• Stars
    star
    172
  • Rank 221,201 (Top 5 %)
  • Language
    Python
  • License
    GNU General Publi...
  • Created about 4 years ago
  • Updated about 1 year ago

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

Home Assistant custom component, which allows you to delegate authentication to a reverse proxy.

Header Auth for Home Assistant

This custom component allows you to delegate authentication to a reverse proxy.

This integrations checks the value of a configured header and authenticates based on its value. The value of the header is checked against usernames AND full names. Users have to be created in Home Assistant by hand.

Use with caution. If misconfigured, this can lead to a Home Assistant instance that anyone can access

Installation

Add this repository to HACS.

Update your configuration.yaml file with

http:
    use_x_forwarded_for: true
    trusted_proxies:
        - 1.2.3.4/32 # This needs to be set to the IP of your reverse proxy
auth_header:
    # Optionally set this if you're not using authentik proxy or oauth2_proxy
    # username_header: X-Forwarded-Preferred-Username
    # Optionally enable debug mode to see the headers Home-Assistant gets
    # debug: false
# Optionally, if something is not working right, add this block below to get more information
logger:
    default: info
    logs:
        custom_components.auth_header: debug

Afterwards, restart Home Assistant.

CSRF Errors when used with oauth2_proxy or authentik

See goauthentik/authentik#884 (comment)

How it works

On boot, two main things are done when the integration is enabled:

  1. The default LoginFlowIndexView view is replaced. This view is called when you submit the login form. The replacement for this view, RequestLoginFlowResourceView, simply adds the HTTP Request to the context. This context is passed to authentication Providers.

    Normally the Request is not included, as none of the providers require it.

  2. The Header Authentication Provider is injected into the providers, before the other authentication providers.

    This ensures that Header auth is tried first, and if it fails the user can still use username/password.

Help! Everything is broken!

If anything goes wrong or Home Assistant fails to load the component correctly, simply remove the auth_header block from your configuration file and restart HASS.

More Repositories

1

korb

Move Kubernetes PVCs between Storage Classes and Namespaces
Go
316
star
2

gravity

Fully-replicated DNS and DHCP Server with ad-blocking powered by etcd
Go
312
star
3

dark-vcenter

Dark CSS Theme for vCenter's HTML5 Client
CSS
49
star
4

oidc-test-client

OIDC Client for end-to-end and unittesting
Go
25
star
5

infrastructure

Ansible playbooks and Terraform code for my environment and infrastructure.
HCL
22
star
6

hass-ticktick

Home Assistant Integration for TickTick
Python
17
star
7

k8s

Flux repository for my K8s clusters
Mustache
16
star
8

imagik

Pyazo, but fast. Small, compact file-server.
Go
14
star
9

acme-for-appliances

ACME Support for appliances that don't natively support it, like vCenter and Netscaler.
Go
12
star
10

saml-test-sp

SAML Service Provider for end-to-end and unittesting
Go
9
star
11

dotfiles

Shell
7
star
12

terraform-provider-gravity

Terraform provider for https://gravity.beryju.io
Go
5
star
13

veeam_exporter

Prometheus exporter for Veeam Backup&Replication
PowerShell
5
star
14

pyazo

ARCHIVED, use https://github.com/BeryJu/imagik. Self-hosted Image/gif/mp4/webm Hosting.
Python
4
star
15

sensors.js

NodeJS Parser for lm-sensors
JavaScript
3
star
16

terraform-kube-prom-stack-dashboards

Dashboards from https://github.com/prometheus-community/helm-charts/tree/main/charts/kube-prometheus-stack, as raw JSON
HCL
3
star
17

beryju.io

Source for beryju.io
JavaScript
2
star
18

one-influxdb

Write OpenNebula Performance data into InfluxDB to create beautiful graphs.
Python
2
star
19

oauth1-test-server

OAuth 1 Server for end-to-end and unit-testing
Python
2
star
20

distribution-oauth

OAuth 2 support for https://github.com/distribution/distribution
Go
2
star
21

BeryJu

1
star
22

pyscim

Python
1
star
23

test-samba-dc

Samba AD DC container, for testing
Shell
1
star
24

p2

p2 is an open-source Object Storage Server, focused on simple and quick sharing. It allows you to quickly share files with people. It also offers an S3-Compatible API, which allows you to easily integrate other software with p2.
JavaScript
1
star