Is this a new feature request?
Wanted change
Is it possible to add custom authentication onto the unifi network application container, and then bypass the unifi authentication entirely, so that a self hosted SSO program, like Authentik or Authalia, can be used to login to the unifi network application.
Reason for change
Without someone awesome within Linuxserver.io creating custom code implementing the SSO feature, then I believe ironically the Unifi GUI will not be unified within my networks SSO scheme. I believe the container implementation is probably the best approach, as I don't believe Unifi will implement this feature themselves. Thank you for what you do, and I hope you consider this for implementation.
Proposed code change
I would include in the docker image a frontend WebUI, that has the authentication page, whose sole purpose and job is to perform authentication to include SSO, then once complete loads the Unifi Network Application as an authenticated instance, and redirects authenticated internal UI IP traffic to the Network Application within the container. The frontend would perform default authentication within the Unifi Network Application itself by providing authentication information that is generically needed as an internal backend function, so that the application thinks the user provided input, but the frontend application only does so after successful login, to include SSO. After performing SSO, frontend just sits as a direct passthrough for the Unifi Network Application.
This will add complexity, and would not be ideal for someone who plans to either, use the Unifi remote access functionality, or has just wants username and password as that is obtained already by simply using Unifi Network Application itself. This could be a separate SSO version of the application that provides the self hosting of the SSO functionality, but is clear of the limitations. For how to manage the SSO, I would have the SSO frontend modified using environment variables, and docker secrets if desired, for the SSO information that are loaded into the SSO frontend at runtime. The SSO then performs SSO IAW the values loaded, and then steps away, and otherwise acts like the current Unifi Network Application. With a big caveat and warning, you will break the application if you change the user name and password of the default admin account, as the SSO functionality is using the default to perform the backend authentication for the docker container. You can restore access by providing the current user name and password as an environment variable and a docker secret. This may even be desirable, so that the authentication after first run, can be off the guessable defaults. This is my ideas, and hope that someone with the skill and desire can make this a reality. Thank you for reading this far, and I hope this inspires you!!!!!
Is this a new feature request?
Wanted change
Is it possible to add custom authentication onto the unifi network application container, and then bypass the unifi authentication entirely, so that a self hosted SSO program, like Authentik or Authalia, can be used to login to the unifi network application.
Reason for change
Without someone awesome within Linuxserver.io creating custom code implementing the SSO feature, then I believe ironically the Unifi GUI will not be unified within my networks SSO scheme. I believe the container implementation is probably the best approach, as I don't believe Unifi will implement this feature themselves. Thank you for what you do, and I hope you consider this for implementation.
Proposed code change
I would include in the docker image a frontend WebUI, that has the authentication page, whose sole purpose and job is to perform authentication to include SSO, then once complete loads the Unifi Network Application as an authenticated instance, and redirects authenticated internal UI IP traffic to the Network Application within the container. The frontend would perform default authentication within the Unifi Network Application itself by providing authentication information that is generically needed as an internal backend function, so that the application thinks the user provided input, but the frontend application only does so after successful login, to include SSO. After performing SSO, frontend just sits as a direct passthrough for the Unifi Network Application.
This will add complexity, and would not be ideal for someone who plans to either, use the Unifi remote access functionality, or has just wants username and password as that is obtained already by simply using Unifi Network Application itself. This could be a separate SSO version of the application that provides the self hosting of the SSO functionality, but is clear of the limitations. For how to manage the SSO, I would have the SSO frontend modified using environment variables, and docker secrets if desired, for the SSO information that are loaded into the SSO frontend at runtime. The SSO then performs SSO IAW the values loaded, and then steps away, and otherwise acts like the current Unifi Network Application. With a big caveat and warning, you will break the application if you change the user name and password of the default admin account, as the SSO functionality is using the default to perform the backend authentication for the docker container. You can restore access by providing the current user name and password as an environment variable and a docker secret. This may even be desirable, so that the authentication after first run, can be off the guessable defaults. This is my ideas, and hope that someone with the skill and desire can make this a reality. Thank you for reading this far, and I hope this inspires you!!!!!