View Single Post
Old 01-03-2025, 10:36 PM   #3
jgoguen
Generally Awesome Person
jgoguen ought to be getting tired of karma fortunes by now.jgoguen ought to be getting tired of karma fortunes by now.jgoguen ought to be getting tired of karma fortunes by now.jgoguen ought to be getting tired of karma fortunes by now.jgoguen ought to be getting tired of karma fortunes by now.jgoguen ought to be getting tired of karma fortunes by now.jgoguen ought to be getting tired of karma fortunes by now.jgoguen ought to be getting tired of karma fortunes by now.jgoguen ought to be getting tired of karma fortunes by now.jgoguen ought to be getting tired of karma fortunes by now.jgoguen ought to be getting tired of karma fortunes by now.
 
Posts: 1,100
Karma: 2191133
Join Date: Jan 2013
Location: /dev/kmem
Device: Kobo Clara HD, Kindle Oasis
That needs the Authorization header, but there isn't a safe way to get the password (or any user-specific secret) to generate the Authorization header in the SSO auth flow. Or, at least, the part of the flow I can actually access and set headers in, in the front-end Caddy server acting as the reverse proxy.

Authelia devs have been pretty clear that they have no intention to add a way to send an Authorization header generated from the user's actual credentials, but they might be open to considering an implementation where Authelia generates the password to set in the back-end service. But I wouldn't hold my breath waiting for that to happen. Caddy can set any header, including Authorization, but to generate one based on user-specific details not present in the HTTP request itself (or to take "user:static_password" and Base64-encode it) isn't available in Caddy configs.
jgoguen is offline   Reply With Quote