SSO/LDAP for authentication

Hi!
Given that home assistant is meant to be the single source of truth for a home, perhaps it’s time we thought about making authentication a first class citizen?

LDAP is the standard “user” database, and enabling LDAP would allow such magic as SSO, two factor, adding other applications/platforms in, etc.

Additionally, something like Authelia, which can either be deployed as a static binary or as a docker image, could handle all of the web based auth.

With the add-ons, I have a username/password combo for:

• nginx proxy manager
• deconz
• unifi controller
• node-red
• adguard

It’s a lot, and I think Authelia, correctly configured, could manage almost all of that authentication.

Heck, we could even use Vouch and authenticate directly against Home Assistant.

I know we have gone over this before

Having a standard “auth” platform would enable add-ons to be much more smoothly integrated to Home Assistant, opening up a plethora of potential features and functionality.

Thanks!

I will appreciate ldap authentication for home-assistant.
I’m already using keycloack for some service.

This could be an interesting option:

Essentially, it’s a tiny proxy that uses an identity provider to allow or deny requests. Could be put in front of all ingress and use the home assistant identity provider to permit access to add-ons, etc.

Small, single binary, lots to like about it.

Edit:
Another option in the same vein: https://github.com/pomerium/pomerium

Did you ever get this to work?

Ive been looking how to do it with vouch.

If you have tips, let me know

Nope. Sorry!

ive been trying to break my head on using CORS, at least for HASS, but that is a sticky one too: