What’s everyones recommendations for a self-hosted authentication system?

My requirements are basically something lightweight that can handle logins for both regular users and google. I only have 4-5 total users.

So far, I’ve looked at and tested:

  • Authentik - Seems okay, but also really slow for some reason. I’m also not a fan of the username on one page, password on the next screen flow
  • Keycloak - Looks like it might be lighter in resources these days, but definitely complicated to use
  • LLDAP - I’d be happy to use it for the ldap backend, but it doesn’t solve the whole problem
  • Authelia - No web ui, which is fine, but also doesn’t support social logins as far as I can tell. I think it would be my choice if it did support oidc
  • Zitadel - Sounds promising, but I spent a couple hours troubleshooting it just to get it working. I might go back to it, but I’ve had the most trouble with it so far and can’t even compare the actual config yet
  • g5pw@feddit.it
    link
    fedilink
    English
    arrow-up
    1
    ·
    8 months ago

    Yes, it should cover all the use cases you mention!

    I use oauth2-proxy as ForwardAuth on Traefik so I can protect apps that do not support OAuth/OIDC login/

    • timbuck2themoon@sh.itjust.works
      link
      fedilink
      English
      arrow-up
      1
      ·
      8 months ago

      Awesome. Thank you.

      Now to see how i make this work in k8s since they evidently mandate the cert inside instead of just allowing the ingress to have it.

      • g5pw@feddit.it
        link
        fedilink
        English
        arrow-up
        0
        ·
        8 months ago

        Yeah, sounds like a security feature… I was able to configure Traefik to connect with TLS, verifying the peer certificate.