Skip to content
View in the app

A better way to browse. Learn more.

Unraid

A full-screen app on your home screen with push notifications, badges and more.

To install this app on iOS and iPadOS
  1. Tap the Share icon in Safari
  2. Scroll the menu and tap Add to Home Screen.
  3. Tap Add in the top-right corner.
To install this app on Android
  1. Tap the 3-dot menu (⋮) in the top-right corner of the browser.
  2. Tap Add to Home screen or Install app.
  3. Confirm by tapping Install.

Jellyfin with Authentik SSO via Swag (ngnix)

Featured Replies

  • Community Expert

So I got the Authentik and Worker dockers configured, and I have successfully setup SSO for Immich docker app with Swag ngnx.

However, when I try to follow the same methodology for Jellyfin using the jellyfin plug-in SSO-auth, I get request URI error from Authentik when trying to log in with openid.

I also tried the jellyfin Ldap plug-in and I keep getting connection refused on Port 636 or 389 in the Jellyfin logs when testing within the plug-in setting. Also, it appears that the authentic docker does not have the host to contain a port mapping for 636 or 6636. When I try to add the host to container Port mapping in the docker, the container Port field is missing from the form.

I prefer to use the SSO-auth plugin method (oicd), but I need help figuring out why I keep getting the request URI error. I do have the proper request URI added in the Authentik provider for Jellyfin...

All my docker apps that will be handled by Authentik for SSO are reverse proxied with Swag and (ngnix).

Any help or guidance would be greatly appreciated.

Edited by gurulee

Solved by gurulee

  • 3 weeks later...
  • Author
  • Community Expert

I would like to share my progress and an update on this. I went back to the Jellyfin 'sso-auth' plugin instead of the LDAP plugin.

Login with SSO from Jellyfin using Authentik now works!

Next step is to enforce only SSO logins from Jellyfin by disabling local logins.

My plan is to configure:

  1. Jellyfin SSO-Auth (completed)

  2. Hide the password login UI

  3. Use SWAG (NGINX) to redirect all login attempts to Authentik’s SSO endpoint.

Stay tuned...

Edited by gurulee

  • gurulee changed the title to Jellyfin with Authentik SSO via Swag (ngnix)
  • Author
  • Community Expert
  • Solution

I was able to enforce login with SSO (Authentik) and disable Jellyfin manual login, and hide forgot password using this Jellyfin custom CSS code under Branding:

a.raised.emby-button {

padding: 0.9em 1em;

color: inherit !important;

}

.disclaimerContainer {

display: block;

}

/* Hide manual login form */

.manualLoginForm {

display: none !important;

}

/* Hide 'Forgot password' button */

.btnForgotPassword {

display: none !important;

}

====

I did not need to use Authentik include or explicit location blocks in my Swag / NGNIX subdomain conf file.

Edited by gurulee

  • Author
  • Community Expert

I also forced the Jellyfin login page to redirect to Authentik for authentication using Swag / NGINX with this in my jellyfin.subdomain.conf file:

# --- Force SSO on login page ---
location = /web/ {

return 302 https://your-jellyfin-domain/sso/OID/start/authentik;

}

  • 3 weeks later...
On 7/16/2025 at 11:45 AM, gurulee said:

I would like to share my progress and an update on this. I went back to the Jellyfin 'sso-auth' plugin instead of the LDAP plugin.

Login with SSO from Jellyfin using Authentik now works!

Next step is to enforce only SSO logins from Jellyfin by disabling local logins.

My plan is to configure:

  1. Jellyfin SSO-Auth (completed)

  2. Hide the password login UI

  3. Use SWAG (NGINX) to redirect all login attempts to Authentik’s SSO endpoint.

Stay tuned...

Hello. I am sorry for necroposting... How did you solve the URI error from Authentik when using the sso-auth plugin?

  • Author
  • Community Expert

@Juancamiloso this is what works for me in Authentik:

Redirect URIs

strict: https://jellyfin.mydomain.com/sso/OID/r/authentik

strict: https://jellyfin.mydomain.com/sso/OID/redirect/authentik

Edited by gurulee

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

Account

Navigation

Search

Search

Configure browser push notifications

Chrome (Android)
  1. Tap the lock icon next to the address bar.
  2. Tap Permissions → Notifications.
  3. Adjust your preference.
Chrome (Desktop)
  1. Click the padlock icon in the address bar.
  2. Select Site settings.
  3. Find Notifications and adjust your preference.