Want to integrate Authelia with Home Assistant? Unfortunately Home Assistant lacks support for SSO, but it does support a rather unique command line authentication mode.

In short: Home Assistant will execute a script, passing in the provided username/password from the client. If the script exits with code 0 then the login is accepted, if not it’s rejected.

Authelia, in turn, has a handy /api/verify endpoint that can be used by proxies to implement forward authetication with.

Combing these together, we can simply use curl in a command line authentication script to verify the credentials with Authelia. Additionally, we can pass the X-Original-URL header to allow Authelia to perform authorization.

There are some drawbacks:

  • 2FA is not supported. You’ll need to configure Authelia to use 1FA for your Home Assistant service.
  • Since the request comes from the Home Assistant server, you’ll need to ensure that abuse counter-measures don’t block your sever (ex. fail2ban).

How to Use

  1. Save the code to a script called authelia.sh in the same folder as your Home Assistant configuration.yaml file.
  2. Ensure the script is executable by running chmod +x authelia.sh.
  3. In your configuration.yaml add:
homeassistant:
  auth_providers:
    - type: command_line
      command: /config/authelia.sh

Then restart Home Assistant and you should be all set!

Code