1
Authelia: Dynamically checking if auth needed based on request? (alien.top)
submitted 11 months ago by softwareguy74@alien.top to c/main@selfhosted.forum
4 comments fedilink hide all child comments

I'm building a multi tenant SaaS offering on top of Kubernetes. My understanding is that Authelia runs at the ingress/proxy layer (nginx, traefik, etc) before hitting the app service.

I like this idea since you technically would not have to build anything directly in each of the apps to handle authentication. However, because of the dynamic nature of this SaaS I need to have a layer in there somewhere that can first query something (API, database, cache,etc) that based on data from the incoming request would tell authelia if auth is required or not.

Is this possible with authelia? If so, any examples of how this might work?

you are viewing a single comment's thread
view the rest of the comments
[-] probablyjustpaul@alien.top 1 points 11 months ago

Authelia can operate at the proxy level as you said, but it can also work at the application level. Authelia implements the OpenIDConnect standard which is designed first as a way for applications to authenticate users using client side redirects.

My recommendation would be to build (or potentially find) a piece of middleware that performs your API/DB query and then redirects to Authelia based on the response. Depending on what proxy/LB you're using it might even support this natively

this post was submitted on 19 Oct 2023
1 points (100.0% liked)

Self-Hosted Main

502 readers
1 users here now

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.

For Example

We welcome posts that include suggestions for good self-hosted alternatives to popular online services, how they are better, or how they give back control of your data. Also include hints and tips for less technical readers.

Useful Lists

founded 1 year ago
MODERATORS
communick@selfhosted.forum