Iâve just tried the trusted network auth, and if I have only ONE account set and I come from the right subnet, then it doesnât ask to select a user ? Itâs just like you donât have the auth.
Network can be entered as a single IP or a subnet mask.
Maybe the syntax could be enhanced, so that if they are several users defined, then we could force a user for each trusted network.
What I have in mind comes from what I expect to do : have a wall mounted tablet (or several) in the home, in a specific VLAN (in which I have the security cameras, the IoT thingsâŚ), would have options for a standard user. If I connect from a browser, coming from the standard user network, Iâll have a full option account.
And if I connect from the server VLAN (in which I have the VPN server), then I want to be admin.
Config, please? I have trusted networt auth and only one account and it does ask to select a user. Everytime I open the UI in Firefox and even when I reload (Ctrl-r) the page. My browser is configured to only allow session cookies, they get purged once the browser closes. With my mobile, where programs never really stop, the selected user persists among various sessions.
Iâm not sure the number of persons at home has to imply the number of accounts.
We are 5.
Kid would share an account. Parents another. I wish, based on the auth, that the interface would change.
An admin account for all access, including maintenance.
And maybe a guest account so that when I have family at home, they can set things in an obvious way.
And maybe some other 5 members family will like a one account setup.
You keep mentioning cookies but we donât use cookies to store auth we use local storage. But yeah, if you keep clearing all your browser settings, itâs up to yourself to deal with that.
We donât automatically select a user with trusted networks because it means a malicious website can link to your authorize page, it will automatically pick your user and then redirect back to malicious website with a refresh token.
I connect with Firefox, I keep cookies in the standard interface but I use âcookie autodeleteâ, my server is not in the white list.
If I donât use the network trusted auth, it even asks for a password everytime I restart the browser. Linux, W10 or mobile browser.
You are probably right, unfortunately there is no option in Firefox 62 to differ cookies from local storage. The appropriate setting (âPrivacy & Securityâ) reads âAccept cookies and website-data (recommended)â and âKeep, until Firefox is closedâ
I somebody knowâs a more fine-grained setting, please let me know.
Looks similar to mine, but I am not at home currently and (as I am obviously unfamiliar with security) my HA installation is not exposed to the internet. Will check as soon as possible.
Is it safe to assume the new Auth system will one day allow HASS to know if an external(outside hass) source or unknown source changed a state? For example if someone turned on a light via a switch on the wall vs an automation or UI doing so?
Ah that makes sense why we have different behavior then !
Cookies Autodelete handles the local storage too, using the same whitelistâŚ
But FF has a limitation about site with local storage but no cookie.
I donât delete cookies neither local storage from standard FF options, but using the add-on instead. @m0wlheld : you should try with an add-on and see if it works.
As Iâm home, I found out the behavior of trusted networks auth not to be as expected : if youâre out of a trusted network, then you wonât be able to log in at all. I was expecting it to fall back to user/password.
I revert to standard !
@Mister_Slowhand I checked my configuration and it looks similar to yours. I do have trusted_networks authentication enabled (as only auth) and trusted_networks matches localhost and my private home network. Additionally, since my Home Assistant installation is proxied by an nginx server on the same host, I have trusted_proxies set to localhost, too. Still - selecting the only defined user upon initial UI call or on page reload is required.
Iâve even put the HA host on FFâs whitelist, but that does not save the âloginâ either. Using the âDaten verwaltenâŚâ button from the dialog above, no data (cookies or âWebsitedatenâ) is stored for the HA host.
Sure. Everytime after login. And yes - I did click the âyesâ button. If it helps, I could watch the request/response headers to check whatâs going on. What should I look for?
My HA wouldnât load back up tonight after a restart (Hassio) so I saved my files deleted the SD card and formatted then used etcher. After putting my as card back in my Pi the HA screen comes on and says it will take 20mins after that it asks for a user name and password. But it hasnât loaded again it just spins. Is there something Iâm missing?
Okay, my bad. I had to put the HA host on Firefoxâs whitelist incl. the protocol (http://) to make local storage (and cookies) persist. Once done, I donât need to select a user upon opening the HA site or reloading it.
Next: Add this setting to the 3 other in-house PCs for each of the 4 Windows accounts âŚ
Why 4 accounts per PC if everything (like controlling the house) is shared on a family-based trust-level?
(Please donât take my statement too seriously, Iâm just teasing. Of course on the PCs everybody has their personal data.)