Currently I am migrating my openhab 2 setup to openhab 3. Since there is a real user administration there, I would like to connect this with my upstream web server authentication.
The setup looks like this for me.
By default, I use an OAuth based authentication where Google is used as the provider.
In addition, I implement a Basic Auth for applications that do not support OAuth via a special subdomain prefix. (openhab.testserver.org vs ba-openhab.testserver.org)
Regardless of which method you use to log on, the logged on username is written to the server environment variable REMOTE_USERNAME.
With my Nextcloud installation, for example, I have now the option to completely disable the authentication (in nextcloud) and I’m saying instead that I fully trust the username from the REMOTE_USERNAME variable and use this as the active user.
My question now is, is there something similar possible with openhab.
I’ve already seen that there are ways to do this with Basic Auth. But I would like to make it a lot more generic and just want to say it. Take the user out of the variable and completely trust the authentication of the web server, no matter which method was used there. Mod_auth_form from Apache would also be conceivable here.