trustchain-oc1-orchestral/authentik
Archived
10
0
Fork 0
Code Issues Pull requests Packages Projects Releases Wiki Activity
This repository has been archived on 2024-05-31. You can view files and clone it, but cannot push or open issues or pull requests.
authentik/website/integrations/services/home-assistant/index.md
Jens L cd12e177ea
providers/proxy: add initial header token auth (#4421) 
* initial implementation

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* check for openid/profile claims

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* include jwks sources in proxy provider

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* add web ui for jwks

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* only show sources with JWKS data configured

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* fix introspection tests

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* start basic

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* add basic auth

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* add docs, update admonitions

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* add client_id to api, add tab for auth

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* update locale

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-01-13 16:22:03 +01:00

2.3 KiB
Raw Blame History

title
Home-Assistant

Support level: Community

What is Home-Assistant

From https://www.home-assistant.io/

:::note Open source home automation that puts local control and privacy first. Powered by a worldwide community of tinkerers and DIY enthusiasts. Perfect to run on a Raspberry Pi or a local server. :::

:::caution You might run into CSRF errors, this is caused by a technology Home-assistant uses and not authentik, see this GitHub issue. :::

Preparation

The following placeholders will be used:

  • hass.company is the FQDN of the Home-Assistant install.
  • authentik.company is the FQDN of the authentik install.

Home-Assistant

This guide requires https://github.com/BeryJu/hass-auth-header, which can be installed as described in the Readme.

Afterwards, make sure the trusted_proxies setting contains the IP(s) of the Host(s) authentik is running on.

Use this configuration to match on the user's authentik username.

auth_header:
    username_header: X-authentik-username

If this is not the case, you can simply add an additional header for your user, which contains the Home-Assistant Name and authenticate based on that.

For example add this to your user's properties and set the Header to X-ak-hass-user.

additionalHeaders:
    X-ak-hass-user: some other name

authentik

Create a Proxy Provider with the following values

  • Internal host

    If Home-Assistant is running in docker, and you're deploying the authentik proxy on the same host, set the value to http://homeassistant:8123, where Home-Assistant is the name of your container.

    If Home-Assistant is running on a different server than where you are deploying the authentik proxy, set the value to http://hass.company:8123.

  • External host

    Set this to the external URL you will be accessing Home-Assistant from.

Create an application in authentik and select the provider you've created above.

Deployment

Create an outpost deployment for the provider you've created above, as described here. Deploy this Outpost either on the same host or a different host that can access Home-Assistant.

The outpost will connect to authentik and configure itself.