Seerr

Introduction

This is a guide on integration of Authelia and Seerr via the trusted header SSO authentication.

As with all guides in this section it's important you read the introduction first.

Tested Versions

• Authelia:
  • v4.39.18
• Seerr Server

Before You Begin

This example makes the following assumptions:

• Application Root URL: https://seerr.{{< sitevar name="domain" nojs="example.com" >}}/
• Authelia Root URL: https://{{< sitevar name="subdomain-authelia" nojs="auth" >}}.{{< sitevar name="domain" nojs="example.com" >}}/
• User Email Domain: @{{< sitevar name="domain" nojs="example.com" >}}
• Seerr has been initialized already with a user to configure this. Trusted header SSO cannot be used to auto-create users.
• Trusted header SSO can only be used when trust proxy is enabled.
• This feature will only work if a list of trusted proxies is provided.

Some of the values presented in this guide can automatically be replaced with documentation variables.

{{< sitevar-preferences >}}

Configuration

To configure Seerr to trust the Remote-User and Remote-Email header do the following:

With GUI

1. Login as an admin user.
2. Navigate to Settings -> Network.
3. Enable "Trust Proxy"
4. Provide a list of trusted proxies in Advanced Network Settings.
5. Select remote-user and remote-email from the list. Seerr will look for both fields in requests if they are configured here.

Alternatively, you can select just the username and look for only the username in the requests.

6. Save changes.

Editing the configuration directly

Update the configuration file to this

...
 "network": {
  ...
  "trustProxy": true,
  "trustedProxies": {
   "v4": [
    "10.0.50.3"
   ],
   "v6": [
    "fd00:dead::beef"
   ]
  },
  "forwardAuth": {
   "enabled": true,
   "userHeader": "remote-user",
   "emailHeader": "remote-email"
  },
  "proxy": {
    ...

The header names in the GUI and config file are case insensitive.