H
Homarr2d ago
BitNotFound

Authentik SSO not appearing on log-in screen

I, for the life of me, can't get SSO sorted out for Authentik and Homarr. I have it set up for various other services, but Homarr is the only one that's given me trouble. Below is my docker compose for Homarr. I have followed the instructions given on the Authentik site as well as Homarr's site for setting up OIDC, but on Homarr's log in screen, I get the standard username and password prompt. Only the original account I set Homarr up with works with it. I have gone through well over a dozendifferent help threads here, GitHub, and elsewhere, implementing any fixes that others propose, but nothing seems to fix the issue. I could use some help! Thanks! 
services:
  homarr:
    container_name: homarr
    image: ghcr.io/homarr-labs/homarr:latest
    restart: unless-stopped
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock
      - ./homarr:/appdata
    environment:
      - SECRET_ENCRYPTION_KEY=<KEY>
      - AUTH_PROVIDER=oidc
      - AUTH_OIDC_CLIENT_ID=<SECRETID>
      - AUTH_OIDC_CLIENT_SECRET=<SECRET KEY>
      - AUTH_OIDC_ISSUER=https://auth.mysite.com/application/o/homarr/
      - AUTH_OIDC_URI=https://auth.mysite.com/application/o/authorize
      - BASE_URL=https://mysite.com
      - NEXTAUTH_URL=https://mysite.com
      - AUTH_OIDC_CLIENT_NAME=Authentik
      - OAUTH_ALLOW_DANGEROUS_EMAIL_ACCOUNT_LINKING=true
      - AUTH_OIDC_ADMIN_GROUP=authentik Admins
      - AUTH_OIDC_OWNER_GROUP=authentik Admins
      - AUTH_OIDC_AUTO_LOGIN=true
    labels:
      - traefik.enable=true
      - traefik.http.routers.homarr.rule=Host(`mysite.com`)
      - traefik.http.routers.homarr.entryPoints=websecure
      - traefik.http.routers.homarr.tls.certresolver=letsencrypt
      - traefik.http.services.homarr.loadbalancer.server.port=7575
      #- traefik.http.routers.homarr.middlewares=authentik-auth@docker
    networks:
      - private
networks:
  private:
    external: true
services:
  homarr:
    container_name: homarr
    image: ghcr.io/homarr-labs/homarr:latest
    restart: unless-stopped
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock
      - ./homarr:/appdata
    environment:
      - SECRET_ENCRYPTION_KEY=<KEY>
      - AUTH_PROVIDER=oidc
      - AUTH_OIDC_CLIENT_ID=<SECRETID>
      - AUTH_OIDC_CLIENT_SECRET=<SECRET KEY>
      - AUTH_OIDC_ISSUER=https://auth.mysite.com/application/o/homarr/
      - AUTH_OIDC_URI=https://auth.mysite.com/application/o/authorize
      - BASE_URL=https://mysite.com
      - NEXTAUTH_URL=https://mysite.com
      - AUTH_OIDC_CLIENT_NAME=Authentik
      - OAUTH_ALLOW_DANGEROUS_EMAIL_ACCOUNT_LINKING=true
      - AUTH_OIDC_ADMIN_GROUP=authentik Admins
      - AUTH_OIDC_OWNER_GROUP=authentik Admins
      - AUTH_OIDC_AUTO_LOGIN=true
    labels:
      - traefik.enable=true
      - traefik.http.routers.homarr.rule=Host(`mysite.com`)
      - traefik.http.routers.homarr.entryPoints=websecure
      - traefik.http.routers.homarr.tls.certresolver=letsencrypt
      - traefik.http.services.homarr.loadbalancer.server.port=7575
      #- traefik.http.routers.homarr.middlewares=authentik-auth@docker
    networks:
      - private
networks:
  private:
    external: true
No description
Solution:
Ok, so I asked ChatGPT, and I got about 99% of the way there. After tweaking, here are my compose and .env files for those who need something that works! ```services: homarr: image: ghcr.io/homarr-labs/homarr:latest...
Jump to solution
6 Replies
Cakey Bot
Cakey Bot2d ago
Thank you for submitting a support request. Depending on the volume of requests, our team should get in contact with you shortly.
⚠️ Please include the following details in your post or we may reject your request without further comment: - Log (See https://homarr.dev/docs/community/faq#how-do-i-open-the-console--log) - Operating system (Unraid, TrueNAS, Ubuntu, ...) - Exact Homarr version (eg. 0.15.0, not latest) - Configuration (eg. docker-compose, screenshot or similar. Use ``your-text`` to format) - Other relevant information (eg. your devices, your browser, ...)
Frequently Asked Questions | Homarr documentation
Can I install Homarr on a Raspberry Pi?
BitNotFound
BitNotFoundOP2d ago
* Ubuntu 24.04 with docker * Homarr version 1.17.0 * I can provide any other information if needed.
Solution
BitNotFound
BitNotFound2d ago
Ok, so I asked ChatGPT, and I got about 99% of the way there. After tweaking, here are my compose and .env files for those who need something that works! 
services:
  homarr:
    image: ghcr.io/homarr-labs/homarr:latest
    container_name: homarr
    restart: unless-stopped
    ports:
      - '7575:7575'
    volumes:
      - ./homarr:/appdata
      - /var/run/docker.sock:/var/run/docker.sock:ro
    environment:
      - TZ=America/Los_Angeles
      - BASE_URL=https://${HOMARR_FQDN}
      - NEXTAUTH_URL=https://${HOMARR_FQDN}
      - SECRET_ENCRYPTION_KEY=${SECRET_ENCRYPTION_KEY}
      - AUTH_PROVIDERS=oidc #,credentials # keep local accounts as fallback
      - AUTH_OIDC_CLIENT_ID=${OIDC_CLIENT_ID}
      - AUTH_OIDC_CLIENT_SECRET=${OIDC_CLIENT_SECRET}
      - AUTH_OIDC_ISSUER=https://${AUTH_DOMAIN}/application/o/${OIDC_SLUG}/
      - AUTH_OIDC_URI=https://${AUTH_DOMAIN}/application/o/authorize
      - AUTH_OIDC_CLIENT_NAME=authentik
      - AUTH_OIDC_SCOPE_OVERWRITE=openid email profile groups
      - AUTH_OIDC_ADMIN_GROUP=${ADMIN_GROUP}
      - AUTH_OIDC_GROUPS_ATTRIBUTE=groups
      - AUTH_LOGOUT_REDIRECT_URL=https://${AUTH_DOMAIN}/application/o/${OIDC_SLUG}/end-session/
      - AUTH_OIDC_AUTO_LOGIN=true
    networks:
      - my-network
networks:
  my-network:
    external: true
services:
  homarr:
    image: ghcr.io/homarr-labs/homarr:latest
    container_name: homarr
    restart: unless-stopped
    ports:
      - '7575:7575'
    volumes:
      - ./homarr:/appdata
      - /var/run/docker.sock:/var/run/docker.sock:ro
    environment:
      - TZ=America/Los_Angeles
      - BASE_URL=https://${HOMARR_FQDN}
      - NEXTAUTH_URL=https://${HOMARR_FQDN}
      - SECRET_ENCRYPTION_KEY=${SECRET_ENCRYPTION_KEY}
      - AUTH_PROVIDERS=oidc #,credentials # keep local accounts as fallback
      - AUTH_OIDC_CLIENT_ID=${OIDC_CLIENT_ID}
      - AUTH_OIDC_CLIENT_SECRET=${OIDC_CLIENT_SECRET}
      - AUTH_OIDC_ISSUER=https://${AUTH_DOMAIN}/application/o/${OIDC_SLUG}/
      - AUTH_OIDC_URI=https://${AUTH_DOMAIN}/application/o/authorize
      - AUTH_OIDC_CLIENT_NAME=authentik
      - AUTH_OIDC_SCOPE_OVERWRITE=openid email profile groups
      - AUTH_OIDC_ADMIN_GROUP=${ADMIN_GROUP}
      - AUTH_OIDC_GROUPS_ATTRIBUTE=groups
      - AUTH_LOGOUT_REDIRECT_URL=https://${AUTH_DOMAIN}/application/o/${OIDC_SLUG}/end-session/
      - AUTH_OIDC_AUTO_LOGIN=true
    networks:
      - my-network
networks:
  my-network:
    external: true
Here is the .env file, redacted of course: 
OIDC_CLIENT_ID=identificationid # OIDC client ID here
OIDC_CLIENT_SECRET=secretsecretsecret # OIDC client secret here
OIDC_SLUG=homarr # The slug you gave the 'homarr' application
AUTH_DOMAIN= auth.example.com # The FQDN of your Authentik endpoint
ADMIN_GROUP=homarr-admins # The name of the group in Authentik for Homarr admins. Add yourself to the group!
HOMARR_FQDN=homarr.example.com # FQDN of your homarr instance
SECRET_ENCRYPTION_KEY=encryptencryptencrypt # The Homarr encryption key
OIDC_CLIENT_ID=identificationid # OIDC client ID here
OIDC_CLIENT_SECRET=secretsecretsecret # OIDC client secret here
OIDC_SLUG=homarr # The slug you gave the 'homarr' application
AUTH_DOMAIN= auth.example.com # The FQDN of your Authentik endpoint
ADMIN_GROUP=homarr-admins # The name of the group in Authentik for Homarr admins. Add yourself to the group!
HOMARR_FQDN=homarr.example.com # FQDN of your homarr instance
SECRET_ENCRYPTION_KEY=encryptencryptencrypt # The Homarr encryption key
BitNotFound
BitNotFoundOP2d ago
You should ONLY need to modify anything in the .env file for a basic config, but things like labels, volumes, ports, and networks are all fine to change. Might do a pull request for changing the Homarr documentation later.
Manicraft1001
Manicraft10012d ago
Awesome that you were able to figure it out. We'd appreciate if you can update the docs!
BitNotFound
BitNotFoundOP11h ago
Created a pull request for the documentation!

Did you find this page helpful?