Add SSO sample configuration for Authelia

Signed-off-by: Thilo-Alexander Ginkel <[email protected]>

Author: ginkel

docs/setup/sso.md

@@ -68,6 +68,59 @@ If there is only one upstream provider configured and the local password databas
 
 This section contains sample configurations for popular OIDC providers.
 
+### Authelia
+
+These instructions assume that you have already enabled the OIDC provider support in [Authelia](https://www.authelia.com/).
+
+Add a client for MAS to the Authelia configuration:
+
+```yaml
+  - client_id: "<client-id>" # TO BE FILLED
+    client_name: Matrix
+    client_secret: "<client-secret>" # TO BE FILLED
+    public: false
+    redirect_uris:
+      - https://<mas-fqdn>/upstream/callback/<id>
+    scopes:
+      - openid
+      - groups
+      - profile
+      - email
+    grant_types:
+      - 'refresh_token'
+      - 'authorization_code'
+    response_types:
+      - code
+```
+
+Authentication service configuration:
+
+```yaml
+upstream_oauth2:
+  providers:
+    providers:
+    - id: <id>
+      human_name: Authelia
+      issuer: "https://<authelia-fqdn>" # TO BE FILLED W/O ANY TRAILING SLASHES
+      client_id: "<client-id>" # TO BE FILLED
+      client_secret: "<client-secret>" # TO BE FILLED
+      token_endpoint_auth_method: client_secret_basic
+      scope: "openid profile email"
+      discovery_mode: insecure
+      claims_imports:
+          localpart:
+            action: require
+            template: "{{ user.preferred_username }}"
+          displayname:
+            action: suggest
+            template: "{{ user.name }}"
+          email:
+            action: suggest
+            template: "{{ user.email }}"
+            set_email_verification: always
+```
+
+
 ### Authentik
 
 [Authentik](https://goauthentik.io/) is an open-source IdP solution.