Home Assistant Command Line Authentication for Authelia
Want to integrate Authelia with Home Assistant? Unfortunately Home Assistant lacks support for SSO, but it does support a rather unique command line authentication mode.
In short: Home Assistant will execute a script, passing in the provided username/password from the client. If the script exits with code 0
then the login is accepted, if not it’s rejected.
Authelia, in turn, has a handy /api/verify
endpoint that can be used by proxies to implement forward authetication with.
Combing these together, we can simply use curl
in a command line authentication script to verify the credentials with Authelia. Additionally, we can pass the X-Original-URL
header to allow Authelia to perform authorization.
There are some drawbacks:
- 2FA is not supported. You’ll need to configure Authelia to use 1FA for your Home Assistant service.
- Since the request comes from the Home Assistant server, you’ll need to ensure that abuse counter-measures don’t block your sever (ex. fail2ban).
How to Use#
- Save the code to a script called
authelia.sh
in the same folder as your Home Assistantconfiguration.yaml
file. - Ensure the script is executable by running
chmod +x authelia.sh
. - In your
configuration.yaml
add:
homeassistant:
auth_providers:
- type: command_line
command: /config/authelia.sh
Then restart Home Assistant and you should be all set!