What are you folks using for self-hosted single sign-on?

I have my little LDAP server (lldap is fan-fucking-tastic – far easier to work with than OpenLDAP, which gave me nothing but heartburn). Some applications can be configured to work with it directly; several don’t have LDAP account support. And, ultimately, it’d be nice to have SSO - having the same password everywhere if great, but having to sign in only once (per day or week, or whatever) would be even nicer.

There are several self-hosted Auth* projects; which is the simplest and easiest? I’d really just like a basic start-it-up, point it at my LDAP server, and go. Fine grained ACLs and RBAC support is nice and all, but simplicity is trump in my case. Configuring these systems is, IME, a complex process, with no small numbers of dials to turn.

A half dozen users, and probably only two groups: admin, and everyone else. I don’t need fancy. OSS, of course. Is there any of these projects that fit that bill? It would seem to be a common use case for self-hosters, who don’t need all the bells and whistles of enterprise-grade solutions.

  • SK@hub.utsukta.org
    link
    fedilink
    arrow-up
    34
    arrow-down
    1
    ·
    7 months ago

    Authentik! i’ve been using it since over a year and its been a wonderful experience. supports many protocols and is updated regularly, as a beginner i didnt have difficulty setting it up, has decent documentation for integrations.

      • johntash@eviltoast.org
        link
        fedilink
        English
        arrow-up
        2
        ·
        7 months ago

        I’d also recommend Authentik. It’s simpler than something like keycloak imo and works pretty well. They also have guides for quite a few self hosted services.

        I did have issues with it being slow at some point, but an update fixed it iirc.

    • Flipper@feddit.org
      link
      fedilink
      English
      arrow-up
      1
      ·
      7 months ago

      I don’t like the interface for setting up flows. Feels needlessly complicated.