Hello,
I would like to setup SSO between truenas apps with OpenID connect. I have setup an Authentik app to be my OIDC provider. I have setup a Zoraxy reverse proxy to be the TLS termination and to map subdomains to apps instead of multiple ports. I have generated a certificate authority and server certificate with TrueNAS, and deployed the CA in the truststore of TrueNAS and of my client devices.
Problem: when I ask my app (for example I’m trying with Immich) to accept my Authentik instance as OIDC provider, reachable at https ://authentik.mylocaldomain.tld/, I get a TLS error, certainly because of the untrusted CA. What is the idiomatic way to make the TrueNAS Apps trust a CA, which is already in TrueNAS truststore ? It seems like Apps do not share TrueNAS truststore.
I precise that all the apps are directly taken from Truenas apps catalog. I also tested with Nextcloud and I also get an error with OIDC discovery endpoint unreachable, for curl it is because of the self-signed certificate in certificate chain.
Thank you