Keycloak
FreeIPA
Our great sponsors
| Keycloak | FreeIPA | |
|---|---|---|
| 162 | 10 | |
| 14,847 | 730 | |
| 2.2% | 1.5% | |
| 9.9 | 9.5 | |
| 4 days ago | 4 days ago | |
| Java | Python | |
| Apache License 2.0 | GNU General Public License v3.0 only |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
Keycloak
-
Just finished migrating my old tower servers to a Kubernetes cluster on my new rack!
For Authentication and Authorization, I use FreeIPA for LDAP and Keycloak for OAuth2/OpenID Connect. The FreeIPA client automatically pulls my public SSH key into whichever server I sign in to, so I never need to enter my password from my primary PC.
-
The Chewy Stack
In the end, I developed a stack that I liked and re-used across multiple projects, which consisted (mostly) of Postgres, Hasura, Nest.js, Keycloak, and Next.js or Expo. More recently I've started moving away from Keycloak towards Ory Kratos/Oathkeeper. In certain cases, I also deployed AppSmith and Metabase and I considered tools like Meilisearch in a couple instances.
-
Auth.js Authentication for the Web
It depends on what context you're operating in. The reality is that most people don't fully understand authentication / authorization properly so they often mess up. When you have a small team of engineers that are spread very thin, it might be better to delegate this responsibility. If you have the time and resources to study the topic in depth and implement it properly then it's fine. It's just not that interesting of an area since the space for innovation and creativity is limited, and since the major problems have already been reliably solved by others at best you end up with an equivalent outcome and at worst you end up with security issues.
If you're operating within an enterprise context, Keycloak [0] is pretty massive but provides comprehensive coverage for all authN and authZ needs, and it's open source.
Back when I first started studying this topic I found that reading through a lot of NIST guidelines was helpful. I'd recommend at least browsing through SP 800-63-3 [1], SP 800-63A, SP 800-63B, SP 800-63C to get a good idea of the domain. Admittedly, this might be a lot of overkill for your application and needs.
- Ask HN: Lightweight Authentication
- AWS Cognito Alternatives 2023
- State of OpenID Connect Providers
- Any good free authorization server solutions?
-
How PoB uses your POESESSID
About Desktop OAuth protocol, you could try doing something as a "localhost" server... like Keycloak's (an IAM provider) folk did here: https://github.com/keycloak/keycloak/tree/main/adapters/oidc/installed
- Passwortsicherheit bei HDI
- AD/AAD Authentication for Apps running in Kubernetes Cluster
FreeIPA
-
how to handle authentication?
A good place to start might be FreeIPA.
-
help with administering a large number of linux systems via ssh
Take a look at FreeIPA
-
Active directory alternative linux ?
You are probably looking for something more integrated etc - so maybe https://www.freeipa.org ?
-
simple ldap server setup for small userbase?
you can look at FreeIPA - https://www.freeipa.org/, it's a fully integrated ldap with user managment interface.
What are some alternatives?
authelia - The Single Sign-On Multi-Factor portal for web apps
Apache Shiro - Apache Shiro
Spring Security - Spring Security
IdentityServer - The most flexible and standards-compliant OpenID Connect and OAuth 2.x framework for ASP.NET Core
OPA (Open Policy Agent) - An open source, general-purpose policy engine.
Ory Kratos - Next-gen identity server (think Auth0, Okta, Firebase) with Ory-hardened authentication, MFA, FIDO2, TOTP, WebAuthn, profile management, identity schemas, social sign in, registration, account recovery, passwordless. Golang, headless, API-only - without templating or theming headaches. Available as a cloud service.
Vault - A tool for secrets management, encryption as a service, and privileged access management
authentik - The authentication glue you need.
FreeRADIUS - FreeRADIUS - A multi-protocol policy server.
caddy-auth-portal - Authentication Plugin for Caddy v2 implementing Form-Based, Basic, Local, LDAP, OpenID Connect, OAuth 2.0 (Github, Google, Facebook, Okta, etc.), SAML Authentication. MFA with App Authenticators and Yubico.
jCasbin - An authorization library that supports access control models like ACL, RBAC, ABAC in Java
oauth2-proxy - A reverse proxy that provides authentication with Google, Azure, OpenID Connect and many more identity providers.