Tautulli automatic authentication, neither basic HTTP nor Plex working

[mgrimace]

Hello,

I'm trying to Tautulli working with either Plex authentication or basic http authentication per the official Authentik instructions here. I also use NPM as my reverse proxy with Cloudflare SSL. My goal is to only have the Authentik sign-on, which automatically logs into Tautulli. Neither Plex nor basic HTTP per the guide are working.

Basic HTTP authentication

This feature has moved to the config for Tautulli and is no longer available in the UI. However, it can be enabled manually. With basic HTTP authentication enabled in the config, after logging in to Authentik I'm passed to a Tautulli screen that still prompts for user/password.

Passing through a Plex login token

I got this working with Overseer using the following custom scope mapping. I tried duplicating this for Tautulli (changing the base URL) and no go.

from authentik.sources.plex.models import PlexSourceConnection
import json

connection = PlexSourceConnection.objects.filter(user=request.user).first()
if not connection:
    ak_logger.info("PLEX: No Plex connection found")
    return {}

base_url = "http://overseerr:5055"
end_point = "/api/v1/auth/plex"
token = "${overseer_token}"

headers = {
    "Content-Type": "application/json",
}

data = {
    "authToken": connection.plex_token
}


response = requests.post(base_url + end_point,
                         headers=headers, data=json.dumps(data))

if (response.status_code == 200):

    sid_value = response.cookies.get("connect.sid")
    cookie_obj = f"connect.sid={sid_value}"
    ak_logger.info("PLEX: The request was a success!")
    return {
        "ak_proxy": {
            "user_attributes": {
                "additionalHeaders": {
                    "Set-Cookie": cookie_obj
                }
            }
        }
    }
else:
    ak_logger.info(f"PLEX: The request failed with: {response.text}")
    return {}

As it is, does anyone have suggestions to avoid the duplicate login for Tautulli with Authentik?

[TDX44]

Any update to this? I've been stuck here for a week.

[jacoknapp]

So it looks like by default the password is now being hashed. This means that basic auth wont work. In order to make it work shutdown tautulli then go into the config.ini set the http_hash_password = 0, set http_password = Your password and then set http_basic_auth = 1, then start up tautulli again. This worked for me. Hopefully the maintainer sees this, and can put the feature options back into the panel.

[TDX44]

Thanks, I'll look into this tonight and update.