What type of hardware are you using: VPS bought online What YunoHost version are you running: 12.1.39 (stable) How are you able to access your server: The webadmin
SSH Are you in a special context or did you perform specific tweaking on your YunoHost instance ?: Not yet
Describe your issue
I am looking for the best way to integrate Authentik into Yunohost login flow. Basically, I have some external docker apps that are being proxied forwarded (using the redirect app) from Yunohost and users have to manually login to each application. I am looking to make it a seamless experience where users only need to login one instead of multiple times across multiple applications. I have been researching Authentik and I see the it can function as an LDAP store as well as an LDAP Idp. The information surrounding this topic is scarce and not really specific to what I am trying to accomplish. So, I am looking for information on integration feasibility of YNH LDAP integration in Autentik or if there is a better way such as nginx auth forward or a way to integrate YNH LDAP into my apps an additional SSO login option using YNH existing credential store?
I just need a little directionality here to simplify the process for my users and them to not have to authenticate so much to use basic services I have integrated into the platform for my users. Any help or information will be useful
User authenticates with authentik which redirects the user back to YNH platform and logins them in without further login prompts. Then when the user click on the proxied app tile it takes them to the application and logs them in automatically based on the fact that they are already authenticated with Authentik/LDAP and forwards the credential status to the app for seamless access.
I have already put some research into this and it does look like if you set Authentik up as a LDAP provider and source for Yunohost LDAP server and point it locally to port 389 & 636 respectfully, that authentication is possible. The issue I am struggling with specifically is setting up the forwarding headers in nginx (attached to authentik docker) so that SSOwat issues the session cookie after accepting the headers as a logged in user. I know that Yunohost uses very specific forwarding headers and I am trying to figure out what those are. There is no documentation on this process and I have not been able to locate any resources online about this specifically, including on Stack Overflow. Which is why I am asking for some assistance from the author. My only other option is to move existing services to docker containers and I don’t want to have to do that as I find your platform very easy to use on a daily basis and my users love the simplicity it offers. Any advice, experience or suggestion would be helpful