1 time authentication for iDashboard

[leram84]

I have soooo many questions about that second screen shot lol. Did you fork muximux or idashboard or something? make it yourself? I'm doing something very similar to you (with iDashboard). I have everything up and running (though im still trying to pick the best service to handle my blog (wanted tumblr cause it's easy, but the lack of ssl makes it impossible to iframe) Also trying to get my "help" page to have a live chat with me through a slack channel, but i need to have some kind of authentication for that to work so i know who im talking to. so i was thinking about adding it to the root domain, and have everything else be unlocked... not really sure how i want to handle it yet, but my question for you (other than to see if you're willing to share some of the programs you're using lol) is, is there a way to get plex authentication for idashboard's guest page (the root page) and have it automatically log into all the plex services (for me that would be plex, plexrequests.net, and maybe plexpy if i decide to give guest access to that)?

[hjone72]

Hi,

I am using muximux's great software to iframe PlexAuth. You can see the commit here.

Happy to share what I am using, most of it has been modified and I'd recommend a little programming knowledge to get it all going. Checking out some of the projects I've forked on GitHub gives you a pretty good idea.

For my blog I'm using GetGrav with a custom Theme to make it Plexy. I've also modified the 'Admin' and 'Login' plugin to give it an SSO feel (No credentials are required but you still need to click 'Login').

You absolutely could make use of PlexAuth for your guest page on iDashboard! You could either simply add a auth_request module to your nginx directive for iDashboard or de-serialize the PlexAuth class and check PlexAuth->getAuth [ True | False ]. There are many other ways but those two are probably the easiest.

I haven't got any live chat systems going but I am using Bumby-Booby as my helpdesk. I've modified it slightly for PlexAuth SSO.

SSO into other services as long as they are open source should be possible for just about anything... Plex uses the browsers local storage. I believe the only way to insert stuff here is using JavaScript... I haven't done this yet. But! If you want to take it on board. Simple add myPlexAccessToken to the local storage of your plex domain. ie plex.domain.com.

PlexRequests.net - Very doable but again I haven't done it yet.

PlexPy - You'd have to use my fork of plexpy or make similar modifications that I've done to your plexpy and it will be full SSO.

Hope that answers all your questions. :)

[leram84]

Wow, sorry i missed this! Im not sure why i didn't get notified. Thank you for such a detailed response!

The blog is probably the last thing ill add, so ill definitely check out getgrav when i do. Im not a programer, (more of a scavenger lol) but i think i might be able to get PAuth working with the blog when i get to it. As for the rest, when you say sso, do you just mean using plexauth for each of those services? or do you actually mean sign in once to ONE of them and you are automatically signed into all, because the latter is what im trying to accomplish and i don't think it's currently possible with idashboard.

Also, i had kind of a crazy thought, but could this project be integrated with something like lastpass (or some open source password manager, like keypass)? No idea what that would involve, but wouldn't that basically let you integrate plexauth into... everything? Would be pretty cool to have a bunch of services like hipchat, google calendar, etc in your idashboard/muximux page and only have to log in once.

Anyway, thanks again for sharing, its much appreciated.

[hjone72]

As for the rest, when you say sso, do you just mean using plexauth for each of those services? or do you actually mean sign in once to ONE of them and you are automatically signed into all, because the latter is what im trying to accomplish and i don't think it's currently possible with idashboard. It's kinda one in the same really.

Some services don't support multiple users (SickRage, CouchPotato, MyLar), for these services I've disabled authentication but set the auth_request in nginx. This means that for a user to access any of those services they would need to already be authenticated against PlexAuth. Services like PlexPy, ComicStreamer and Bumpy-Booby, which support multiple users, will automatically log you in when you first visit the site.

Scenario:

1. User (bobby323) navigates to SickRage.com, sickrage is protected by PlexAuth. Bobby323 is redirected to PlexAuth and logs in, PlexAuth redirects bobby323 back to SickRage and now allows them to access SickRage. Bobby323 now wishes to view PlexPy, they have already authenticated against PlexAuth once. When visiting PlexPy they will automatically be logged in as themselves. All future sites bobby323 visits will automatically allow sign them in and allow them to visit.
2. User (leecher21) navigates to SickRage.com, leecher21 is not allowed to access sickrage. leecher21 is denied access.

Hope this helps explain how my setup works and how PlexAuth works... :)

Also, i had kind of a crazy thought, but could this project be integrated with something like lastpass (or some open source password manager, like keypass)? No idea what that would involve, but wouldn't that basically let you integrate plexauth into... everything? Would be pretty cool to have a bunch of services like hipchat, google calendar, etc in your idashboard/muximux page and only have to log in once.

Hmmm not sure how this one would work. Probably a bit beyond my skills.

Anyway, thanks again for sharing, its much appreciated.

No worries. Let me know if you have any further questions.

[leram84]

WOW! this is so much better than i thought! Yeah, i am definitely going to be using this. Well its currently a little over my head, but im relatively confident i can stack overflow my way through it lol. though im sure ill also take you up on your offer to help at some point :)

oh, one thing i should ask before i start though... my nginx server is running on windows. that shouldn't cause any issues should it?

[hjone72]

I haven't tested it specifically on Windows. However, as long as you have the nginx auth_request module in your build then it should be fine. Should be fine.

Please report back with your progress!

[ghost]

Hi hjone72,

In June 2016 you published screen shots on the Plex forum about your user subscribe screens and sign-up form.Would it be possible to share your code? If not can you give me a better understanding of how you achieved this with the API ? I would really appreciate some guidance... thanks for Plex auth struggled a bit but looks like I got it going !

[hjone72]

Hi @Bluejuice1001, I'll post the invite and join page in another repo. They are a bit specific to my setup but should hopefully point you in the right direction. You'll also need to create some sort of DB. I'll put a few more details in the repo when I post it. :)

[hjone72]

@Bluejuice1001, I've created the new repo. https://github.com/hjone72/PlexAuth_Pages

Hope it works for you 👍

[ghost]

Thanks a mil, I'll check it out

[leram84]

@hjone72 What are you using for audiobooks? Anything good? I'm getting tired of waiting for plex :(

[hjone72]

@leram84, I'm making use of popeen's subsonic. I've forked his project and made a few small changes so that it accepts Plex credentials. Its not single sign on but it is same sign on, which was good enough for me.

[leram84]

Man that looks really promising! Lack of ios support is the one major bummer. I use android but most of my family is ios, and if im just using it for me and not sharing, theres not a lot of incentive to switch from an offline android app... yeah, thats a lie, im definitely looking into this :) thanks for the lead!

[hjone72]

Yeah it's far from perfect but unfortunately I haven't been able to find anything else. If you come across something be sure to let me know!

[leram84]

Definitely! plex grade audiobook management is my white whale

[leram84]

YOO! so first of all, i was gonna test this before recommending it, but might as well share now since iv already used it, and im sure the webdav part won't be any trouble. sooo https://itunes.apple.com/app/id1086480492?ls=1&mt=8 that is basically my way of bridging the lack of booksonic ios... still not ideal, but best way to handle this for me is to use booksonic, and then let ios users access via my webdav... which i personally am planning on using filerun for since i already have it running for other stuff. anyway... that actually segways to my point... im still trying to make all this SSO stuff work, though in Organizr now. I saw you post something a while back in the gitter room so im hoping since u use it as well you might have come up with something since that last message lol. I'm also trying to get let's-chat working and there seem like a bunch of these that also support ldap... since ldap is also integrated into org now, do u think it might be possible to integrate these together, and maybe even set it up to use ORG as the server so that is all we need to authenticate against? its the same question as before just seems like we're getting closer and was curious if you have anything planned.

[hjone72]

Last time I checked Organizr it was authenticating against an LDAP server. That means you can't use it as your "source of truth" for authentication.

If however, you are just trying to get a LDAP server to authenticate against check this out: https://github.com/hjone72/LDAP-for-Plex

I haven't tested "let's chat" specifically but I don't see a reason you couldn't use this LDAP server to authenticate against. Let me know your thoughts.

[leram84]

yeah, thats what i was talking about, just figured id post here for continuity... the auth for letschat (and any ldap app) would be super convenient... but when using organizr, the workflow of org > plex > anything else is just so damn close to perfect, i really thought there might be some way to make org be the source and have it all.... idk, i kinda thought u might have just forked org for yourself by now and gotten this working, and I wanted in LOL.

[hjone72]

I'd have to have another look at how the auth is done with Organizr. But if there is an API for "authing" against Organizr there isn't any reason you couldn't replace Plex as the backend with Organizr.

You've given me a bit to think about. I might revisit this in the future.

[leram84]

That would be AMAZING! It just makes sense too.... if you're using a bunch of apps that u want SSO for w plex, you're most likely wrapping them up in something like org anyway. This is really the missing link. Anyway, great to know its on your radar... lmk if you need any testing. cheers!

[riemers]

Doesn't the feature list of organizer also say it support login via plex? Would that not make this part redundant if that is the case? On the github page: (Login with Plex/Emby/LDAP or sFTP credentials) Depends on the way it is implemented, i just want a /something url protected bij a plex token which is what this repo is all about afaik. Rather want to remove authentication all together on services and just let plex login via frontend handle it (and ofcourse disable the local ports and allow only via nginx plex auth)

[leram84]

support for plex auth isn't the same as plex sso. The goal is to allow you to login to organizr and get auto logged into plex/plexpy/sonarr/ombi/etc. Currently, while organizr will accept plex creds to log you into organizr, it will not ALSO log you into plex (and therefore won't trigger hjone's plex ldap server if you have that setup). As far as what you described... im not sure how plex auth or the ldap server would even be used for you. You can already set org to cookie auth and turn off auth on each app so only org can access those pages. The request im making is more about allowing mulitple users to get SSO. But for a single user you can already do everything you want

[riemers]

Multi user support would be a nice plus of course. And yes it is not the same, have not tried the full setup. Was just adding username/pwd per app but that isn't as nice. This solution of plexauth would already be better, multi user would be the holy grail 👍

[hjone72]

I'm not sure what you guys mean by multi user. What isn't currently working for multiple users?

[riemers]

afaik (i could be wrong) with your auth you can do multi users, but not fine grained per application. With Organizer it also has per application based options (but no plexauth?)

[hjone72]

Actually both support both features.

I don't actually use Organizr but my understanding is, the cookie auth used over there is more or less the same method that I am using here. It requires nginx and makes use of the auth_request module.

As for the per application permissions, have a look here: https://github.com/hjone72/PlexAuth_Pages/blob/master/PlexAuth/inc/pages/permissions.page.php

This is only using a JSON file and isn't as nice as Organizr's implementation of permission management but it works for my setup.

[riemers]

That does look nice too. I think I just need to play around a bit more and see what works for me. Want it all in containers for easy management. Ningx helps good here. Played with traefik but makes Plex not run as smooth.

Op 17 augustus 2017 om 23:37:23, hjone72 (notifications@github.com) schreef:

Actually both support both features.

I don't actually use Organizr but my understanding is, the cookie auth used over there is more or less the same method that I am using here. It requires nginx and makes use of the auth_request module.

As for the per application permissions, have a look here: https://github.com/hjone72/PlexAuth_Pages/blob/master/PlexAuth/inc/pages/permissions.page.php

[image: image] https://user-images.githubusercontent.com/4342811/29434817-e1078290-83e7-11e7-9ac0-14928a68ea47.png

This is only using a JSON file and isn't as nice as Organizr's implementation of permission management but it works for my setup.

— You are receiving this because you commented. Reply to this email directly, view it on GitHub https://github.com/hjone72/PlexAuth/issues/4#issuecomment-323201312, or mute the thread https://github.com/notifications/unsubscribe-auth/AApoOW2olYbQ_YUOaIYQycrAOoKttbZzks5sZLKSgaJpZM4Kj2PQ .