Currently the built-in authentication providers are basically:
- trusted networks (with user selection, or auto-login)
- homeassistant user database (with the normal login prompt)
My Home Assistant setup can be reached locally (by both trusted and untrusted devices on the network), but it can be also reached via trusted reverse proxy which has authentication for the traffic.
Due to that, it would be nice if I could configure ‘trusted proxy’ type of authentication, which would mean only that I require for that to be used via the http.trusted_proxies
. Whether this would be just variation of trusted networks, or something new, I don’t really care.
This is a simpler solution to more painful aspect of wanting to do proper SSO; there are solutions to this, e.g. Example SSO with Authelia and Home Assistant, but that looks like overkill for basic use case where we don’t really care about user which accesses HASS, just that the user of the proxy is validated.