louketo-proxy
obligator
louketo-proxy | obligator | |
---|---|---|
1 | 7 | |
931 | 615 | |
- | 2.0% | |
2.2 | 9.0 | |
over 3 years ago | 7 days ago | |
Go | Go | |
Apache License 2.0 | MIT License |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
louketo-proxy
-
I create an end-to-end example and guide on how to use Traefik with Pomerium identity-aware access proxy in Forward Auth and Proxy mode on Kubernets with Helm/Helmfile
I know from past discussion here some recommended solutions where thomseddon/traefik-forward-auth, vouch-proxy, oauth2-proxy or louketo-proxy aka Keycloak Gatekeeper. I personally think Pomerium is the most versatile and powerful solution out there, especially if you are on Kubernetes or even Docker. Pomerium doesn't yet have the mature documentation, hence this guide.
obligator
-
JIT WireGuard
The deployment experience is awesome, but for me[0] the killer feature of Fly.io is their Anycast network and features such as FLY_REPLAY and LiteFS that make clusering a breeze[1].
[0]: using them for https://lastlogin.io
[1]: Here's all the fly-specific code necessary to run LastLogin in a globally distributed way: https://github.com/lastlogin-io/obligator/blob/37f75cc861f1b...
-
Keycloak SSO with Docker Compose and Nginx
I use obligator with ephemeral storage, no db, 100% code driven setup.
In my opinion this is the simplist option.
https://github.com/lastlogin-io/obligator
-
Google OAuth is broken (sort of)
See the table here: https://github.com/lastlogin-io/obligator#comparison-is-the-...
- FLaNK Stack Weekly 16 October 2023
-
Show HN: Obligator – An OpenID Connect server for self-hosters
Sorry, this is indeed not very clear. Others already answered well, but if you look at the example[0] config you can see how you would use your own instance of obligator as a client to the instance running at lastlogin.io. This is a bit meta, but applies equally to any client application.
[0]: https://github.com/anderspitman/obligator#running-it
What are some alternatives?
node-oidc-provider - OpenID Certified™ OAuth 2.0 Authorization Server implementation for Node.js
TheIdServer - OpenID/Connect, OAuth2, WS-Federation and SAML 2.0 server based on Duende IdentityServer and ITFoxtec Identity SAML 2.0 with its admin UI
traefik-forward-auth - Minimal forward authentication service that provides Google/OpenID oauth based login and authentication for the traefik reverse proxy
OpenID - OpenID Certified™ OpenID Connect Relying Party implementation for Apache HTTP Server 2.x
oauth2-proxy - A reverse proxy that provides authentication with Google, Azure, OpenID Connect and many more identity providers.
podman-nginx-socket-activation - Demo of how to run socket-activated nginx with Podman
pam-keycloak-oidc - PAM module connecting to Keycloak for user authentication using OpenID Connect/OAuth2, with MFA/2FA/TOTP support
Traefik-with-Pomerium-Forward-Auth-and-Proxy-on-Kubernetes-with-Helm - Traefik with Pomerium in Forward Auth and Proxy mode on Kubernetes with Helm/Helmfile
dex - OpenID Connect (OIDC) identity and OAuth 2.0 provider with pluggable connectors [Moved to: https://github.com/dexidp/dex]
keycloak-theme-sample - Sample Keycloak Theme