this post was submitted on 27 Jun 2026
239 points (98.0% liked)
Technology
85837 readers
3539 users here now
This is a most excellent place for technology news and articles.
Our Rules
- Follow the lemmy.world rules.
- Only tech related news or articles.
- Be excellent to each other!
- Mod approved content bots can post up to 10 articles per day.
- Threads asking for personal tech support may be deleted.
- Politics threads may be removed.
- No memes allowed as posts, OK to post as comments.
- Only approved bots from the list below, this includes using AI responses and summaries. To ask if your bot can be added please contact a mod.
- Check for duplicates before posting, duplicates may be removed
- Accounts 7 days and younger will have their posts automatically removed.
Approved Bots
founded 3 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
It’s not directed towards people who are experts. I’m an expert and can’t secure Jellyfin properly because Jellyfin doesn’t support proper secure authentication.
Which authentication method are you wanting for it? I wouldn't call myself an expert but my job stuck senior in front of my title a few years back.
Native OIDC/SSO support, allowing users to offload the authentication to a purpose built software.
Then don't and do VPN?
I would rather just properly secure it like every other selfhosted service I have, and not have to manage a VPN client for every user who wants to connect to Jellyfin.
A security focused service vs a media consumption service competing for max security...
I wonder what would be the most successful at this task...
A security focused authentication service would be the most successful, straightforward, and simple to implement solution.
Unfortunately Jellyfin, nearly alone amongst its FOSS peers has not implemented support for these services. It’s the only one of my many dozens of selfhosted services that I can’t properly secure.
There are plugins for SSO.
There are 3rd party plugins for OIDC and I think LDAP is even first party.
The issue comes when intercepting the signin-progress with 1st party clients. Jellyfin (to my knowledge) doesnt support redirects/callbacks like a homeassistant companion app does.
And how many media servers are there? The 2 other major offerings (Plex and Emby) don't support OIDC either.
Plex does it's own sauce and Emby doesnt support it. Authentik has a guide to implement it via LDAP.
And Jellyfin has a tech-debt history being forked from emby. Stark contrast to newly developed projects which were started when SSO and OIDC wasbstarting to become popular.
Yeah, natively Jellyfin supports LDAP (1st party plug-in anyway), which means I can use my personal IdP to centrally manage accounts and it works across all their apps I've tried (as oppose to the OIDC plugin which seems to still break their apps).
Forgot that LDAP is sort of first party.
Does the jellyfin app support the ldap auth?
Plugins for SSO and OIDC are not a solution as they will only work with the web clients, so that’s a non-starter.
Jellyfin can blame it on the tech debt all they want but implementing it really wouldn’t be that hard, they just haven’t prioritized it, simple as.
This sounds lile you are very knowledgable about it.
Why not propose a dev-draft or propose a feature on their feature voting website?
Because it’s already a proposed feature on their feature voting website. In fact It’s been one of the top voted features for the last 7 years straight. It’s at this point the most often talked about drawback of Jellyfin and biggest stated reason why people won’t switch away from Plex. It’s been so long that the SSO plugin has been archived because the maintainer only made it on a temporary basis and he was tired of maintaining it, likely because it’s only taken the pressure off of the Jellyfin team to implement native SSO because folks like you like to point to it as a solution to the problem.