Hi!
Given that home assistant is meant to be the single source of truth for a home, perhaps it’s time we thought about making authentication a first class citizen?
LDAP is the standard “user” database, and enabling LDAP would allow such magic as SSO, two factor, adding other applications/platforms in, etc.
Additionally, something like Authelia, which can either be deployed as a static binary or as a docker image, could handle all of the web based auth.
With the add-ons, I have a username/password combo for:
nginx proxy manager
deconz
unifi controller
node-red
adguard
It’s a lot, and I think Authelia, correctly configured, could manage almost all of that authentication.
Heck, we could even use Vouch and authenticate directly against Home Assistant.
Having a standard “auth” platform would enable add-ons to be much more smoothly integrated to Home Assistant, opening up a plethora of potential features and functionality.
Essentially, it’s a tiny proxy that uses an identity provider to allow or deny requests. Could be put in front of all ingress and use the home assistant identity provider to permit access to add-ons, etc.
this is something I’d like to see too, but it appears that the lead developer of HomeAssistant themselves doesn’t see this as a worthwile idea; LDAP is for “advanced users”, according to someone I know who’s talked about it with them. Well, if we weren’t advanced, highly technical users to begin with, we’d not be deploying something like this. Trust me. I have parents who are such luddites that it’s not even funny.