liss-bot
commented
2 years ago If you're enjoying Dashy, consider dropping us a ⭐
🤖 I'm a bot, and this message was automated
Open juliannoble opened 2 years ago
liss-bot
commented
2 years ago If you're enjoying Dashy, consider dropping us a ⭐
🤖 I'm a bot, and this message was automated
liss-bot
commented
2 years ago This issue has gone 6 weeks without an update. To keep the ticket open, please indicate that it is still relevant in a comment below. Otherwise it will be closed in 5 working days.
liss-bot
commented
2 years ago This issue was automatically closed because it has been stalled for over 6 weeks with no activity.
Ryonez
commented
1 year ago Having the same issue. Guest access is enabled, but users are redirected to login.
Lissy93
commented
10 months ago I'm not sure this is possible, as when KC is enabled, all auth is handled by Keycloak (making it impossible to access Dashy with out a Keycloak token). So guest access would need to be something handled by Keycloak.
I had a quick look, and couldn't see any immediate solutions to this, beyond these threads:
Sorry not to be more help, I'm hoping to support more generic OpenID connect auth providers in the future, which should rectify this. But for now, this isn't something that can be managed from within Dashy, so am (re)-closing.
We have scenario to support guest user login through keycloak. What would be the recommended way to do this.
Explore this post and more from the KeyCloak community
I am using Keycloak 11.0.0 to secure my Asp.Net Core 3.1 Application. I am looking for a way to allow users to access certain resources without the need of an own account. Which resources can be ac...
Ryonez
commented
10 months ago A quick work around is to have it guest by default, and only initiate the login flow if a login button is clicked. Currently if keyclock is set, it forces a login. So if we shift it to needing an action, and assume not having logged in account means a guest...
Would be the minimal work needed, while being able to use what is already there
nOw-Ay
commented
6 months ago A quick work around is to have it guest by default, and only initiate the login flow if a login button is clicked. Currently if keyclock is set, it forces a login. So if we shift it to needing an action, and assume not having logged in account means a guest...
Would be the minimal work needed, while being able to use what is already there
Okay, so I checked this issue since keycloak guest access would interest me too. Unfortunately, what you want will never be implemented except if someone did a complete rewrite of the auth system. In fact, the whole Dashy auth system works client-side which raises many security issues (see this blog post).
Since Keycloak authentication isn't even secure today with the system that we have, allowing users to load the application and connect to keycloak after mounting the app will raise even greater security issues than there is today.
Maybe one day we'll get a rewrite with backend checks, security and unexposed configuration. I believe Dashy definitively have the potential to be a full fledged homelab portal.
Lissy93
commented
6 months ago Okay, so I checked this issue since keycloak guest access would interest me too. Unfortunately, what you want will never be implemented except if someone did a complete rewrite of the auth system. In fact, the whole Dashy auth system works client-side which raises many security issues (see this blog post).
This was the old auth system, it's been updated / re-written.
See the Authentication Docs.
Enabling HTTP Auth prevents any access to any *.yml files by non-authenticated users.
And if you're using a reverse proxy, your auth should be configured server-side, meaning no access to anything until the user has logged in.
Is your feature request related to a problem? If so, please describe.
When keycloak is enabled, I can't find any way to enable guest access.
Describe the solution you'd like
A login button to display when unauthenticated users browse dashy, so that logging in via keycloak is optional, in order to see secured sections.
Priority
Medium (Would be very useful)
Is this something you would be keen to implement
No response