That needs the Authorization header, but there isn't a safe way to get the password (or any user-specific secret) to generate the Authorization header in the SSO auth flow. Or, at least, the part of the flow I can actually access and set headers in, in the front-end Caddy server acting as the reverse proxy.
Authelia devs have been pretty clear that they have no intention to add a way to send an Authorization header generated from the user's actual credentials, but they might be open to considering an implementation where Authelia generates the password to set in the back-end service. But I wouldn't hold my breath waiting for that to happen. Caddy can set any header, including Authorization, but to generate one based on user-specific details not present in the HTTP request itself (or to take "user:static_password" and Base64-encode it) isn't available in Caddy configs.
|