mirror of
https://github.com/0rangebananaspy/authelia.git
synced 2024-09-14 22:47:21 +07:00
[DOCS] Introduce an FAQ and document forwarded authentication. (#962)
* add FAQ docs section * add forwarded authentication section to deployments > supported proxies * apply suggestions from code review Co-authored-by: James Elliott <james-d-elliott@users.noreply.github.com> Co-authored-by: Amir Zarrinkafsh <nightah@me.com>
This commit is contained in:
parent
be0cc72473
commit
da5c722cf8
|
@ -1,7 +1,7 @@
|
||||||
---
|
---
|
||||||
layout: default
|
layout: default
|
||||||
title: Community
|
title: Community
|
||||||
nav_order: 8
|
nav_order: 9
|
||||||
has_children: true
|
has_children: true
|
||||||
---
|
---
|
||||||
|
|
||||||
|
|
|
@ -33,6 +33,23 @@ The target URL can be provided using one of the following ways:
|
||||||
In the case of Traefik, these headers are automatically provided and therefore don't
|
In the case of Traefik, these headers are automatically provided and therefore don't
|
||||||
appear in the configuration examples.
|
appear in the configuration examples.
|
||||||
|
|
||||||
|
## How can the backend be aware of the authenticated users?
|
||||||
|
|
||||||
|
The only way Authelia can share information about the authenticated user currently is through the use of two HTTP headers:
|
||||||
|
`Remote-User` and `Remote-Groups`.
|
||||||
|
Those headers are returned by Authelia on requests to `/api/verify` and must be forwarded by the reverse proxy to the backends
|
||||||
|
needing them.
|
||||||
|
Please note that the backend must support the use of those headers to leverage that information, many
|
||||||
|
backends still don't (and probably won't) support it. However, we are working on solving this issue with OpenID Connect/OAuth2
|
||||||
|
which is a widely adopted open standard for access delegation.
|
||||||
|
|
||||||
|
So, if you're developing your own application, you can read those headers and use them. If you don't own the codebase of the
|
||||||
|
backend, you need to check whether it supports this type of authentication or not. If it does not, you have three options:
|
||||||
|
|
||||||
|
1. Enable authentication on the backend and make your users authenticate twice (not user-friendly).
|
||||||
|
2. Completely disable the authentication of your backend. This works only if all your users share the same privileges in the backend.
|
||||||
|
3. Many applications support OAuth2 so the last option would be to just wait for Authelia to be an OpenID Connect provider (https://github.com/authelia/authelia/issues/189).
|
||||||
|
|
||||||
## Redirection to the login portal
|
## Redirection to the login portal
|
||||||
|
|
||||||
The endpoint `/api/verify` has different behaviors depending on whether
|
The endpoint `/api/verify` has different behaviors depending on whether
|
||||||
|
|
11
docs/faq.md
Normal file
11
docs/faq.md
Normal file
|
@ -0,0 +1,11 @@
|
||||||
|
---
|
||||||
|
layout: default
|
||||||
|
title: FAQ
|
||||||
|
nav_order: 8
|
||||||
|
---
|
||||||
|
|
||||||
|
# Frequently asked questions
|
||||||
|
|
||||||
|
## How can the backend be aware of the authenticated users?
|
||||||
|
|
||||||
|
This question is solved [here](https://docs.authelia.com/deployment/supported-proxies/#how-can-the-backend-be-aware-of-the-authenticated-users).
|
Loading…
Reference in New Issue
Block a user