Openhab2 authentication


Since, Authentication API for ESH is merged.

How to enable authentication and create users/password from OH2 PaperUI ?


The authentication API is just an API. Work is still needed to make use of it.
Till then you should configure a reverse proxy:

Btw. Setting up a reverse proxy as described in the documentation is automated with the openHABian Configuration Tool.

Does it apply to Habpanel as well ?

I mean if we enable security via nginx, then does it works when we try to access from habpanel ?


Yes, everything behind http://device:8080 will henceforth be secured by authentication and an HTTPS connection.

openHAB is very unhappy about running behind a reverse proxy.

Even if authentication is available within openHAB, I wouldn’t trust Jetty exposed on the open Internet. It’s a great development tool, but it isn’t a hardened, production server.

Open bugs associated with this, some going back so far as to have been migrated from Google Code to eclipse, to github. Problems include:

  • Not able to handle change of scheme (https vs. http)
  • Not able to handle directory mapping

While it may appear to work, you’ve got to get your reverse proxy configured very carefully to hide openHAB’s errors.

Also, as nginx does not support digest authentication (at least with “production-level” plugins), make sure that you only enable basic authentication once redirected to the TLS channel.