Jellyfin SSO would make Organizr virtually perfect for me and hopefully many others. I understand Plex is larger and more prio and so is Emby, but Jellyfin is the one and only truly open source & free media server right now which automatically renders all other contenders useless in my eyes (and hopefully many others). Please, get us Jelly-ers some SSO goodies too
This is not up to us to enable. You should ask Jellyfin to support logins via setting a cookie, or passing usernames with headers.
@Roxedus is correct... If there was a way to do it now - It would have been included... I would suggest creating a GH issue and requesting that feature be added and then we could add on our end too.
Agreed and done. But as I can see it'd been done numerous times before, they don't really care much, apparently. Can't it be done in the meanwhile (which meanwhile could take months if not years better yet..) in a hacky way?
I just tested and intercepted a login with BurpSuite and then successfully authenticated via a simple curl request. It seems pretty straight forward, usr & pw gets sent in a json. Couldn't you implement something similar each time an Emby/Jellyfin tab is opened? Before each load even:
POST /Users/authenticatebyname HTTP/1.1
Host: jelly.mydomain.org
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:83.0) Gecko/20100101 Firefox/83.0
Accept: application/json
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: https://jelly.mydomain.org/web/index.html
X-Emby-Authorization: MediaBrowser Client="Jellyfin Web", Device="Firefox", DeviceId="irrelevant_random_hash_can_be_anything_tested", Version="10.6.4"
Content-Type: application/json
Origin: https://jelly.mydomain.org
Content-Length: 33
DNT: 1
Connection: close
{"Username":"MyAdminuser","Pw":"AndHisPassword"}
@markv9401 We did see your post, but please also see our response for now: https://features.jellyfin.org/posts/358/organizr-support. Please don't make extra posts, it doesn't move things up.
@causefx @Roxedus - Sorry for the delay here, wasn't aware there was an issue - there is a demand for alternate authentication, but it's largely been for OAuth.
As far as I can tell (I'm a project lead, but not directly working on the server) there's a structural issue in the way, but we'd like to work on it. Since we know we can do LDAP via a plugin, we've have been looking at other options for auth next. What do you prefer/what's easiest/best for Organizr?
@anthonylavado How is the session handled now? via localstorage - cookie - session? I'm open to anyway you guys see fit to start. :)
How is the session handled now?
Terribly, but we're working on it ;-)
Kidding aside, it's currently based on the server sending back a session token that's then sent with each subsequent request. I'm not sure what the long term goal is though - if we've even come to a decision yet - though.
@joshuaboniface LOL - yeah I hear ya man. If you go away from that emby model and follow a token or JWT token or something like that - That would be awesome!
In the meanwhile as an absolutely dirty workaround. Based on what joshuaboniface said and some burp debugging I found a way to auth headless and craft a local storage var that let's you pass afterwards.
POSTing what I posted earlier with all headers will result in a json with all required informations. Absolutely minimal local storage needed to work (auth being the json response):
jellyfin_credentials = {'Servers': [{
'ManualAddress': 'https://jelly.mydomain.org',
'Id': auth['ServerId'],
'UserId': auth['User']['Id'],
'AccessToken': auth['AccessToken']
}]}
Tested and it actually works. Pretty strange how the cookies contain last login timestamp, last activity timestamp, device id hash and all that yet none of that matters, don't even have to bother, the lack of them / incorrect values don't invalidate the auth token apparently
I might try implementing some ugly functionality that posts & crafts this cookie on each tab load.
Don't see right now why it couldn't work, it worked fine in a quick python/requests test
Created a proof-of-concept https://github.com/markv9401/organizr-jellyfin-sso
It does work, with some slight limitations, if anyone's interested. (Love Organizr's modular approach. Like I said, last I'd done PHP was 5+ yrs ago and managed to pull this off)
sweet!!!! after holiday, i will check this out and implement.
kudos!!
Sent from my iPhone
On Nov 25, 2020, at 2:34 PM, markv9401 notifications@github.com wrote:

Created a proof-of-concept https://github.com/markv9401/organizr-jellyfin-sso
It does work, with some slight limitations, if anyone's interested. (Love Organizr's modular approach. Like I said, last I'd done PHP was 5+ yrs ago and managed to pull this off)—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub, or unsubscribe.
Most helpful comment
Terribly, but we're working on it ;-)
Kidding aside, it's currently based on the server sending back a session token that's then sent with each subsequent request. I'm not sure what the long term goal is though - if we've even come to a decision yet - though.