I would rather just properly secure it like every other selfhosted service I have, and not have to manage a VPN client for every user who wants to connect to Jellyfin.
A security focused authentication service would be the most successful, straightforward, and simple to implement solution.
Unfortunately Jellyfin, nearly alone amongst its FOSS peers has not implemented support for these services. It’s the only one of my many dozens of selfhosted services that I can’t properly secure.
There are plugins for SSO.
There are 3rd party plugins for OIDC and I think LDAP is even first party.
The issue comes when intercepting the signin-progress with 1st party clients. Jellyfin (to my knowledge) doesnt support redirects/callbacks like a homeassistant companion app does.
And how many media servers are there? The 2 other major offerings (Plex and Emby) don’t support OIDC either.
Plex does it’s own sauce and Emby doesnt support it. Authentik has a guide to implement it via LDAP.
And Jellyfin has a tech-debt history being forked from emby.
Stark contrast to newly developed projects which were started when SSO and OIDC wasbstarting to become popular.
Yeah, natively Jellyfin supports LDAP (1st party plug-in anyway), which means I can use my personal IdP to centrally manage accounts and it works across all their apps I’ve tried (as oppose to the OIDC plugin which seems to still break their apps).
Because it’s already a proposed feature on their feature voting website. In fact It’s been one of the top voted features for the last 7 years straight. It’s at this point the most often talked about drawback of Jellyfin and biggest stated reason why people won’t switch away from Plex. It’s been so long that the SSO plugin has been archived because the maintainer only made it on a temporary basis and he was tired of maintaining it, likely because it’s only taken the pressure off of the Jellyfin team to implement native SSO because folks like you like to point to it as a solution to the problem.
Then don’t and do VPN?
I would rather just properly secure it like every other selfhosted service I have, and not have to manage a VPN client for every user who wants to connect to Jellyfin.
A security focused service vs a media consumption service competing for max security…
I wonder what would be the most successful at this task…
A security focused authentication service would be the most successful, straightforward, and simple to implement solution.
Unfortunately Jellyfin, nearly alone amongst its FOSS peers has not implemented support for these services. It’s the only one of my many dozens of selfhosted services that I can’t properly secure.
There are plugins for SSO.
There are 3rd party plugins for OIDC and I think LDAP is even first party.
The issue comes when intercepting the signin-progress with 1st party clients. Jellyfin (to my knowledge) doesnt support redirects/callbacks like a homeassistant companion app does.
And how many media servers are there? The 2 other major offerings (Plex and Emby) don’t support OIDC either.
Plex does it’s own sauce and Emby doesnt support it. Authentik has a guide to implement it via LDAP.
And Jellyfin has a tech-debt history being forked from emby. Stark contrast to newly developed projects which were started when SSO and OIDC wasbstarting to become popular.
Yeah, natively Jellyfin supports LDAP (1st party plug-in anyway), which means I can use my personal IdP to centrally manage accounts and it works across all their apps I’ve tried (as oppose to the OIDC plugin which seems to still break their apps).
Plugins for SSO and OIDC are not a solution as they will only work with the web clients, so that’s a non-starter.
Jellyfin can blame it on the tech debt all they want but implementing it really wouldn’t be that hard, they just haven’t prioritized it, simple as.
This sounds lile you are very knowledgable about it.
Why not propose a dev-draft or propose a feature on their feature voting website?
Because it’s already a proposed feature on their feature voting website. In fact It’s been one of the top voted features for the last 7 years straight. It’s at this point the most often talked about drawback of Jellyfin and biggest stated reason why people won’t switch away from Plex. It’s been so long that the SSO plugin has been archived because the maintainer only made it on a temporary basis and he was tired of maintaining it, likely because it’s only taken the pressure off of the Jellyfin team to implement native SSO because folks like you like to point to it as a solution to the problem.