Im trying to grant local access to HA without requiring a password, while still requiring a password when accessing HA externally. Every time I put this in the configuration under homeassistant I get locked out and have to comment out this section in the conifguration yaml through ssh. Then manually power cycle the pi.
I read the trusted networks docs but I’m not sure why this isnt working. Any ideas?
The indenting in the top post is totally stuffed. Can you post your config? It works perfectly for me and I even added the trusted_users in 0.91 and that works great as well…
Not sure if you resolved your issues, but I found this issue was related to loading packages. I’m on .93, and use packages to load my integrations. When I tried to load auth_providers from the homeassistant file in my Integrations folder, it would not work. When I put the auth_providers section into my main configuration.yaml file, it works perfectly.
My best guess is it has something to do with auth_providers loading before packages. There was a similar issue with the old api_password feature.
Sorry to bring up an old thread but I thought it was better than creating a new one on the same topic.
I had my HassIO install IP ban itself today (127.0.0.1) so I thought I’d try to prevent this…but then I broke the UI and don’t understand why.
I removed the IP ban from ip_bans.yaml and then added the following ‘auth_providers’ section to my config, restarted HA. HA restarted (I got a push notification as per one of my automations) but I can’t get to the GUI. What is wrong with my config here?
…although I’m not really sure what cors_allowed_origins does or if I need it there…
If someone can please let me know how to fix the GUI and prevent further self banning, that would be awesome.
EDIT: so last night I commented out the auth_providers code and restarted HA, GUI is happy again. My question still remains, why is the above code causing issues?
when I comment the - type: legacy_api_password everything was fine. But after un commented the line, the GUI is not loading and when I opened the Home Assistant log text file in /config folder, shows these lines,
2019-07-17 16:50:34 ERROR (MainThread) [homeassistant.auth.providers] Invalid configuration for auth provider legacy_api_password: required key not provided @ data[‘api_password’]. Got None
2019-07-17 16:50:37 ERROR (MainThread) [homeassistant.config] Invalid config for [homeassistant]: required key not provided @ data[‘api_password’]. Got None. (See /config/configuration.yaml, line 1).
2019-07-17 16:50:37 ERROR (MainThread) [homeassistant.core] Error doing job: Task exception was never retrieved
I have api_password in secret file that was valid in earlier versions before using auth_providers. Can someone able to tell me what mistake I did?
probably it is because api_password is deprecated from .96. If you have a version greater or equal to that, then you need to choose a different auth provider.
found it. previously the api_password: !secret http_password was present in both auth_providers: and http: sections. I removed the line in http: section and issue resolved.
I am also unable to make this work even though everything seems to look right to me. The first half of the logs is me trying to reach the UI through my external domain using hairpin-NAT on the LAN, that’s why the source appears to be my router. The second half of the logs is me going directly to the port that Home-Assistant is running on, thus the source is the IP of my computer. I am running Home-Assistant using Docker with networking set to “host” so it is directly bound to the port on my servers NIC, no docker port mapping stuff.
The login page just says my computer is not allowed when I try to do local network login.
I have the following configuration:
homeassistant:
# Name of the location where Home Assistant is running
name: redacted
# Location required to calculate the time the sun rises and sets
latitude: !secret loc_lat
longitude: !secret loc_lon
# Impacts weather/sunrise data (altitude above sea level in meters)
elevation: 35
# metric for Metric, imperial for Imperial
unit_system: metric
# Pick yours from here: http://en.wikipedia.org/wiki/List_of_tz_database_time_zones
time_zone: Europe/Stockholm
# Auth stuff
auth_providers:
- type: homeassistant
- type: trusted_networks
trusted_networks:
- 192.168.0.0/16
- 172.16.0.0/12
- 127.0.0.1
# URL
external_url: https://redacted.tld
internal_url: http://192.168.11.31:8123
# Customization stuffs
customize: !include customize.yaml
# web ui and auth stuff
http:
use_x_forwarded_for: true
trusted_proxies:
- 192.168.0.0/16
- 172.16.0.0/12
- 127.0.0.1
# logging
logger:
default: critical
logs:
homeassistant.components.http: debug
The logs say this:
[14:42:53] INFO: Home Assistant Core finish process exit code 100
2022-08-23 14:42:54.587 INFO (MainThread) [homeassistant.components.http] Now listening on port 8123
2022-08-23 14:42:56.558 DEBUG (MainThread) [homeassistant.components.http.view] Serving /api/websocket to 192.168.11.1 (auth: False)
2022-08-23 14:42:57.319 DEBUG (MainThread) [homeassistant.components.http.view] Serving /api/websocket to 192.168.11.1 (auth: False)
2022-08-23 14:43:01.705 DEBUG (MainThread) [homeassistant.components.http.view] Serving /auth/providers to 192.168.11.1 (auth: False)
2022-08-23 14:43:01.805 DEBUG (MainThread) [homeassistant.components.http.view] Serving /auth/login_flow to 192.168.11.1 (auth: False)
2022-08-23 14:43:03.027 DEBUG (MainThread) [homeassistant.components.http.view] Serving /auth/login_flow/6069e06d0e451eb8bef459573ab06bfb to 192.168.11.1 (auth: False)
2022-08-23 14:43:03.034 DEBUG (MainThread) [homeassistant.components.http.view] Serving /auth/login_flow to 192.168.11.1 (auth: False)
2022-08-23 14:43:07.631 DEBUG (MainThread) [homeassistant.components.http.view] Serving /api/websocket to 192.168.11.1 (auth: False)
2022-08-23 14:43:23.169 DEBUG (MainThread) [homeassistant.components.http.view] Serving /auth/providers to 192.168.11.30 (auth: False)
2022-08-23 14:43:23.301 DEBUG (MainThread) [homeassistant.components.http.view] Serving /auth/login_flow to 192.168.11.30 (auth: False)
2022-08-23 14:43:24.703 DEBUG (MainThread) [homeassistant.components.http.view] Serving /auth/login_flow/22bb924caae31cc9c94dec75bc1fa4d5 to 192.168.11.30 (auth: False)
2022-08-23 14:43:24.708 DEBUG (MainThread) [homeassistant.components.http.view] Serving /auth/login_flow to 192.168.11.30 (auth: False)
In case anyone is wondering, local LAN logins seem to work fine. It’s just not very obvious what to click on to do it. There’s this kind of hidden link below the login form -
I am having a similar issue now while trying to remove the login screen for local users. I have only setup trusted_networks as auth_providers and not homeassistant, so the login screen doesn´t appear, and it is actually working fine for new devices, but for devices that have logged in before I made the change, I get the error “No auth providers returned. Unable to finish login.”:
Which is fixed after cleaning the cookies of the browser and retrying, so it seems the cookies store some value that is not valid after removing homeassistant from the auth_providers, but it is pretty anoying as I need to clean the cookies in all the devices of the family, is there any way to avoid this error from HA itself that doesn´t include deleting the cookies from the browser?
