Keycloak or alternative?
from reabsorbthelight@lemmy.world to selfhosted@lemmy.world on 07 Mar 19:43
https://lemmy.world/post/43968686
from reabsorbthelight@lemmy.world to selfhosted@lemmy.world on 07 Mar 19:43
https://lemmy.world/post/43968686
I have a Talos k8s setup now and I’m trying to add various services. I have discovered that my old htpasswd file won’t cut it for auth.
I want to host the following,
- WebDAV solution (currently sftpgo)
- Invidious
- *arr tools
- Bitwarden
Should I go with keycloak? Are there better auth services?
#selfhosted
threaded - newest
Keycloak is amazing for no money, I use it connected to my Google workspace.
I have been using Authentik for several years now, works great with k8s. Not sure about the difference between Keycloak and Authentik tho (feature vise)
If you are not on the warpath with Webauthn I can highly recommend PocketID. It’s just so damn convenient. But note that the arrs don’t come with a good solution for oidc login. But you can use something like tinyauth or an auth forwarder in your reverse proxy. Bitwarden will work fine but of course still require a master key to unlock the vault itself.
For very simple Kubernetes and Docker environments, I’ve used Dex IdP with good results. It’s low on features, but easy to set up.
I used to love keycloak, but lately they’ve made changes that make client setup feel very complicated. I switched to authentik a while back and I feel it’s far easier to deal with.
I’ve been using Authentik for a while now and it works very well. There is also a Teraform provider to manage it as code. I do mostly OIDC, but also use it as a proxy for a few things that do not support that and just need to be locked down (Esp home and longhorn dashboards for example).
The disadvantage is that it is not the lightest option. If that is important to you, look at Authelia.
github.com/lldap/lldap is much simpler.