The error messages that indicate that Authelia is unable to access the secret files in the specified paths due to file permission issues. This typically happens when the user running the Authelia process does not have the correct permissions to read the files.
Here’s how you can troubleshoot and resolve this:
-
Check File Permissions:
- Ensure that the files in
/config/secrets/
and their directories are readable by the user running the Authelia service. - You can adjust the permissions using the
chmod
command. For example:chmod 644 /config/secrets/mariadb/ chmod 644 /config/secrets/session chmod 644 /config/secrets/jwtsecret chmod 644 /config/secrets/oidc.pem chmod 644 /config/secrets/storage chmod 644 /config/secrets/redis
- Additionally, ensure the directory
/config/secrets/
is accessible:chmod 755 /config/secrets/
- Ensure that the files in
-
Check File Ownership:
- Ensure that the files are owned by the user running the Authelia process. You can change the ownership using the
chown
command:chown authelia:authelia /config/secrets/mariadb/ chown authelia:authelia /config/secrets/session chown authelia:authelia /config/secrets/jwtsecret chown authelia:authelia /config/secrets/oidc.pem chown authelia:authelia /config/secrets/storage chown authelia:authelia /config/secrets/redis
- Ensure that the files are owned by the user running the Authelia process. You can change the ownership using the
-
Verify the Path:
- Double-check that the paths provided in the Authelia configuration file match the actual file paths.
-
Run the Service with Sufficient Privileges:
- If Authelia is running in a container, ensure that the container has the necessary permissions to access the host’s filesystem.
- If necessary, adjust the user permissions within the container.
-
Configure the JWKS:
- The final error message,
identity_providers: oidc: option jwks is required
, indicates that the JWKS (JSON Web Key Set) configuration is missing. Make sure that you have correctly configured this in yourauthelia.yml
under theidentity_providers
section for OpenID Connect (OIDC).
- The final error message,
This solves the error mostly.