August 27, 2025Aug 27 I just discovered the OIDC login features. Is there a way to completely disable the User/Password login when a OIDC provider is configured? As an extra, just disable it on specific IP-Ranges?
September 3, 2025Sep 3 Same question here. It makes little sense to have OIDC if my frontend is still able to be bruteforced. Spinning up some container proxy just to regulate access to unraid with ANOTHER layer of OIDC just feels dumb when a "only allow password login from these IP-Ranges" could literally solve this.
September 4, 2025Sep 4 100% heard and understood. We're hesitant to restrict this for 7.2 but will likely improve this in 7.3 (and future Connect plugin releases before 7.3 stable). If you have a specific request related to this, please submit a feature request on the Unraid API Github (https://github.com/unraid/api). Thanks so much for bringing this up and please keep suggesting features! We're doing our best to build the stuff you guys are asking for!
September 4, 2025Sep 4 Just my two cents, I'd like a whitelist and a blacklist of client IPs where I can/can't see the username/password prompt.The main way I'd use this is to just whitelist my local and VPN subnets so I can get in on my own network should my OIDC be down, while everywhere else would only see the OIDC providers.Another way that may be easier or require less config, would be to restrict it by url. I have a reverse proxy and domain, so I'd preferably only like to see the OIDC when accessing from there, but would still like to see the username/password field if accessing Unraid through the IP address.It would also be sweet to have auto-signin if I'm already signed in with my OIDC provider.
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.