Open Pauld-1 opened 10 months ago
add this to your settings
logger:
default: info
logs:
custom_components.auth_header: debug
with that you'll see a log of all headers
add this to your settings
logger: default: info logs: custom_components.auth_header: debug
with that you'll see a log of all headers
Thanks, I have done that and the debug log from Home Assistant is at the end of my first post, here's the formatted Home Assistant debug header which may be easier to read
2023-09-18 11:57:54.650 DEBUG (MainThread) [custom_components.auth_header] <CIMultiDictProxy(
'Host': 'ha.redacted.com',
'User-Agent': 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.0.0 Safari/537.36',
'Content-Length': '135',
'Accept': '*/*',
'Accept-Encoding': 'gzip',
'Accept-Language': 'en-GB,en-US;q=0.9,en;q=0.8',
'Cdn-Loop': 'cloudflare',
'Cf-Connecting-Ip': 'redacted',
'Cf-Ipcountry': 'GB',
'Cf-Ray': '8089121bcd4771fe-LHR',
'Cf-Visitor': '{"scheme":"https"}',
'Content-Type': 'text/plain;charset=UTF-8',
'Cookie': 'cf_clearance=gxwM7vXDTNfce1t..lFe7T1JWZCsob_dUBhGtdY6mny-1695033460-0-1-621f681.ea0a671b.5120a961-0.2.1695033460; authelia_session=tC4Cbv!Oxt%an7BTiZf$ggHp1YipNsY^',
'Dnt': '1',
'Origin': 'https://ha.redacted.com',
'Sec-Ch-Ua': '"Chromium";v="116", "Not)A;Brand";v="24", "Google Chrome";v="116"',
'Sec-Ch-Ua-Mobile': '?0',
'Sec-Ch-Ua-Platform': '"Windows"',
'Sec-Fetch-Dest': 'empty',
'Sec-Fetch-Mode': 'cors',
'Sec-Fetch-Site': 'same-origin',
'X-Forwarded-For': '172.70.91.58',
'X-Forwarded-Host': 'ha.redacted.com',
'X-Forwarded-Port': '443',
'X-Forwarded-Proto': 'https',
'X-Forwarded-Server': 'a4229f013d36',
'X-Real-Ip': '172.70.91.58'
)>
"Remote-User: paul" doesn't appear
it looks like Home Assistant is not behind Authelia- the remote-user headers are not being added. Did you perhaps forget to add your Authelia middleware to your Home Assistant configuration in Traefik?
Same problem, but I figured it out @Pauld-1.
When you are not logged into Authelia, the headers are not forwarded (kind of obvious). Unfortunately hass-auth-header doesn't forward (or is this traefik?) to the authentication backend (i.e. Authelia) to log in and just responds with an error.
After manually logging in to Authelia, I get the Remote-User
header in hass-auth-header and I am logged in to HA. I'm not sure why you get different results for the WhoAmI image and HA - I can repo the same behavior with WhoAmI: No Remote-User
header when not logged in (and no forward to the authentication backend) - after logging in to Authelia in the same browser session I get the authentication headers.
Note: I tried both the one_factor
policy and the two_factor
policy in Authelia for the authentication headers to work. Both work, but the process is always to first manually login.
Hello,
I'll be grateful for assistance please.
I have Traefik and Authelia up and running. Using a basic WhoAmI service, the user name is provided in the header as "Remote-User: paul" as below (url's and IP redacted).
This is the section from my Home Assistant configuration.yaml
however in the debug log below (url's and IP redacted), Remote-User doesn't appear in the header and unsurprisingly "No header set" and "no matching user found" errors then occur
thanks in advance