[FEATURE_REQUEST] Add Header Authentication #981
Description
Is your feature request related to a problem? If so, please describe.
Currently the only authentication options are Keycloak and inbuilt auth. I use Authelia to manage my SSO, which supports passing user/group info through to the reverse proxied app. There are also other apps out there that can pass in user/group info in a similar way.
Describe the solution you'd like
I see this providing the same functionality as the current Keycloak auth, just grabbing the user/group info from headers passed via the proxy instead of interrogating Keycloak.
appConfig.auth (optional)
| Field | Type | Required | Description |
|---|---|---|---|
enableHeaderAuth |
boolean |
Optional | If set to true enable Header Authentication. See appConfig.auth.headerAuth. |
appConfig.auth.headerAuth (optional)
| Field | Type | Required | Description |
|---|---|---|---|
userHeader |
string |
Optional | Header name which contains username (default: X-Forwarded-User) |
groupHeader |
string |
Optional | Header name which contains group info (default: X-Forwarded-Groups) |
proxyWhitelist |
array |
Required | Upstream proxy servers to expect authenticated requests from. |
From here it could use the already existing hideForUsers and showForUsers config, but given that Keycloak has them split out I'm not sure how feasible it is. Could also extend the displayData options to have hideForGroup and showForGroup for extra configurability.
Priority
Medium (Would be very useful)
Is this something you would be keen to implement
No