I’m building a multi tenant SaaS offering on top of Kubernetes. My understanding is that Authelia runs at the ingress/proxy layer (nginx, traefik, etc) before hitting the app service.
I like this idea since you technically would not have to build anything directly in each of the apps to handle authentication. However, because of the dynamic nature of this SaaS I need to have a layer in there somewhere that can first query something (API, database, cache,etc) that based on data from the incoming request would tell authelia if auth is required or not.
Is this possible with authelia? If so, any examples of how this might work?
I think that authelia is not really made for this scenario, so if you want to use authelia, I think you would have to loop back to before authelia and redirect to the different (auth / non-auth) urls.
I am pretty sure though you are not the first person to have this requirement so probably there is a better solution, but I would have no idea what to search for.
Generally speaking most proxies like haproxy or nginx are scriptable (HAproxy via Lua for example) so maybe that’s something you could let ok into. This article sounds s bit like your scenario:
https://www.egnyte.com/blog/post/dynamic-backends-in-haproxy-with-lua