home/kubernetes-deployments
2
0
Fork 0
Code Issues 4 Pull requests Projects Releases Packages Wiki Activity Actions

OIDC #4

New issue
Closed
opened 2025-01-26 00:34:12 +00:00 by pim · 0 comments
pim commented 2025-01-26 00:34:12 +00:00
Owner
Copy link

We can use Authelia to create a single identity for users on my home lab: https://www.authelia.com
Normally, Authelia checks an external system for users (LDAP, etc.). However you can also use a simple file. Authentik seems also to be often used, but might be overkill?

List of apps I run where we can do single sign on:

List of apps that do not have this functionality:

  • Atuin
  • Jellyfin: there is a plugin, but I don't want to run this.
  • Ntfy
  • Radicale: would not make sense, as DAV clients cannot support this

Questions:

  • What if the user already exists? Are there ways to connect existing users to the Authelia provided ones? It seems many applications just map the email address, but this might be different for others.
We can use Authelia to create a single identity for users on my home lab: https://www.authelia.com Normally, Authelia checks an external system for users (LDAP, etc.). However you can also use a simple file. Authentik seems also to be often used, but might be overkill? List of apps I run where we can do single sign on: - [ ] [Mealie](https://docs.mealie.io) (in the future, good to test-drive SSO): [OIDC](https://docs.mealie.io/documentation/getting-started/authentication/oidc-v2/) - [x] Nextcloud: [OIDC plugin](https://apps.nextcloud.com/apps/oidc_login) - [x] Forgejo: [OIDC](https://forgejo.org/docs/v1.19/user/oauth2-provider/) - [x] FreshRSS: [OIDC](https://freshrss.github.io/FreshRSS/en/admins/16_OpenID-Connect.html) - [x] Hedgedoc: [OIDC](https://docs.hedgedoc.dev/references/config/auth/oidc/) - [x] Immich: [OIDC](https://immich.app/docs/administration/oauth/) - [ ] Kitchenowl: [OIDC](https://docs.kitchenowl.org/latest/self-hosting/oidc/) - [x] Paperless-ngx: [OIDC](https://docs.paperless-ngx.com/advanced_usage/#openid-connect-and-social-authentication) List of apps that do not have this functionality: - Atuin - Jellyfin: there is a [plugin](https://github.com/9p4/jellyfin-plugin-sso), but I don't want to run this. - Ntfy - Radicale: would not make sense, as DAV clients cannot support this Questions: - What if the user already exists? Are there ways to connect existing users to the Authelia provided ones? It seems many applications just map the email address, but this might be different for others.
pim changed title from Authelia to OIDC 2025-02-11 12:51:35 +00:00
pim closed this issue 2025-02-15 14:52:43 +00:00
Sign in to join this conversation.
No Branch/Tag specified
Branches Tags
master
generic-device-plugin
No results found.
Labels
Clear labels
  
Bug

   
Enhancement

   
Investigate

Investigate the utility or feasability

  
Long-term plan

   
New feature

   
New service

A potential new service that we would like to host.

No labels
Bug
Enhancement
Investigate
Long-term plan
New feature
New service
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference: home/kubernetes-deployments#4
No description provided.
Delete branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?