tsidp
command
This package is not in the latest version of its module.
Details
Validgo.mod file
The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
- Redistributable license
Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
- Tagged version
Modules with tagged versions give importers more predictable builds.
- Stable version
When a project reaches major version v1 it is considered stable.
- Learn more about best practices
Repository
Links
Open Source Insights
README¶
[!CAUTION]Development of tsidp has been moved tohttps://github.com/tailscale/tsidp and it is no longer maintained here. Please visit the new repository to see the latest updates, file an issue, or contribute.
tsidp - Tailscale OpenID Connect (OIDC) Identity Provider
tsidp is an OIDC Identity Provider (IdP) server that integrates with your Tailscale network. It allows you to use Tailscale identities for authentication in applications that support OpenID Connect, enabling single sign-on (SSO) capabilities within your tailnet.
Prerequisites
- A Tailscale network (tailnet) with magicDNS and HTTPS enabled
- A Tailscale authentication key from your tailnet
- Docker installed on your system
Installation using Docker
Pre-built image
A pre-built tsidp image exists attailscale/tsidp:unstable.
Building from Source
# Clone the Tailscale repositorygit clone https://github.com/tailscale/tailscale.gitcd tailscale# Build and publish to your own registrymake publishdevtsidp REPO=ghcr.io/yourusername/tsidp TAGS=v0.0.1 PUSH=trueRunning the Container
ReplaceYOUR_TAILSCALE_AUTHKEY with your Tailscale authentication key:
docker run -d \ --name tsidp \ -p 443:443 \ -e TS_AUTHKEY=YOUR_TAILSCALE_AUTHKEY \ -e TAILSCALE_USE_WIP_CODE=1 \ -v tsidp-data:/var/lib/tsidp \ ghcr.io/yourusername/tsidp:v0.0.1 \ tsidp --hostname=idp --dir=/var/lib/tsidpVerify Installation
docker logs tsidpVisithttps://idp.tailnet.ts.net to confirm the service is running.
Usage Example: Proxmox Integration
Here's how to configure Proxmox to usetsidp for authentication:
In Proxmox, navigate to Datacenter > Realms > Add OpenID Connect Server
Configure the following settings:
- Issuer URL:
https://idp.velociraptor.ts.net - Realm:
tailscale(or your preferred name) - Client ID:
unused - Client Key:
unused - Default:
true - Autocreate users:
true - Username claim:
email
- Issuer URL:
Set up user permissions:
- Go to Datacenter > Permissions > Groups
- Create a new group (e.g., "tsadmins")
- Click Permissions in the sidebar
- Add Group Permission
- Set Path to
/for full admin access or scope as needed - Set the group and role
- Add Tailscale-authenticated users to the group
Configuration Options
Thetsidp server supports several command-line flags:
--verbose: Enable verbose logging--port: Port to listen on (default: 443)--local-port: Allow requests from localhost--use-local-tailscaled: Use local tailscaled instead of tsnet--hostname: tsnet hostname--dir: tsnet state directory
Environment Variables
TS_AUTHKEY: Your Tailscale authentication key (required)TS_HOSTNAME: Hostname for thetsidpserver (default: "idp", Docker only)TS_STATE_DIR: State directory (default: "/var/lib/tsidp", Docker only)TAILSCALE_USE_WIP_CODE: Enable work-in-progress code (default: "1")
Support
This is an experimental, work in progress,community project. For issues or questions, file issues on theGitHub repository.
License
BSD-3-Clause License. SeeLICENSE for details.
Documentation¶
Overview¶
The tsidp command is an OpenID Connect Identity Provider server.
Seehttps://github.com/tailscale/tailscale/issues/10263 for background.
Source Files