Indeed. What’s more appalling is that there are contributions in this feature request, only for it to be turned down. I do hope this gets more attention.
4 Likes
Also baffled by the resistence to this feature. Home Assistant has no reason to be a special security snowflake.
3 Likes
Just my five cents, but I don’t want to manage auth in Home Assistant at all, I want to keep all authn and authz to my dedicated solution for authentication and authorization.
Not everyone is running an enterprise grade home lab, but it would be nice to in HA have integrated:
- passkey support
- with some smart check that you have a proper dns-name configured, else the technically unaware user is going to run into trouble later on
- passwordless login as well
- if you want more fine grained control, lets say webauthn attestation verifications, run your own authentication
- this is enough for “most people”
- external auth support
- OIDC preferably
- SAML works but is cumbersome in comparison
- external provisioning support
- there are cases for enterprise-grade scenarios where “provision at log on” is lacking, i.e. creating a user when first authenticated through OIDC, such as user removal
- preferably SCIM
- LDAP works, but the world would be a better place with less LDAP in it
Currently I’m running several Home Assistant instances, where those who need third party auth are going through apache for ssl-termination and auth (I think I’m using GitHub - OpenIDC/mod_auth_openidc: OpenID Certified™ OpenID Connect Relying Party implementation for Apache HTTP Server 2.x), and Home Assistant blindly trusting all http-sessions that come through.
1 Like