Hi all.
I am trying to get SSO through authentik working and I think I ran into a common issue that is also mentioned in the authentik documentation for home assistant:
Only prefixes starting with
/auth
need to be proxied (excluding prefixes starting with/auth/token
)
My logs show that home assistant succesfully connects to authentik and identifies the users, but then ends with this warning:
…
2025-02-03 18:24:42.233 DEBUG (MainThread) [custom_components.auth_header] Got actual IP 10.12.22.322025-02-03 18:24:42.233 DEBUG (MainThread) [custom_components.auth_header.headers] Validating access for IP: 10.12.22.32
2025-02-03 18:24:42.233 DEBUG (MainThread) [custom_components.auth_header.headers] Checking user: My Name
2025-02-03 18:24:42.233 DEBUG (MainThread) [custom_components.auth_header.headers] Found username in credentials: max
2025-02-03 18:24:42.233 DEBUG (MainThread) [custom_components.auth_header.headers] Username match found, finishing login flow
2025-02-03 18:24:45.449 WARNING (MainThread) [homeassistant.components.http.ban] Login attempt or request with invalid authentication from nginxproxymanager.lan (10.12.22.32). Requested URL: ‘/auth/token’. …
I tried several ways to fix it. E.g. adding ^/auth/token.*
to the unauthorized path section in authentik, amongst other paths mentioned in this thread
Has anyone got it working? I could need some help. It`s so frustrating…
HA 2025.1.4
Nginx Proxy Manager:latest
Authentik:latest