Argo CD

Tested Versions

Before You Begin

Common Notes

  1. You are required to utilize a unique client id for every client.
  2. The client id on this page is merely an example and you can theoretically use any alphanumeric string.
  3. You should not use the client secret in this example, We strongly recommend reading the Generating Client Secrets guide instead.

Assumptions

This example makes the following assumptions:

  • Application Root URL: https://argocd.example.com
  • Authelia Root URL: https://auth.example.com
  • Client ID: argocd
  • Client Secret: argocd_client_secret
  • CLI Client ID: argocd-cli

Configuration

Application

To configure Argo CD to utilize Authelia as an OpenID Connect Provider use the following configuration:

name: Authelia
issuer: https://auth.example.com
clientID: argocd
clientSecret: argocd_client_secret
cliClientID: argocd-cli
requestedScopes:
  - openid
  - profile
  - email
  - groups

Authelia

The following YAML configuration is an example Authelia client configuration for use with Argo CD which will operate with the above example:

- id: argocd
  description: Argo CD
  secret: '$plaintext$argocd_client_secret'
  public: false
  authorization_policy: two_factor
  redirect_uris:
    - https://argocd.example.com/auth/callback
  scopes:
    - openid
    - groups
    - email
    - profile
  userinfo_signing_algorithm: none
- id: argocd-cli
  description: Argo CD (CLI)
  public: true
  authorization_policy: two_factor
  redirect_uris:
    - http://localhost:8085/auth/callback
  scopes:
    - openid
    - groups
    - email
    - profile
    - offline_access
  userinfo_signing_algorithm: none

See Also