May 27, 2024
Homelab Tutorial
The goal of this tutorial is to log into Cloudflare Access applications by using your Synology DSM credentials.
First download and install the Synology SSO Server package on your NAS by going to Package Center. From there open up the newly installed Synology SSO Server package and change the account type to âDomain/LDAP/Localâ to enable logging in using your DSM credentials. Then edit your server URL to the external URL you use to access your NAS. I added /sso to the end of my URL to provide distinction. Click âServiceâ and enable the OIDC server with the checkbox and click âApplyâ. Go to the âApplicationâ section in the sidebar. Click âAddâ then select âOIDC' and click âNextâ. Name your application anything you'd like and enter your Cloudflare Access domain in the âRedirect URI Fieldâ. Ex. https://example.cloudflareaccess.com/cdn-cgi/access/callback. From there click âEditâ on your newly added application. This will show you the Application ID and Secret we will need for the next step.
Go to your Cloudflare dashboard and click 'Zero Trust' in the sidebar. Go to âSettingsâ then âAuthenticationâ and click âAdd Newâ under âLogin methodsâ. Choose âOpenID Connectâ. Name your OIDC connection anything youâd like. Enter the âApplication IDâ value from Synology SSO Server in the âApp IDâ field in Cloudflare Access. Enter the âApplication secretâ value in the âClient secretâ field. Next we will find the required URLs for Cloudflare Access by going to your Synology SSO Server and clicking âServiceâ which will show the OIDC âWell-known URLâ.
Open this URL in a new tab. Copy the âauthorization_endpointâ URL to the 'Auth URL' field in Cloudflare Access. Copy the âtoken_endpointâ URL to the 'Token URLâ field. Copy the âjwks_uriâ URL to the âCertificate URLâ field.
In the âEmail claimâ field on Cloudflare Access type âemailâ. From there we can test our configuration by clicking the âTestâ button on Cloudflare Access. If everything is set up right you should see a success page. You can now save the configuration and add it to your Applications on Cloudflare Access.