You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Hi
I got a domain level forward auth setup working with traefik and the embedded outpost.
And also had a example for single application working.
But I'm asking me if I missed something...
shouldn't it be at least technical possible to have a domain wide authentication (i.e. on auth.example.com) which authenticates the domain example.com (cookie for the domain and all subdomains), but allow to configure the access per application subdomain (myapp.example.com)?
Maybe this is already possible and I missed that or are there any limitations that prevents authentik from implement something like that or would this be possible with the authentik provided proxies?
As an explanation for my use-cases:
Have everything behind traefik.
dumb application without any authentication at all or disabled authentication when not needed, for them I would love to just allow/disallow access per user in authentik.
half dump application that have their own login, but can maybe be tricked by providing a token or basic auth header, that could be set in the proxy to "forward" (force login) the user to the application.
applications that just want to do their auth by them self with at least the possibility to use authentik as provider. They are forced to login in the app itself (without authentik SSO).
applications that are configurable to trust the proxy headers to do something with the authentication, they need just authentication and consume the provided user and groups.
Would love to have authentik as authentication for the whole domain including remember the user across applications and optionally generate auth headers for half dump applications.
But still the possibility to define the application access in authentik per user/group centrally.
reacted with thumbs up emoji reacted with thumbs down emoji reacted with laugh emoji reacted with hooray emoji reacted with confused emoji reacted with heart emoji reacted with rocket emoji reacted with eyes emoji
-
Hi
I got a domain level forward auth setup working with traefik and the embedded outpost.
And also had a example for single application working.
But I'm asking me if I missed something...
shouldn't it be at least technical possible to have a domain wide authentication (i.e. on
auth.example.com) which authenticates the domainexample.com(cookie for the domain and all subdomains), but allow to configure the access per application subdomain (myapp.example.com)?Maybe this is already possible and I missed that or are there any limitations that prevents authentik from implement something like that or would this be possible with the authentik provided proxies?
As an explanation for my use-cases:
Have everything behind traefik.
Would love to have authentik as authentication for the whole domain including remember the user across applications and optionally generate auth headers for half dump applications.
But still the possibility to define the application access in authentik per user/group centrally.
Beta Was this translation helpful? Give feedback.
All reactions