Add option/environment var to disable auth about swirl HOT 10 OPEN

Wouldn't only apply to Authelia. But every reverse proxy setup which forwards authentication or uses SSO. May it use barebones NGINX or a solution like Traefik using a middleware. I've tried simply passing an Auth header to Swirl using a Traefik middleware but had very mixed results as even when the header is sent with either the response or request header it still tends to redirect to the login or incorrectly display information on pages or other UI issues Client Side. It would be great if Auth could fully be disabled or if another way of bypassing auth would be provided.

from swirl.

We have swirl behind an AWS LB that authenticates the user but doesn't give us any option for setting headers (beyond the standard X-Forwarded).
I'd like swirl to either support OAuth or to have auth disabled.
I don't want my users making any changes via swirl, so it would make me happy if the auth-less version was strictly read-only.

from swirl.

You can create an administrator account first, and then create a token for this user to use Swirl with token authentication. See: Deploy service with Swirl

from swirl.

To be honest I'd also like to see something like this. In an ideal world auth is configurable between:

• LDAP
• • User/Password
• • Trusted Headers / Proxy Auth

The later is what I want, as I can easily put Authelia in front of this 👌

What would it take to support this? 🤔

from swirl.

How about using the token authentication mentioned above?

from swirl.

How about using the token authentication mentioned above?

I don't see how that would work with Authelia in front reverse proxying to Swirl? It would need to pass Remote-User, for eexample:

Remote-Email: [email protected]
Remote-Groups: selfhosted,mills
Remote-Name: James Mills
Remote-User: prologic

from swirl.

Or rather, sorry to be precise, Swirl would take Remote-User and use this to populate its internal session and trust the proxy.

from swirl.

Sorry, I'm not very familiar with Authelia. For Swirl, it needs to obtain the user identity from the Authorization header. How can Swirl map Remote-User to its internal users if it is only the user's ID in Authelia?

from swirl.

Because the authentication has already happened at the proxy. Applications like Swirl would trust the proxy's headers. This is the simplest form of SSO and it works really well. I have many applications behind (that support header based auth) behind Authelia. See Trusted Header SSO

from swirl.

@cuigh Any further thoughts on supporting SSO for Swirl? Trusted Headers is the simplest way to support this, I'm sure with your experience of the codebase you'd get this done pretty easily. OAuth / OpenID Connect (OIDC) is also an option too (bit more work on both sides)

from swirl.