crater icon indicating copy to clipboard operation
crater copied to clipboard

Published 20 hours ago verified publisher icon crater-invoice

SSO Support (eg, Authelia)

Open fukawi2 opened this issue 3 years ago • 3 comments

It would be great if support for SSO (eg, via Authelia)

When using Authelia via a reverse proxy, the authenticated username, email, name and groups are passed via HTTP headers:

  • Remote-User
  • Remote-Name
  • Remote-Email
  • Remote-Groups

See these docs for full information: https://www.authelia.com/docs/deployment/supported-proxies/

A couple of examples for how other projects implement support:

fukawi2 avatar Aug 02 '21 07:08 fukawi2

I feel like SAML or OAUTH2 / OPENID would be the better option.

troubleshootme avatar Jun 02 '22 22:06 troubleshootme

@troubleshootme these are just concrete SSO protocols ;) yes, OpenID Connect is the modern flexible standard to use here, though LDAP might also be sensible to sync customer information.

xeruf avatar Sep 20 '22 22:09 xeruf

@troubleshootme these are just concrete SSO protocols ;) yes, OpenID Connect is the modern flexible standard to use here, though LDAP might also be sensible to sync customer information.

Another approach to syncing is SCIM. It's only few endpoints to implements, and then the identity provider can push changes directly. OpenID Connect + SCIM is a neat combo.

hrenard avatar Sep 22 '22 07:09 hrenard

If this app gets open-source LDAP or OAuth support before Akaunting, it will have an indisputable competitive edge.

ScionOfDesign avatar Oct 04 '22 11:10 ScionOfDesign