Add Authelia OIDC SSO to Open WebUI

- Add open-webui OIDC client to Authelia config
- Configure open-webui with OIDC env vars pointing to Authelia
- Secret managed via AUTHELIA_OIDC_CLIENT_SECRET_OPEN_WEBUI env var in Portainer

authelia/config/configuration.yaml

@@ -63,6 +63,20 @@ identity_providers:
         # host copy (/srv/authelia/config/configuration.yml). Never commit the key to git.
         # Generate with: openssl genrsa -out /srv/authelia/config/oidc.key 4096
     clients:
+      - client_id: open-webui
+        client_name: Open WebUI
+        client_secret: '${AUTHELIA_OIDC_CLIENT_SECRET_OPEN_WEBUI}'
+        public: false
+        authorization_policy: one_factor
+        token_endpoint_auth_method: client_secret_post
+        redirect_uris:
+          - https://open-webui.kolpacksoftware.com/oauth/oidc/callback
+        scopes:
+          - openid
+          - profile
+          - email
+        userinfo_signed_response_alg: none
+
       - client_id: linkding
         client_name: Linkding
         client_secret: '${AUTHELIA_OIDC_CLIENT_SECRET_LINKDING}'