Home Assistant Command Line Authentication for Authelia
Want to integrate Authelia with Home Assistant? Unfortunately Home Assistant lacks support for SSO, but it does support a rather unique command line authentication mode.
In short: Home Assistant will execute a script, passing in the provided username/password from the client. If the script exits with code
0 then the login is accepted, if not it’s rejected.
Authelia, in turn, has a handy
/api/verify endpoint that can be used by proxies to implement forward authetication with.
Combing these together, we can simply use
curl in a command line authentication script to verify the credentials with Authelia. Additionally, we can pass the
X-Original-URL header to allow Authelia to perform authorization.
There are some drawbacks:
- 2FA is not supported. You’ll need to configure Authelia to use 1FA for your Home Assistant service.
- Since the request comes from the Home Assistant server, you’ll need to ensure that abuse counter-measures don’t block your sever (ex. fail2ban).
How to Use⌗
- Save the code to a script called
authelia.shin the same folder as your Home Assistant
- Ensure the script is executable by running
chmod +x authelia.sh.
- In your
homeassistant: auth_providers: - type: command_line command: /config/authelia.sh
Then restart Home Assistant and you should be all set!