Default Authentication flow don't load when Arr Sevices set to Authentication popup

[ashishraj09]

Describe the bug When Authentication is set up as proxy provider for ARR Service (Radarr or Sonarr) loads the RR service's Authentication popup windows instead of the default authentication flow.

When entering the ARR service credential in the popup, it redirects to the RR service; the authentik default authentication flow is not loaded at all.

Changing the ARR Service (Radarr or Sonarr) setting to Authentication Form makes the *default authentication flow load, and after authentication, it is sent to the ARR Service.

ARR Setting

Authentik Setup

To Reproduce Steps to reproduce the behaviour:

1. Setup a new Radarr project on Authentik
2. Setup Radarr provider
3. Enter External (https://radar.xxx.com)and Internal host (http://192.168.0.89:7878/)
4. Set Unauthenticated Paths as below ^/api/.* ^/api2/.* ^/identity/.* ^/triggers/.* ^/meshagents.* ^/meshsettings.* ^/agent.* ^/control.* ^/meshrelay.* ^/ui.* ^/$ ^/status ^/assets/ ^/assets ^/icon.svg ^/upload/.* ^/metrics ^/.*\.js(/.*)?$ ^/.*\.json$ ^/signalr/.* ^/Content/.*
5. Setup Authentication settings
6. Enable Send HTTP-Basic Authentication as below `HTTP-Basic Username Key radarr_username

HTTP-Basic Password Key radarr_password `

7. Add the Radarr app to the outpost
8. Open https://radar.xxx.com in incognito
9. Instead of authentik login page and radarr basic authentication popup loads.
10. On entering radaar credentials radaar loads but the user never goes through the authentik login page. Also, authetik is not sending HTTP-Basic Authentication headers.

Expected behavior Authenik default login flow executes, and the user enters username and password. Authetik then redirects to the radar app.

Screenshots

Logs {"auth_via": "unauthenticated", "domain_url": "0.0.0.0", "event": "/-/health/live/", "host": "0.0.0.0:9000", "level": "info", "logger": "authentik.asgi", "method": "HEAD", "pid": 3792, "remote": "127.0.0.1", "request_id": "c71b78263b7f4b1eb818b8a99f7e20c5", "runtime": 7, "schema_name": "public", "scheme": "http", "status": 200, "timestamp": "2024-11-17T08:32:13.107237", "user": "", "user_agent": "goauthentik.io/healthcheck"} {"event":"/","host":"radarr.XXXXX.com","level":"info","logger":"authentik.outpost.proxyv2.application","method":"GET","name":"Radarr","remote":"121.74.236.250","runtime":"25.136","scheme":"http","size":0,"status":401,"timestamp":"2024-11-17T00:32:26-08:00","user_agent":"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36"}

Version and Deployment (please complete the following information):

• authentik version: 2024.10.2
• Deployment: docker-compose

Additional context Add any other context about the problem here.

[ashishraj09]

Adding the group setup

[ashishraj09]

Changing ARR app's Authentication from Basic (Browser Popup) to Forms (Login Page) launches the authentik default authentication flow.

Not sure why the authentik default authentication flow is not launching when Basic (Browser Popup) is selected. I tried setting up a new instance of authentik multiple times but still got the same error.

[ashishraj09]

okay

updating the Unauthenticated Paths to below worked

^/api/. ^/api2/. ^/identity/. ^/triggers/. ^/meshagents. ^/meshsettings. ^/agent. ^/control. ^/meshrelay. ^/ui.