+- Jellyfin Forum (https://forum.jellyfin.org)
+-- Forum: Support (https://forum.jellyfin.org/f-support)
+--- Forum: General Questions (https://forum.jellyfin.org/f-general-questions)
+--- Thread: Help with authentication provided by reverse proxy (/t-help-with-authentication-provided-by-reverse-proxy)
Help with authentication provided by reverse proxy - jose1711 - 2024-11-03
Hello,
following https://blog.sjain.dev/caddy-sso/ I started to migrate my services behind Caddy reverse proxy with a SSO configured. For Jellyfin I did something like this (Caddyfile):
Code:
{
..
security {
authorization policy admin_policy {
set auth url https://portal.mydomain.com
allow roles authp/admin
}
}
}
jellyfin.mydomain.com {
authorize with admin_policy
reverse_proxy http://localhost:8096
}When accessing https://jellyfin.mydomain.com I am redirected to https://portal.mydomain.com where I am queried for credentials (configured inside Caddy's local store) and once validated I am redirected back and presented with Jellyfin login window. Here I need to log in once more.
Is there a way to tell Jellyfin - that a user foo is a valid user and his/her identity has been proven already? I saw several questions floating on the forums/github but could not find a definitive answer whether this is supported or not.
Thanks, j
RE: Help with authentication provided by reverse proxy - crobibero - 2024-11-04
You would need to use something like the SSO plugin. https://github.com/9p4/jellyfin-plugin-sso
RE: Help with authentication provided by reverse proxy - jose1711 - 2024-11-05
This would be too much, I am looking for a header authentication but it seems this is not yet supported (as per https://features.jellyfin.org/posts/471/header-authentication)
RE: Help with authentication provided by reverse proxy - jose1711 - 2024-11-09
Eventually I used Caddy with Authelia (https://www.authelia.com/integration/openid-connect/jellyfin/) and SSO plugin you mentioned.
RE: Help with authentication provided by reverse proxy - Duvel - 2025-03-19
(2024-11-05, 01:30 PM)jose1711 Wrote: This would be too much, I am looking for a header authentication but it seems this is not yet supported (as per https://features.jellyfin.org/posts/471/header-authentication)
@TheDreadPirate could you share a bit of info about Proxy Header Authentication feature?
Is it currently even considered by the team? If yes, any ETA ??? if no, why??
My current setup (like many) is LDAP plugin + Authentik. And I use caddy for the reverse proxy. Mostly all my exposed services work with a single login page (Authentik) and then the user straight connect automatically on everything (including user creation). Only for Jellyfin Web my users have to login twice : once in Authentik and once in Jellyfin. Thats really annoying.
RE: Help with authentication provided by reverse proxy - niels - 2025-03-19
No there are no plans to support custom headers for authorization as this is unlikely to work with our native clients.