Homelab

1034 readers

4 users here now

Rules

Be Civil.
Post about your homelab, discussion of your homelab, questions you may have, or general discussion about transition your skill from the homelab to the workplace.
No memes or potato images.
We love detailed homelab builds, especially network diagrams!
Report any posts that you feel should be brought to our attention.
Please no shitposting or blogspam.
No Referral Linking.
Keep piracy discussion off of this community

founded 2 years ago

MODERATORS

communick@selfhosted.forum

rglullis@communick.news

2FA for Homelab that also works on Android Apps (alien.top)

submitted 2 years ago by selimovd@alien.top to c/homelab@selfhosted.forum

3 comments fedilink hide all child comments

Hello everyone,

I set up my homelab with my NAS. I'm using Cloudflare Tunnel for many web applications and Traefik for media intense applications like Plex that aren't allowed with CF Tunnel.

I can use two factor authentication with Cloudflare and as I understand I could use Authelia or Authentik for Traefik.
But all of them have one problem, I cannot use them with the native apps on my Android phone. I know there are specific apps where I can put things in the header like LunaSea and Sonarr.

But I am really wondering, is there something that I could use with my android app and still provide 2FA to make my homelab more secure?

Thank you and best regards

you are viewing a single comment's thread
view the rest of the comments

[–] MisterBazz@alien.top 1 points 2 years ago (2 children)

Integrate an external authentication mechanism.

Something like JumpCloud (I'm using the free version for now). It offers up SAML that can be used in Cloudflare. You can use it as part of their Zero Trust section. You can set it up such that first a user must enter an email address. If that email address (or domain) isn't allowed, no go. If it IS allowed, then they are redirected to JumpCloud for authentication/2FA. Only AFTER this are they then redirected to any hosting services.

This may be a little more than what you were asking, but it's all web-based on the client side, so it would still work with your Android phone.

Otherwise, literally any 2FA app should work.

[–] Wojojojo90@alien.top 1 points 2 years ago (1 children)

I think you missed their question. They want to use native client apps on their android device (think jellyfin client, for example) with 2FA. Continuing with this example, the jellyfin client doesn't support OIDC, best you'll get with external authentication is LDAP (which still uses a 3rd party LDAP plugin, and doesn't support 2FA, but at least works on the client).

An external provider that supports SAML or OIDC or whatever won't magically make the android client natively support that auth mechanism

[–] MisterBazz@alien.top 1 points 2 years ago

Wow, yeah my bad.