Is yours external? I've got exactly the same question as op, but already have it set up internally. Should I make it external? I'd like to but it feels risky.
I'm using Keycloak. Although it's been a bit complicated to get my head around it and configure every client for my apps, I feel very satisfied with the result.
Same here, but boy it was so flipping complicated to set up and get right!
I also use Authentik and I feel it works great. I haven't tried Authelia though.
For my homelab I use Authentik. For work, I use Azure/Entra and have put SSO in place for literally hundreds of services. For the concern about being locked out if OIDC/SSO is down, this comes down to the service provider. Some allow you to specify accounts that could bypass SSO. Some don't. Some allow you to have both SSO and username/password available for login. Some don't. Totally depends on the service provider.
It took me a while to set it up, but Authelia works really well. I use it as oidc not only for my services, but even for my Cloudflared tunnel access authorization. It really works well 24/7, stable without any sort of intervention.
I switched from authentik to Zitadel. There is still a downturn as zitadel cannot handle properly groups for Bookstack. Proxmox does not work currently … grr and OwnCloud. Hope they’ll fix it shortly then I can finally shutdown Authentik.
zitadel cannot handle properly groups for Bookstack
BookStack dev here. Are you sure? The user here reportedly had things working.
We also provide a customization method (via the logical theme system) for altering incoming OIDC token data so if things are not compatible to the format we expect it can usually be handled via this.
I really really like Authentik at the moment.
I do the same.
Is yours external? I've got exactly the same question as op, but already have it set up internally. Should I make it external? I'd like to but it feels risky.
More replies More replies
I'm using Keycloak. Although it's been a bit complicated to get my head around it and configure every client for my apps, I feel very satisfied with the result.
Same here, but boy it was so flipping complicated to set up and get right!
More replies
I also use Authentik and I feel it works great. I haven't tried Authelia though.
For my homelab I use Authentik. For work, I use Azure/Entra and have put SSO in place for literally hundreds of services. For the concern about being locked out if OIDC/SSO is down, this comes down to the service provider. Some allow you to specify accounts that could bypass SSO. Some don't. Some allow you to have both SSO and username/password available for login. Some don't. Totally depends on the service provider.
It took me a while to set it up, but Authelia works really well. I use it as oidc not only for my services, but even for my Cloudflared tunnel access authorization. It really works well 24/7, stable without any sort of intervention.
More replies
I switched from authentik to Zitadel. There is still a downturn as zitadel cannot handle properly groups for Bookstack. Proxmox does not work currently … grr and OwnCloud. Hope they’ll fix it shortly then I can finally shutdown Authentik.
BookStack dev here. Are you sure? The user here reportedly had things working.
We also provide a customization method (via the logical theme system) for altering incoming OIDC token data so if things are not compatible to the format we expect it can usually be handled via this.
More replies
More replies