authentik
caddy-auth-portal
Our great sponsors
authentik | caddy-auth-portal | |
---|---|---|
164 | 15 | |
6,591 | 668 | |
11.0% | - | |
10.0 | 9.0 | |
6 days ago | about 2 years ago | |
Go | Go | |
GNU General Public License v3.0 or later | Apache License 2.0 |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
authentik
- immich SSO with Authentik
-
Show HN: Auth0 OSS alternative Ory Kratos now with passwordless and SMS support
Hey, for authentik this is actually something we're actively working on: https://github.com/goauthentik/authentik/pull/8330, and this will be included in our next feature release in April!
(Disclaimer, I am founder and CTO of authentik)
-
Keycloak SSO with Docker Compose and Nginx
authentik CTO here; we’ll fix this in the next release (match-april), it should be possible in a non backwards incompatible way using the suggestion in this comment https://github.com/goauthentik/authentik/issues/6139#issueco... (which does call that solution a hack but I wouldn’t necessarily agree)
For anyone, considering authentik, I want to warn you by saying "here be dragons."
To start, I have protected 10+ services at any given time. Both in docker and k8s. Unless you enjoy configuring protection for each service independently, you'll have a bad time in authentik.
Authentik suffers from a debilitating bug[0] where when using a single config to protect all services on subdomains (i.e. app1.example.com, app2.example.com, etc.) your users will be randomly redirected to a different service when reauthenticating after the session expires.
I've been eyeing authentik[1] and authelia[2].
Authelia looks really good to me, but the fact that keycloak has connectors for angular and you need to setup oidc angular plugins with authelia for example made me a little bit wary. But I guess having a config for Keycloak makes it's easier to get started.
See here for the fix, which both implements the workaround suggested in the issue and also a much more standard-compliant method: https://github.com/goauthentik/authentik/pull/8471
-
Has anyone had any success setting Authentik up behind Caddy for a reverse proxy?
Ask in the correct places for support: https://github.com/goauthentik/authentik/discussions and https://github.com/caddyserver/caddy/issues
-
Show HN: Obligator – An OpenID Connect server for self-hosters
Personally I went with Keycloak, because it's fairly well documented and also has Docker images available: https://www.keycloak.org/getting-started/getting-started-doc... although the fact that they want you to create an "optimized" image yourself and have a long build/setup process on startup instead is slightly annoying: https://www.keycloak.org/server/containers
Regardless, with something like mod_auth_openidc or another Relying Party implementation, all of the sudden authn/authz becomes easier to manage (you can literally get user information including roles in headers that are passed from your gateway/relying party to apps behind the reverse proxy), regardless of what you have actually running in your APIs: https://github.com/OpenIDC/mod_auth_openidc (there are other options, of course, but I went with that because I already use mod_md).
It's actually cool that there are plentiful options in the space, since OIDC is pretty complex in of itself and attempts at creating something pleasant to actually use are always welcome, I've also heard good things about Authentik: https://goauthentik.io/
-
HAProxy with Forward Auth to Authentik
For Authentik, it looks like they are not interested to write how to configure HAProxy with it https://github.com/goauthentik/authentik/issues/5768
- Authentik reverse proxy vs swag
caddy-auth-portal
-
Any recommendations for internal network inventory website?
Caddy Auth Portal. Also has the advantage of providing unified secure 2FA.
-
Why I'm Using HTTP Basic Auth in 2022
I am very happy with the this caddy extension: https://github.com/greenpau/caddy-auth-portal.
Sorts this precise use case for me, need for common login provider. Without the banality of basic auth.
-
Authentik is the easy Single Sign On tool we all need!
After dabbling with Caddy's auth-portal, nginx Vouch proxy, Keycloak and Authelia I found Authentik.
-
Has anyone tried the auth-portal Plugin for Caddy?
I'm trying to migrate from Nginx to the simpler Caddy and am looking for an auth-request replacement. The Caddy auth-portal looks perfect, it even has local user management. I might spin it up in Docker.
-
Discussion: Which reverse proxy is the best?
Usually with this plugin: https://github.com/greenpau/caddy-auth-portal
-
Anyone with experience setting up SSO/Dashboard/Okta alternative?
There’s caddy-auth-portal which I’ve not used myself, but heard good things about.
-
Single Sign On (SSO) with subdomains using Caddy v2
I hope this post helps setting up your SSO with Caddy. I'd highly recommend trying it out if you find yourself always needing to authenticate with different services on your domain – and check out caddy-auth-portal's docs for even more advanced features!
-
Migrating from LastPass to Bitwarden - opinions?
This sounds like an XY Problem. It sounds like you're missing a good IAP solution to deal with access controls. Something like oauth2_proxy, Keycloak, Pomerium, etc. Hell, I've even set up a basic IAP with Caddy and Oauth Portal.
-
Minimalist LDAP and JWT issuing end-point.
Have you looked at caddy-auth-portal
What are some alternatives?
authelia - The Single Sign-On Multi-Factor portal for web apps
Keycloak - Open Source Identity and Access Management For Modern Applications and Services
zitadel - ZITADEL - The best of Auth0 and Keycloak combined. Built for the serverless era.
keycloak-operator - ARCHIVED Kubernetes Operator for the no longer supported WildFly distribution of Keycloak
jellyfin-plugin-ldapauth - LDAP Authentication for Jellyfin
oauth2-proxy - A reverse proxy that provides authentication with Google, Azure, OpenID Connect and many more identity providers.
docker-swag - Nginx webserver and reverse proxy with php support and a built-in Certbot (Let's Encrypt) client. It also contains fail2ban for intrusion prevention.
vouch-proxy - an SSO and OAuth / OIDC login solution for Nginx using the auth_request module
external-auth-server - easy auth for reverse proxies
pam-keycloak-oidc - PAM module connecting to Keycloak for user authentication using OpenID Connect/OAuth2, with MFA/2FA/TOTP support
ToolJet - Low-code platform for building business applications. Connect to databases, cloud storages, GraphQL, API endpoints, Airtable, Google sheets, OpenAI, etc and build apps using drag and drop application builder. Built using JavaScript/TypeScript. 🚀