Our great sponsors
-
WorkOS
The modern identity platform for B2B SaaS. The APIs are flexible and easy-to-use, supporting authentication, user identity, and complex enterprise features like SSO and SCIM provisioning.
-
zitadel
Discontinued Cloud-native Identity & Access Management solution providing a platform for secure authentication, authorization and identity management. (by caos)
Authentik imports the hazmat crypto libraries which you should generally not do (https://github.com/goauthentik/authentik/blob/c249b55ff5e458f2ebf6d7752146cbf7fedc853b/authentik/crypto/models.py). The cryptography library says "These are often dangerous and can be used incorrectly. They require making decisions and having an in-depth knowledge of the cryptographic concepts at work."
Their security policy looks like something written by people who are familiar with security (https://github.com/authelia/authelia/security/policy). It also says they're looking for a security audit and penetration test. On the one hand that implies they haven't had one. On the other hand, it's a great sign that they are actively looking for one.
If so that seems like very flawed thinking. If you are using Windows, Firefox, Chrome, Mac, Ubuntu, Github, or many many other pieces of software, they've all had CVE's some extremely severe in the past.
An other Keycloak alternative would be our (I am one of the founders) project ZITADEL.
In regard to whether HAProxy will work with ZITADEL... I think so if you use something like this library but I think that is not a recommendable path to go (see below why).
What is so hard on documenting your steps? :D Checkout obsidian.md or joplinapp.org