Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

My biggest issue with HomeAssistant at the moment is the refusal of the Devs to support Single sign on methods. Several have been submitted via pull requests and almost gone through and then dropped based on very poor reasoning in my opinion. There is an auth header addon in HACS but without official support the android app is a buggy mess to get working.

HA is the only service I am running now that isn't hooked into my SSO and it's a niggling frustration to say the least.



When it comes to internal services that don't implement auth or have inadequate auth support, there are several projects out there that act as a reverse proxy and handle auth, only passing requests through once authentication is complete.

You can use this with Home Assistant's local IP auth (that just bypasses auth and assigns everything to a single HA user) so you don't have redundant auth mechanisms.


Yeah that's basically what the Auth header add-on is used for. It's just a pain for the Android app. I got it working briefly but hit a snag where my yubikey I use for passwordless login couldn't be used as it's using a webview container and you can't easily just use a yubikey in that scenario. If SSO was supported mainline support for that could be added.

What I have been meaning to do is have my Auth provider fall back to basic password or something else for HomeAssistant logins, just need to figure out HOW to do that.


I'd love it to have some kind of LDAP or other directory service thing. I've got a few other things I run for myself and some friends or family members that already can work with that (notably NextCloud) that would be really cool to connect up with HA too.


Good news, you can use HA with LDAP (ish) and it's sorta supported using the built in command line auth - https://www.home-assistant.io/docs/authentication/providers/... and the ldap-auth-sh script - https://github.com/bob1de/ldap-auth-sh

Not quite SSO, but at least the passwords and users a synced across, so that's nice.


What independent auth server do you use?


Currently I use Authenik on my LAN and VPN, but I used to use Keycloak when it was publicly exposed. I had issues configuring several of the components to work together and decided to use something that "kinda" works out of the box. The app dashboard is also very nice and has the "partner tick of approval" that is so important for hosting your own services.


Beauty of open source, make a fork with those pull requests accepted and involve the devs that made them.


It's a niggling issue for me, not a show stopper. I did consider it, very briefly, but it's not enough of an issue for me to spend the time and effort maintaining such a fork. Especially with an active project as HomeAssistant keeping a fork working with all the upstream modifications would be difficult.


I doubt it'll get merged. They're like that.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: