NVR software recommendations that supports SSO/LDAP - eviltoast

Hi everyone, looking for some NVR software to run a bunch of Cisco 6630 cameras I picked up (I know I know, but at <20$/camera…)

I looked at a few like ZoneMinder and Frigate but they all seem to only support basic HTTP auth and I spent a lot of time and effort getting Authentik working nice and smooth and dammit I want to use it for everything I can lol

Just “classic” LDAP is fine too, at least it’s still using some part of my central authentication infra lmao

  • node815@lemmy.world
    link
    fedilink
    English
    arrow-up
    2
    ·
    edit-2
    1 year ago

    I just installed Pomerium and got it to integrate with AdguardHome and my router which both use basic HTTP, I also use Authentik. It’s a bit of a learning curve, but in short, this is what the config.yaml file needs to work to get it up and running:

    The basic auth header for this is just UN: example PW: Password

    authenticate_service_url: https://verify.mydomain.com
    idp_provider: oidc
    idp_provider_url: https://Authentik.mydomain.com/application/o/pomerium/
    idp_client_id: AUTHENTIK'S CLIENT ID
    idp_client_secret: AUTHENTIK'S CLIENT SECRET
    idp_provider_scopes: null
    routes:
      - from: https://agh.mydomain.com
        to: http://192.168.1.200  ##Adguardhome address
        policy:
          - allow:
              or:
                - email:
                    is: myemail@mydomain.com
        set_request_headers:
        # https://www.blitter.se/utils/basic-authentication-header-generator/
           Authorization: "Basic ZXhhbXBsZTpwYXNzd29yZA==" #AdguardHome
          allow_websockets: true
    
    
      - from: https://router.mydomain.com
        to: http://192.168.1.254
        policy:
          - allow:
              or:
                - email:
                    is: myemail@mydomain.com
        set_request_headers:
        # https://www.blitter.se/utils/basic-authentication-header-generator/
          Authorization: "Basic ZXhhbXBsZTpwYXNzd29yZA=="  #Router 
        allow_websockets: true
    
    
    cookie_name: pomerium
    cookie_secret: RANDOM 32 CHARACTER COOKIE=
    cookie_domain: mydomain.com
    pomerium_debug: true
    

    So, now when I go to my Adguardhome’s URL ( agh.mydomain.com), it auto directs to my Authentik instance, then upon matching my signed in email in the browser session, it transparently logs me into Adguardhome without issue. The same applies to my router’s login.

    In short, if you have found an NVR which supports basic http auth, Pomerium is the missing piece I’ve found to work.