September 3, 20241 yr Currently the only way to access the WebUI is through username and password. A lot of users have some sort of an external authentication and authorization mechanisms such as authelia, authentik, keycloak, and so on. Would it be possible to implement an external authentication provider option, for example: - As a user I want to authenticate with the system via a configurable header. - use case: Depending on the value of a specific header that is passed via a reverse proxy, for example `x-username` unraid would allow login - fallback to the default username and password screen should the header be missing - As a user I want to authenticate with the system via OIDC - this is a step up in security and harder to implement, but the standards are higher in the modern age And so on and so forth. The header approach is easiest to implement and allows better security, for example - I enforce MFA and passkeys whereever possible, instead of the plain old username and password approach.
September 6, 20241 yr I've got no idea how this needs to be implemented, but if it were possible to sign-on with one of the above-mentioned auth services, then be able to access secure dockers without authenticating again, that would be fantastic. I've already got plans to roll out Authentik or at the very least Authelia on my systems to complement the reverse proxy and secure transport. Edited September 6, 20241 yr by Espressomatic
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.