A place to share, discuss, discover, assist with, gain assistance for, and critique self-hosted alternatives to our favorite web apps, web services, and online tools.
Self Hosted OIDC
There are a few public web services I use that require a SSO style login. Some support using a custom OIDC server for login rather than the typical Google, Microsoft, Apple.
Hosting my own OIDC provider fits my self hosted goals but I am nervous about having to finally poke a hole in my firewall to make the service public. I’m also nervous that if something happened to my service, I’d be locked out of everything.
Currently looking at Authelia though. If you have experience running it, is it stable? Is it going to be a headache? Can I trust it for critical things like my tailscale auth provider?
There are some things I just want to work 24/7 without my tinkering or intervention. Is it worth taking the plunge?
I really really like Authentik at the moment.
I do the same.
Is yours external? I've got exactly the same question as op, but already have it set up internally. Should I make it external? I'd like to but it feels risky.
I'm using Keycloak. Although it's been a bit complicated to get my head around it and configure every client for my apps, I feel very satisfied with the result.
Same here, but boy it was so flipping complicated to set up and get right!
I also use Authentik and I feel it works great. I haven't tried Authelia though.
For my homelab I use Authentik. For work, I use Azure/Entra and have put SSO in place for literally hundreds of services. For the concern about being locked out if OIDC/SSO is down, this comes down to the service provider. Some allow you to specify accounts that could bypass SSO. Some don't. Some allow you to have both SSO and username/password available for login. Some don't. Totally depends on the service provider.
Authentik
It took me a while to set it up, but Authelia works really well. I use it as oidc not only for my services, but even for my Cloudflared tunnel access authorization. It really works well 24/7, stable without any sort of intervention.
I switched from authentik to Zitadel. There is still a downturn as zitadel cannot handle properly groups for Bookstack. Proxmox does not work currently … grr and OwnCloud. Hope they’ll fix it shortly then I can finally shutdown Authentik.
BookStack dev here. Are you sure? The user here reportedly had things working.
We also provide a customization method (via the logical theme system) for altering incoming OIDC token data so if things are not compatible to the format we expect it can usually be handled via this.