Comment by arjvik
1 day ago
What's your (OSS?) OIDC server of choice?
Authelia? Authentik? Keycloak? (These are the three I see a lot about.) Something else?
1 day ago
What's your (OSS?) OIDC server of choice?
Authelia? Authentik? Keycloak? (These are the three I see a lot about.) Something else?
Pocket ID[1] is what I use, and I cannot recommend it enough. It's an incredible project.
[1] https://pocket-id.org
Love pocket-id. Do you use oauth2-proxy with it? How did you set up oauth2-proxy to work with multiple apps?
I used to use oauth2-proxy with PocketID, but migrated to caddy-security for stuff that doesn't directly support OIDC as part of a general move to Caddy. It's nice not needing the sidecar container, though the docs for caddy-security are a bit confusing and I still find Caddy's whole approach to plugins a bit... odd. It does give you quite a lot of flexibility once you figure it out, and I think it was worthwhile after the initial learning period.
I've dabbled in oauth2-proxy but I'm not running it currently. I recall my goto was launching one instance per remote i want to target.
1 reply →
Adding another +1 to Pocket ID. I looked at a couple of the ones you mentioned but they looked too heavy and complex for what I wanted. Pocket ID does one thing and does it well.
I've used Authelia for a few years and it's great. It does exactly what I need/want. Not more, not less. It's also never failed me.
I use Authelia backed by lldap. Really like it so far
For self hosting, PocketID is about as easy to set up and maintain as it gets.
Can recommend Kanidm
Kanidm made some weird decision that ruled it out in one of big organisation I try to deploy it. Separate Radius password. For telco that’s half its use cases, and there is separate random password. Whole Network engineering department was like WTF ? You can’t have single password which is one of important reasons to have SSOA.
Mine is zitadel