Hi @paul-grist , Thank you for your sincere reply. According to your solution, I have been able to log in to my self-built Grist. I can protect my data now. In the process of modifying the dex.yaml, two more things should be noted.
- The environment variable
EMAILstill needs to be set. Otherwise, an error will be reported as:
Error: Please provide an EMAIL, needed for certificates and initial login.
The environment variable PASSWORD does not need to be set.
-
dex.yamlseems to need to be mapped to its default location, otherwise it will still reportNo /custom/dex.yaml. You can use the commandfind / -name "dex.yaml"to search fordex.yamlin the entire docker container. In my case (TrueNAS Scale), the path todex.yamlis/settings/dex.yaml.
For SAML, according to the instructions at the help center, I successfully made the key pair (where I got stuck) and mapped them to the docker container (a very critical step). Now I can also log in to the self-built Grist by using SAML.
The package grist-omnibus is user friendly where Google is not blocked. A good one for first-time self-hosters. One suggestion I have is to remove the A-Z in the TEAM for clarity: GitHub - gristlabs/grist-omnibus: an opinionated Grist+Dex+Traefik package for first-time self-hosters.
Thanks again for your time and patience in solving my problem. I learned a lot about SAML and container while solving the problem. I can use Grist to manage data now. 
Have a nice day! 