointing to Authelia
- Secret managed via AUTHELIA_OIDC_CLIENT_SECRET_OPEN_WEBUI env var in Portainer

authelia/config/configuration.yaml

@@ -63,6 +63,20 @@ identity_providers:
         # host copy (/srv/authelia/config/configuration.yml). Never commit the key to git.
         # Generate with: openssl genrsa -out /srv/authelia/config/oidc.key 4096
     clients:
+      - client_id: open-webui
+        client_name: Open WebUI
+        client_secret: '${AUTHELIA_OIDC_CLIENT_SECRET_OPEN_WEBUI}'
+        public: false
+        authorization_policy: one_factor
+        token_endpoint_auth_method: client_secret_post
+        redirect_uris:
+          - https://open-webui.kolpacksoftware.com/oauth/oidc/callback
+        scopes:
+          - openid
+          - profile
+          - email
+        userinfo_signed_response_alg: none
+
       - client_id: linkding
         client_name: Linkding
         client_secret: '${AUTHELIA_OIDC_CLIENT_SECRET_LINKDING}'

ollama/docker-compose.yml

@@ -25,6 +25,12 @@ services:
     environment:
       - OLLAMA_BASE_URL=http://ollama:11434
       - TZ=America/New_York
+      - ENABLE_OAUTH_SIGNUP=true
+      - OAUTH_MERGE_ACCOUNTS_BY_EMAIL=true
+      - OAUTH_PROVIDER_NAME=Authelia
+      - OPENID_PROVIDER_URL=https://auth.kolpacksoftware.com/.well-known/openid-configuration
+      - OAUTH_CLIENT_ID=open-webui
+      - OAUTH_CLIENT_SECRET=${AUTHELIA_OIDC_CLIENT_SECRET_OPEN_WEBUI}
     volumes:
       - /srv/open-webui:/app/backend/data
     depends_on: