*** For anyone stumbling on this post, and is as newbie as I am right now, forward auth doesn’t work with FireflyIII.
I thought that forward auth was the same as a proxy, but in this case, it is the proxy that provides the x-authentik tags.
So for Firefly, set up Authentik as a proxy provider and not a forward auth.
I haven’t figured out the rest yet, but at least, x-authentik-email is in my header now.
Good luck ***
Hello,
I am trying to setup Authentik to do a forward auth for Firefly3, using caddy. I am trying to learn External authentication so my knowledge is limited.
My setup is as follows.
By looking at the Firefly doc Firefly doc, I need to set
AUTHENTICATION_GUARD=remote_user_guard
AUTHENTICATION_GUARD_HEADER=HTTP_X_AUTHENTIK_EMAIL
in my .env file. I used the base .env file provided by Firefly and modified only these two lines
Then, in my Authentik, I made a forward auth for a single application for firefly. This part seem to work because the redirection is made. The external host is my Firefly ip address.
Then from the example provided in the Authentik provider, I created my caddy file on the Firefly container to redirect port 80 to my custom port 9080.
:80 {
# directive execution order is only as stated if enclosed with route.
route {
# always forward outpost path to actual outpost
reverse_proxy /outpost.goauthentik.io/* http://10.0.1.7:9080
# forward authentication to outpost
forward_auth http://10.0.1.7:9080 {
uri /outpost.goauthentik.io/auth/caddy
# capitalization of the headers is important, otherwise they will be empty
copy_headers X-Authentik-Username X-Authentik-Groups X-Authentik-Email X-Authentik-Name X-Authentik-Uid X-Authentik-Jwt X-Authentik-Me>
# optional, in this config trust all private ranges, should probably be set to the outposts IP
trusted_proxies private_ranges
}
}
}
EDIT : The IP address of Firefly is 10.0.1.8
When I try to go on my Firefly app, the Authentik redirection is made and it tries to connect to the Firefly webpage,but I either get unable to connect
when I try the https, or Looks like there’s a problem with this site
when I try to connect with http.
I see that the connection is refused in both case.
I made sure that my email on my account on firefly matches the email from the Authentik user.
I tried googling my problem to no avail and the Firefly documentation is pretty scarce.
Any help would be welcome.
We need networking info to be able to tell what is happening here. If you didn’t change the “outpost_ip” placeholder, that’s your problem.
Best to not use hostnames. Use the actual IP address.