{# steward/templates/settings/auth.html #} {% extends "base.html" %} {% block title %}Settings — Auth — Steward{% endblock %} {% block content %} {% set active_tab = "auth" %} {% include "settings/_tabs.html" %}
Supports any OIDC provider — Authentik, Keycloak, Authelia, etc. Uses Authorization Code flow. Local admin login always works regardless of OIDC status.
Authentik: https://<host>/application/o/<slug>/.well-known/openid-configuration
https://<host>/application/o/<slug>/.well-known/openid-configuration
Members → admin role
Members → operator role; others → viewer
Binds user credentials against an LDAP/AD directory. Requires the ldap3 Python package (pip install ldap3). If both LDAP and OIDC are enabled, the login form tries LDAP; OIDC uses the SSO button.
ldap3
pip install ldap3
{username} is replaced with the login username. AD example: (sAMAccountName={username})
{username}
(sAMAccountName={username})