Home / Secure Access / Homer Dashboard
Service Dashboard
X-Forwarded-User
Zero-Day Shield

SSO + Zero-Day Protection for Homer Dashboard

by Homer Community

Add SAML/OIDC SSO to Homer Dashboard — Protect Your Service Directory

Start Free Trial See How It Works
Overview

Why Homer Dashboard Needs an Authenticated Proxy

Homer is a lightweight static service dashboard used to organize and display links to internal services, tools, and applications. While Homer itself is a simple static page, it reveals your entire internal service topology — every tool, every URL, every service that your team uses. An exposed Homer dashboard is a reconnaissance goldmine for attackers, showing exactly which services to target. OnePAM adds enterprise SSO to Homer, ensuring only authenticated team members can view your internal service directory.

HTTP Header Authentication
X-Forwarded-User

Homer is a static application that does not process authentication headers. OnePAM provides authentication at the proxy layer, controlling who can access the Homer dashboard.

Zero-Day Risk Profile

Homer Dashboard Vulnerability Risks

Without an authenticated proxy, these risks are directly exploitable by any network-reachable attacker.

Homer reveals complete internal service topology and URLs
Service links expose tool versions, ports, and access patterns
Infrastructure groupings reveal organizational structure
Bookmarked URLs may include tokens or internal-only hostnames
The Challenge

Security Challenges with Homer Dashboard

These are the risks organizations face when Homer Dashboard is not behind an authenticated proxy.

Service Reconnaissance

Homer dashboards list every internal service with URLs — a complete reconnaissance map for attackers.

No Built-in Auth

Homer is a static page with no authentication mechanism. Anyone who can reach it can see your service directory.

URL Exposure

Internal URLs, ports, and hostnames listed in Homer reveal infrastructure details that should not be public.

Organizational Mapping

Service groupings by team, environment, or function reveal organizational structure.

Version Disclosure

Service descriptions or icons may indicate software versions, helping attackers identify vulnerable targets.

No Access Logging

Homer provides no access logging. There is no way to know who viewed the service directory.

The OnePAM Solution

How OnePAM Adds SSO + Zero-Day Protection to Homer Dashboard

A step-by-step guide to deploying OnePAM's authenticated proxy in front of Homer Dashboard.

1

Deploy OnePAM as Homer Proxy

Place OnePAM in front of the Homer static dashboard.

Homer is served behind OnePAM. Direct access is blocked at the network level.
2

Configure Your Identity Provider

Connect OnePAM to your SAML/OIDC provider.

Team members authenticate via corporate SSO before viewing the service directory.
3

Enable SSO Access Control

OnePAM authenticates all requests to Homer.

Only authenticated employees can see your internal service map.
4

Audit Directory Access

Every Homer page view is logged with corporate identity.

Know who viewed your service directory, when, and from which device.
Business Impact

Benefits of Securing Homer Dashboard with OnePAM

Measurable security and operational outcomes from deploying OnePAM in front of Homer Dashboard.

Hide Service Topology

Internal service URLs and infrastructure details are invisible to unauthenticated users.

Zero topology exposure

SSO for Static Dashboards

Add enterprise SSO to Homer without modifying the static application.

SSO for static sites

Prevent Reconnaissance

Attackers cannot map your internal services through the Homer dashboard.

Reconnaissance blocked

Instant Access Revocation

When someone leaves, disable them in your IdP. Dashboard access stops immediately.

Real-time revocation

Access Logging

Homer access events logged with corporate identity — impossible with Homer alone.

Complete access history

MFA for Service Directory

Require MFA before viewing your internal service map.

MFA-protected directory
SSO Features

Homer Dashboard SSO Capabilities

Every feature needed to provide enterprise-grade SSO and access control for Homer Dashboard.

SAML 2.0 & OIDC SSO for Homer Dashboard
Zero-config authentication for static sites
Session management and timeout
IP and geo-restriction
Device trust verification
Access event logging
Multiple dashboard SSO support
Automatic session invalidation on IdP sign-out
Custom access policies
Mobile-friendly SSO flow
Security

Zero-Day Protection Features

Enterprise-grade security controls that shield Homer Dashboard from exploitation.

Homer isolated from direct access
End-to-end TLS encryption
Session-level authentication
No modification to Homer required
Header injection prevention
Automatic session invalidation
Real-World Scenarios

Homer Dashboard SSO + Security Use Cases

Common scenarios where organizations deploy OnePAM in front of Homer Dashboard.

1
Engineering teams accessing internal service directories with SSO
2
Protecting infrastructure topology from unauthorized viewing
3
Securing Homer dashboards in multi-tenant environments
4
Auditing who accessed the service directory during security incidents
5
Adding authentication to static dashboard tools
6
Restricting service directory access to on-network users
Frequently Asked Questions

Homer Dashboard SSO + Security FAQ

Common questions about deploying OnePAM's authenticated proxy for Homer Dashboard.

Homer is just a static page. Why does it need SSO?

Homer reveals your entire internal service topology — every URL, every tool, every port. This is valuable reconnaissance information that should only be visible to authenticated employees.

Does OnePAM modify Homer?

No. Homer runs unchanged as a static application. OnePAM provides authentication entirely at the proxy layer.

Can we use OnePAM with other dashboard tools like Dashy?

Yes. OnePAM's proxy authentication works with any web-based dashboard — Homer, Dashy, Heimdall, or custom static dashboards.

Does OnePAM add latency to Homer?

Negligible. Homer is a static page that loads instantly. OnePAM's authentication check adds <5ms to the initial request.

Can different teams see different Homer instances?

Yes. OnePAM can route authenticated users to team-specific Homer instances based on IdP groups.
Also Supported

SSO + Zero-Day Protection for Other Applications

OnePAM adds authenticated proxy protection to all these applications — same approach, zero code changes.

Jenkins
CI/CD Automation · X-Forwarded-User
Grafana
Observability & Monitoring · X-WEBAUTH-USER
Kibana
Log Analytics & SIEM · X-Proxy-User / es-security-runas-user
GitLab Self-Managed
DevOps Platform · X-Forwarded-User / REMOTE_USER
SonarQube
Code Security & Quality · X-Forwarded-Login
Apache Guacamole
Clientless Remote Desktop · N/A (native protocol)
Jira Data Center
Project Management · X-Forwarded-User
Confluence Data Center
Knowledge Management · X-Forwarded-User
pgAdmin
Database Management · X-Forwarded-User / REMOTE_USER
Rundeck
Operations Automation · X-Forwarded-User / REMOTE_USER
Harbor
Container Registry · X-Forwarded-User / X-Forwarded-Groups
Zabbix
Infrastructure Monitoring · X-Forwarded-User / PHP_AUTH_USER
Nexus Repository
Artifact Management · X-Forwarded-User / REMOTE_USER
Wiki.js
Modern Wiki Platform · X-Forwarded-User / Authorization
Prometheus
Metrics & Monitoring · X-Forwarded-User (proxy-level auth)
MinIO
Object Storage · X-Forwarded-User / Authorization
Portainer
Container Management · X-Forwarded-User
Apache Airflow
Workflow Orchestration · REMOTE_USER
Apache Superset
Business Intelligence · REMOTE_USER
Gitea
Git Hosting · X-WEBAUTH-USER
Mattermost
Team Messaging · X-Forwarded-User / X-Forwarded-Email
Redmine
Project Management · REMOTE_USER
NetBox
Network DCIM / IPAM · REMOTE_USER / HTTP_REMOTE_USER
AWX / Ansible Automation Platform
IT Automation · REMOTE_USER / X-Forwarded-User
phpMyAdmin
Database Administration · REMOTE_USER / PHP_AUTH_USER
Argo CD
GitOps & Continuous Delivery · X-Forwarded-User / Argocd-User-Info
n8n
Workflow Automation · X-Forwarded-User / X-n8n-User
HashiCorp Consul
Service Mesh & Discovery · X-Forwarded-User (proxy-level auth)
HashiCorp Vault UI
Secrets Management · X-Forwarded-User (defense-in-depth)
Rancher
Kubernetes Management · X-Forwarded-User / Authorization
Backstage
Developer Portal · X-Forwarded-User / Authorization
Outline
Team Knowledge Base · X-Forwarded-User / Authorization
Uptime Kuma
Uptime Monitoring · X-Forwarded-User (proxy-level auth)
WeKan
Project Management · X-Forwarded-User / HTTP-REMOTEUSER
Traefik Dashboard
Reverse Proxy & Ingress · X-Forwarded-User (via ForwardAuth)
Drone CI
CI/CD Automation · X-Forwarded-User
Metabase
Business Intelligence · X-Forwarded-User
JupyterHub
Data Science & ML · REMOTE_USER / X-Forwarded-User
code-server (VS Code)
Cloud IDE · X-Forwarded-User
BookStack
Documentation & Wiki · REMOTE_USER
Keycloak Admin Console
Identity & Access Management · X-Forwarded-User
Proxmox VE
Virtualization & Hypervisor · X-Forwarded-User
Semaphore UI
Automation & Configuration · X-Forwarded-User
Authentik
Identity & Access Management · X-Forwarded-User
Node-RED
IoT & Workflow Automation · X-Forwarded-User
Woodpecker CI
CI/CD Automation · X-Forwarded-User
NocoDB
No-Code Database · X-Forwarded-User
OpenProject
Project Management · X-Forwarded-User / REMOTE_USER

Ready to Secure Homer Dashboard with SSO + Zero-Day Protection?

Deploy OnePAM in minutes — no Homer Dashboard code changes required. Start your free 14-day trial today.

Start Free Trial View All Supported Apps