Header authentication using external proxy

[Crow-Control]

Before you open your issue

• Check if no issue or pull-request for this already exists.
• Check documentation and FAQ. (Tip, use the search function on the documentation page)
• You understand Mailu is made by volunteers in their free time — be conscise, civil and accept that delays can occur.
• The title of the issue should be short and simple. It should contain specific terms related to the actual issue. Be specific while writing the title.

Environment & Versions

Environment

• docker-compose
• kubernetes
• docker swarm

Versions

Not Relevant to the issue.

Description

This is either an enhancement or documentationrequest, depending on the feedback.
I tried to find out if it is supported, but cannot find anything about it.

Header authentication.
Simply put, a proxy sends the username in a header to the backend server (which would in this case be the mailu login/auth system), which then logs in the user without requesting a password or login action.

This is limited to the web interfaces ofcoarse. This enables the use of SSO proxies like authelia in front of the webmail. While still relying on internal mailu passwords for everything going directly to mailu (such as the email itself.)

I've no idea if this is already possible and/or if it is in theory reasonably possible to be added.

Replication Steps

Not Relevant to the issue.

Expected behaviour

Expected/Requested behavior would be allowing upstream headers containing the username or email and/or group to login users.

Logs

Not Relevant to the issue.

[Diman0]

This is not possible within Mailu. This would require changes to the code that handles authentication. I will mark it as an enhancement request.

[nextgens]

I have started to re-work the feature on #2697 ; /sso/proxy is no more, you will be able to use /sso/login when it's merged.