Auto-Login with admin user; single-user mode #1530
Description
Is your feature request related to a problem? Please describe.
I see that #917 which is planned provides for viewing the dashboard without having to login. For those who are behind reverse proxies that auto-authenticate and intend to use the application as a single user, I'm hopeful for something that will auto-login. Many self-hosting users have mutli-factor authentication and have already authenticated by the time we get to speedtest-tracker.
Describe the solution you'd like
Allow marking a user as 'default' or enabling a 'single user mode' that bypasses all authentication. For security, reasons, this might only be enabled if the ' Remote-User ' forward-header (by autehlia, authentik, etc) is set by a reverse proxy.
As an alternative, using the forward authentication (Remote-User header with a trusted proxy) and matching that with an identical username would be an acceptable solution.
Metadata
Metadata
Assignees
Labels
Projects
Milestone
Relationships
Development
Participants
Activity
Bananas-Are-Yellow commentedon Sep 4, 2024
An alternative approach is for Speedtest Tracker to support OIDC, just like Portainer and PhotoPrism
I am using Traefik as a reverse proxy, so that my home lab services are exposed as different subdomains over HTTPS. Naturally, I need password protection so only I can access them, and ideally, I want single sign-on, so I only have to enter my password once.
Some services don't have user accounts, but I can protect those using OAuth2 Proxy. Examples include:
Other services have user accounts:
I am using Zitadel for authentication. The account I want to use when I sign in is my personal email address in my personal domain (myname@mydomain.com), and Zitadel allows me to create such a user. (Zitadel supports sign-in with Google, GitLab, etc. but I'm not using any of that).
OAuth2 Proxy, Portainer and PhotoPrism all support OIDC, so I've set them all to use Zitadel. This does mean I get three different sign-in screens, but they each have a button to allow me to sign in with Zitadel. Once I've entered my password to sign in, for the next service, I can just select that user account, and I don't have to enter the password again.
Currently, I have Speedtest Tracker behind OAuth2 Proxy, which means I have to sign in twice, but if I check the Remember me box when I sign in to Speedtest Tracker, it doesn't seem to require sign in again (I think). So the current state of affairs is not too bad, for me.
diabl0 commentedon Sep 18, 2024
Upvoting this. I'm using Authentik in front of all my services, and logging in twice is tedious.
heavymp commentedon Sep 19, 2024
upvote!
Matthias-vdE commentedon Oct 1, 2024
I'm using Authentik as well. It's not a true solution, but most of the time you don't really need the admin rights just to view the graphs. Setting "PUBLIC_DASHBOARD=true" removes the need to login to view the dashboard. If you do need to log in to change settings, there's a button to login as admin.
Aloe-recite commentedon Jan 6, 2025
adding my vote for OIDC integration (I'm using Authentik for that matters)!
WirtsLegs commentedon Jan 16, 2025
would also love to see OIDC support, or header auth so i can stick an auth proxy infront of it
EHRETic commentedon Mar 21, 2025
Upvote for OIDC!
(using Authentik for my lab)
BTW: super great software, I loved it as soon as I found it! 😊