Very neat!
Sadly I suspect that if I'd access it through authelia (and other reverse proxies) that the redirect will break the accessibility.
Appoxo
Some scanners are modern enough to be able to differentiate between water and non-permitted liquids.
I was able to bring a 1L (33floz) on a plane from FRA.
It just needed to go through the scanner. Same with carry-on.
And the side story has the subtitle "ENGLISH MOTHERFUCKER, DO YOU SPEAK IT?!"
Forgot that LDAP is sort of first party.
Does the jellyfin app support the ldap auth?
This sounds lile you are very knowledgable about it.
Why not propose a dev-draft or propose a feature on their feature voting website?
Choice is good.
Your opinion restricts more options I might want.
OPs opinion does not restrict the freedom you require from immich.
Thus: Your argument (beyond your own setup) is invalid
Download the whole album and import every once in a while.
Immich does the duplicate-handling.
There are plugins for SSO.
There are 3rd party plugins for OIDC and I think LDAP is even first party.
The issue comes when intercepting the signin-progress with 1st party clients. Jellyfin (to my knowledge) doesnt support redirects/callbacks like a homeassistant companion app does.
And how many media servers are there? The 2 other major offerings (Plex and Emby) don't support OIDC either.
Plex does it's own sauce and Emby doesnt support it. Authentik has a guide to implement it via LDAP.
And Jellyfin has a tech-debt history being forked from emby. Stark contrast to newly developed projects which were started when SSO and OIDC wasbstarting to become popular.
I configured authelia to intercept any request by prompting for 2FA login and totp-codes.
No login no entry (except for my two uptime pages)