3rd party authentication_backend about authelia HOT 2 OPEN

Please note this response was created using generative AI leveraging previously available information from the repository. This information may be helpful however it is our strong recommendation that you carefully consider the information before blindly applying it.

Currently, Authelia supports two primary methods for first-factor authentication: LDAP and file-based (YAML) storage, as detailed in the configuration documentation. For second-factor authentication, Authelia supports methods like TOTP, WebAuthn, and Duo.

Regarding the integration of a custom authentication backend like privacyIDEA for managing second factors, Authelia does not natively support custom authentication backends out of the box. The configuration and system design of Authelia are built around predefined authentication methods, primarily focusing on LDAP and file-based systems for the first factor and the mentioned methods for the second factor.

To integrate privacyIDEA or any other custom authentication system, significant modifications to Authelia's source code would be required. This would involve:

1. Understanding Authelia's plugin architecture and how authentication modules are loaded and managed.
2. Developing a custom module that can interface with the privacyIDEA API, handling the specific endpoints and responses.
3. Ensuring that this module can be configured through Authelia's YAML configuration files, similar to existing authentication backends.

This kind of development would require deep knowledge of Authelia's codebase and possibly contributing to the project directly if you intend for this to be a reusable feature for others. You might consider opening a feature request on Authelia's GitHub repository or checking if there are existing requests for such functionality.

For direct integration without modifying Authelia, you might consider using privacyIDEA to manage all second factors and then using a standard protocol like SAML or OpenID Connect, which Authelia supports as an identity provider, to handle authentication requests. This setup would allow you to centralize second-factor management in privacyIDEA while leveraging Authelia for web application access control.

This comment was generated by Glime.

from authelia.

Interesting. When I read the documentation my understanding is that Authelia does not act as a relying party but as a provider.
https://www.authelia.com/integration/openid-connect/introduction/
If Authelia was able to act as a relying party then we could redirect to another SSO IdP that supports privacyIDEA.
But since this is not the case, my search continues.

from authelia.