+4

[Feature Request] SSO with auth-proxy

RG9400 4 years ago 0

I have my user register upstream on my domain via Organizr, and I am able to float their usernames and emails via headers after authentication using my reverse proxy (NGINX). It would be helpful if there was a way to authenticate using these headers if so configured, i.e. toggle to allow authentication via proxy and define which headers to use for which fields. It would prevent the need for each user to have to sign in at multiple places (Organizr and Ubooquity). A further enhancement could be to use the headers + some default permissions/roles to auto register users if they are not already found in the DB. 


Auth-Proxy is flexible because it can basically be used with any external authentication handler. For example, this feature could be a nice accompaniment or middle ground for LDAP authentication. It is a decent way to get SSO set up for Ubooquity. 

More and more services are using this authentication method including Calibre-Web. I have highlighted Grafana's implementation as an example below which is very robust. 

https://grafana.com/docs/grafana/latest/auth/auth-proxy/