Syno Apps Basic Authentication logon's

Currently reading
Syno Apps Basic Authentication logon's

Operating system
  1. Linux
  2. Windows
  3. other
Hi there all,

My 1st post here, please apologies if I'm not heading this in the right forum, let's hope I did =)

I'm possibly looking at being able to logon on any Syno hosted apps (/file /note /video etc.) although not using the regular form based logon but through Basic Authentication.

This because I've got a front end reverse proxy which take's care of auths and 2FA, although with the current Form Based login "style" I'm facing difficulties at getting delegated SSO to succeed.

Let me know if anyone went that route.
Kind regards,
If I understood this right you are looking to pass your SSO and access service on your NAS without hitting the DSM login?

The only current option with DSM is using OpenID (but that works with Azure AD only), via site to site VPN or by NAS being a member of the Azure domain.

Hi Rusty,

Yes indeed, that is the idea, to pass the front-end entered credz back at the Syno hosted Web Apps.. The front-end is all stacked with RADIUS, LDAPs, 2FA etc.. and hence, I'd rather avoid to re-invent the wheel on the back-end.. I'm provided with some forms of Form Based Delegation capabilities on the front-end but basically I think that the DSM needs two POST requests, encryption.cgi & login.cgi if I'm no mistaken.. I can "logon" with the Form Based Delegation but not getting in the Web App (file station, note station etc..) sending the POST request here: /*SYNOAPP*/webman/login.cgi?enable_syno_token=yes along with username + passwd, that is what the Web App gives me post logon (SSO):

{ "SynoToken" : "EDITED", "result" : "success", "success" : true }

And the user is successfully seen on the NAS box, but I can't get through the app, reload etc doesn't give anthing more.

I've read your Authelia post, would this be somthing at which simple and basic auth could be shipped upon successful front-end logons ?

Thanks for your answer, I'll see what I can do with this..
It seems to work, if you first do the login using Synology's API and then call the web app.

So first login
I get a JSON response along the cookie necessary for later SSOs. Please note that this does only work for basic authentication.

Then I call the web app (an alias for Drive in my case)
That loads up the Drive App for the logged in user :)

Hope it helps.

Cheers, Roger
Nice one Roger, I'll test this out !! My main issue is that the reverse proxy is a WAF in between on which I do not have to possibility to do back and forth calls but perhaps the /webapi/auth.cgi?api=SYNO.API.Auth&version=6&method=login&account=<user>&passwd=<password> call would do. Let me test this out =)

Thanks for your support !!

Create an account or login to comment

You must be a member in order to leave a comment

Create account

Create an account on our community. It's easy!

Log in

Already have an account? Log in here.

Welcome to! is an unofficial Synology forum for NAS owners and enthusiasts.

Registration is free, easy and fast!

Trending threads