Request to Bypass Silverbullet Built-in Login When Using External Authentication

[simone-viozzi]

Hi,

I have Traefik with Authelia in front of Silverbullet, and I would like to disable the built-in authentication in Silverbullet, leaving the authentication entirely in the hands of Authelia.

Here is my current configuration for Silverbullet:

services:
  silverbullet:
    image: zefhemel/silverbullet
    restart: unless-stopped
    env_file:
      - .env
    environment:
      - SB_USER=admin:admin
      - PUID=1000
      - GUID=1000
    volumes:
      - silverbullet-space:/space
    ports:
      - 4678:3000
    labels:
      traefik.enable: "true"
      traefik.docker.network: proxy

      traefik.http.routers.silverbullet.rule: Host(`${SILVERBULLET_DOMAIN}`)
      traefik.http.routers.silverbullet.entrypoints: websecure

      traefik.http.routers.silverbullet.tls: "true"
      traefik.http.routers.silverbullet.tls.certresolver: leresolver

      traefik.http.routers.silverbullet.service: silverbullet-svc
      traefik.http.services.silverbullet-svc.loadbalancer.server.port: "3000"

      traefik.http.routers.silverbullet.middlewares: authelia@docker
    networks:
      - proxy
    logging:
      driver: "local"

And here is the relevant part of my Authelia configuration:

    - domain: silverbullet.yourdomain.com
      resources:
        - '/.client/manifest.json$'
        - '/.client/[a-zA-Z0-9_-]+.png$'
        - '/service_worker.js$'
      policy: bypass

    - domain: silverbullet.yourdomain.com
      policy: one_factor
      subject:
        - group:users

Despite having Authelia set up as the authentication middleware in front of Silverbullet, I am still being prompted by Silverbullet's own login page after authenticating through Authelia.

Currently, the Silverbullet login is set to admin:admin, but I want to bypass this completely and let Authelia handle all authentication.

Is there a way to fully disable the built-in Silverbullet authentication or an alternative method to achieve this behavior?

Any help or guidance would be greatly appreciated.

Thank you

[zefhemel]

Sure. Just don't set the SB_USER variable 🤓

[simone-viozzi]

It did not work. I'm still prompted for authentication, but now no login and password will work.

in the docker logs, I have:

silverbullet-1  | Error verifying JWT, redirecting to auth page The jwt's signature does not match the verification signature.
silverbullet-1  | Error verifying JWT, redirecting to auth page The jwt's signature does not match the verification signature.
silverbullet-1  | Authentication failed, redirecting to auth page.
silverbullet-1  | Unauthorized access, redirecting to auth page

Also, could you please update the doc and add a line saying that if you do not set the SB_USER env var, the authentication will be skipped? Thank you

[zefhemel]

Are you sure you properly restarted everything with the new config? The server should simply disable any authentication checks when SB_USER isn't set (or the --user flag).

[simone-viozzi]

Ok, I solved the issue with:

   environment:
      - SB_USER=

I think that even if the env var is not set, it still loads some defaults. By setting it to nothing, the silverbullet authentication is skipped.

Could you please update the documentation with this detail? Then you can close this issue.

[zefhemel]

This is very odd though. Is docker not somehow inheriting this from your overall environment. You're not setting SB_USER somewhere else?

[simone-viozzi]

And you are right, it was set in the env file and I forgot about:

env_file:
      - .env

Thank you for the support!

[zefhemel]

Alright. Good!