obligator
dex
obligator | dex | |
---|---|---|
7 | 1 | |
617 | 7,107 | |
2.3% | - | |
9.0 | 10.0 | |
12 days ago | almost 2 years ago | |
Go | Go | |
MIT License | Apache License 2.0 |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
obligator
-
JIT WireGuard
The deployment experience is awesome, but for me[0] the killer feature of Fly.io is their Anycast network and features such as FLY_REPLAY and LiteFS that make clusering a breeze[1].
[0]: using them for https://lastlogin.io
[1]: Here's all the fly-specific code necessary to run LastLogin in a globally distributed way: https://github.com/lastlogin-io/obligator/blob/37f75cc861f1b...
-
Keycloak SSO with Docker Compose and Nginx
I use obligator with ephemeral storage, no db, 100% code driven setup.
In my opinion this is the simplist option.
https://github.com/lastlogin-io/obligator
-
Google OAuth is broken (sort of)
See the table here: https://github.com/lastlogin-io/obligator#comparison-is-the-...
- FLaNK Stack Weekly 16 October 2023
-
Show HN: Obligator – An OpenID Connect server for self-hosters
Sorry, this is indeed not very clear. Others already answered well, but if you look at the example[0] config you can see how you would use your own instance of obligator as a client to the instance running at lastlogin.io. This is a bit meta, but applies equally to any client application.
[0]: https://github.com/anderspitman/obligator#running-it
dex
-
10 Essentials for Kubernetes Access Control
Dex is another open-source tool for SSO on the Kubernetes cluster, developed from CoreOS. Dex supports LDAP, GitHub, SAML 2.0, GitLab, OAuth 2.0, Google, LinkedIn, Microsoft, Bitbucket Cloud, OpenShift, Atlassian Crowd, Gitea, and OpenStack Keystone for SSO. You can control token generation after login using Dex and force the user to re-authenticate if needed. Dex also provides strong documentation to implement various connectors.
What are some alternatives?
TheIdServer - OpenID/Connect, OAuth2, WS-Federation and SAML 2.0 server based on Duende IdentityServer and ITFoxtec Identity SAML 2.0 with its admin UI
pinniped - Pinniped is the easy, secure way to log in to your Kubernetes clusters.
OpenID - OpenID Certified™ OpenID Connect Relying Party implementation for Apache HTTP Server 2.x
kubernetes - Production-Grade Container Scheduling and Management
podman-nginx-socket-activation - Demo of how to run socket-activated nginx with Podman
node-oidc-provider - OpenID Certified™ OAuth 2.0 Authorization Server implementation for Node.js
traefik-forward-auth - Minimal forward authentication service that provides Google/OpenID oauth based login and authentication for the traefik reverse proxy
authentik - The authentication glue you need.
caddy-security - 🔐 Authentication, Authorization, and Accounting (AAA) App and Plugin for Caddy v2. 💎 Implements Form-Based, Basic, Local, LDAP, OpenID Connect, OAuth 2.0 (Github, Google, Facebook, Okta, etc.), SAML Authentication. MFA/2FA with App Authenticators and Yubico. 💎 Authorization with JWT/PASETO tokens. 🔐
Ory Kratos - Next-gen identity server replacing your Auth0, Okta, Firebase with hardened security and PassKeys, SMS, OIDC, Social Sign In, MFA, FIDO, TOTP and OTP, WebAuthn, passwordless and much more. Golang, headless, API-first. Available as a worry-free SaaS with the fairest pricing on the market!
mariadb-podman-socket-activat
mariadb-podman-socket-activation - Demo of a templated systemd user service that runs rootless Podman and starts MariaDB with socket activation