Our great sponsors
-
WorkOS
The modern identity platform for B2B SaaS. The APIs are flexible and easy-to-use, supporting authentication, user identity, and complex enterprise features like SSO and SCIM provisioning.
-
Ory Kratos
Next-gen identity server replacing your Auth0, Okta, Firebase with hardened security and PassKeys, SMS, OIDC, Social Sign In, MFA, FIDO, TOTP and OTP, WebAuthn, passwordless and much more. Golang, headless, API-first. Available as a worry-free SaaS with the fairest pricing on the market! (by ory)
-
traefik-forward-auth
Minimal forward authentication service that provides Google/OpenID oauth based login and authentication for the traefik reverse proxy
-
InfluxDB
Power Real-Time Data Analytics at Scale. Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality.
-
mariadb-podman-socket-activation
Demo of a templated systemd user service that runs rootless Podman and starts MariaDB with socket activation
-
podman-socket-activated-services
Various podman container services configured to support running with systemd socket-activation
-
SaaSHub
SaaSHub - Software Alternatives and Reviews. SaaSHub helps you find the best software and product alternatives
Sorry, this is indeed not very clear. Others already answered well, but if you look at the example[0] config you can see how you would use your own instance of obligator as a client to the instance running at lastlogin.io. This is a bit meta, but applies equally to any client application.
[0]: https://github.com/anderspitman/obligator#running-it
Personally I went with Keycloak, because it's fairly well documented and also has Docker images available: https://www.keycloak.org/getting-started/getting-started-doc... although the fact that they want you to create an "optimized" image yourself and have a long build/setup process on startup instead is slightly annoying: https://www.keycloak.org/server/containers
Regardless, with something like mod_auth_openidc or another Relying Party implementation, all of the sudden authn/authz becomes easier to manage (you can literally get user information including roles in headers that are passed from your gateway/relying party to apps behind the reverse proxy), regardless of what you have actually running in your APIs: https://github.com/OpenIDC/mod_auth_openidc (there are other options, of course, but I went with that because I already use mod_md).
It's actually cool that there are plentiful options in the space, since OIDC is pretty complex in of itself and attempts at creating something pleasant to actually use are always welcome, I've also heard good things about Authentik: https://goauthentik.io/
Personally I went with Keycloak, because it's fairly well documented and also has Docker images available: https://www.keycloak.org/getting-started/getting-started-doc... although the fact that they want you to create an "optimized" image yourself and have a long build/setup process on startup instead is slightly annoying: https://www.keycloak.org/server/containers
Regardless, with something like mod_auth_openidc or another Relying Party implementation, all of the sudden authn/authz becomes easier to manage (you can literally get user information including roles in headers that are passed from your gateway/relying party to apps behind the reverse proxy), regardless of what you have actually running in your APIs: https://github.com/OpenIDC/mod_auth_openidc (there are other options, of course, but I went with that because I already use mod_md).
It's actually cool that there are plentiful options in the space, since OIDC is pretty complex in of itself and attempts at creating something pleasant to actually use are always welcome, I've also heard good things about Authentik: https://goauthentik.io/
I was expecting hydra / kratos to show up as an alternative.. but did not see any. Does any have any experience, good or bad about it?
https://github.com/ory/kratos
I could recommend https://github.com/panva/node-oidc-provider supports most of the oidc/oauth 2 rabbit hole specs.
This looks like it has the same core functionality as Portier? https://github.com/portier/portier-broker
I'm on mobile, so haven't really checked where we differ in details.
Here are some documentation and demos from me and others if you're interested:
https://github.com/eriksjolund/podman-networking-docs
https://github.com/eriksjolund/podman-nginx-socket-activatio...
https://github.com/eriksjolund/podman-nginx-socket-activatio...
https://github.com/eriksjolund/mariadb-podman-socket-activat...
https://github.com/eriksjolund/mariadb-podman-socket-activat...
https://github.com/PhracturedBlue/podman-socket-activated-se...
https://github.com/PhracturedBlue/podman-socket-activated-se...