You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
When self-hosting multiple applications, you really want to have a single point for user management and authentication. It is annoying to login to each and every app seperately.
A pretty simple way to centralize authentication is achieved by deploying apps behind a reverse proxy, and use proxy auth. The proxy handles authentication in some way and sets http headers containing the username that was successfully logged-in. The apps read the headers and associate incoming requests to that user.
The perfect proxy auth feature for me would work like this:
Start the app with additional environment variables:
containing the name of the initial admin user (e.g. admin=admin_user)
enabling proxy auth (e.g. proxy_auth=true)
setting the key of the http header that contains the username (e.g. auth_header=X-Authenticated-User)
Configure the reverse proxy to authenticate incoming requests in any way you like.
Let the reverse proxy set X-Authenticated-User to the authenticated username on every request.
The app treats the requests as if they belong to the appropriate user session.
Bonus: if the app does not know the username, it creates a new user with that name.
Other SSO methods like OIDC still require the user to login with each app, even it no credentials are required. It is still an additional step that is unneeded and hurting the user experience.
Additional context:
I am using the app for this product. Since this is a single-user platform, users really should see no login screen at all, not even for SSO.
The text was updated successfully, but these errors were encountered:
When self-hosting multiple applications, you really want to have a single point for user management and authentication. It is annoying to login to each and every app seperately.
A pretty simple way to centralize authentication is achieved by deploying apps behind a reverse proxy, and use proxy auth. The proxy handles authentication in some way and sets http headers containing the username that was successfully logged-in. The apps read the headers and associate incoming requests to that user.
The perfect proxy auth feature for me would work like this:
Other SSO methods like OIDC still require the user to login with each app, even it no credentials are required. It is still an additional step that is unneeded and hurting the user experience.
Additional context:
I am using the app for this product. Since this is a single-user platform, users really should see no login screen at all, not even for SSO.
The text was updated successfully, but these errors were encountered: