SelfPrivacy
/
selfprivacy-nixos-config
6
3
Fork 6
Code Issues 17 Pull Requests 1 Projects Releases Wiki Activity

Centralized user management #51

New Issue
Open
opened 2023-11-23 20:20:20 +02:00 by inex · 2 comments
inex commented 2023-11-23 20:20:20 +02:00
Owner

This issue created to track our work and exploration on the topic of SSO.

Key protocols

  • LDAP
  • OAuth
  • OpenID Connect
  • SAML

Software candidates

Services protocol compatibility

Service LDAP SAML OAuth2 OpenID PAM
Nextcloud + + ? ?
Email + +
Vaultwarden +
Gitea + + + +
Pleroma + +
Mastodon + + + + +
This issue created to track our work and exploration on the topic of SSO. # Key protocols - LDAP - OAuth - OpenID Connect - SAML # Software candidates - [Keycloak](https://www.keycloak.org) — Java, there is a Nix module. - [OpenLDAP](https://www.openldap.org) — There is a Nix module. - [Ory](https://www.ory.sh) — Go, not properly packaged in Nix. - [Casdoor](https://casdoor.org) — Go, not packaged. - [authentik](https://goauthentik.io) — not packaged. - [Authelia](https://www.authelia.com) — Go, there is a Nix module. - [ZITADEL](https://zitadel.com) — Not packaged. # Services protocol compatibility | Service | LDAP | SAML | OAuth2 | OpenID | PAM | | ----------- | ---- | ---- | ------ | ------ | --- | | Nextcloud | + | + | ? | ? | | | Email | + | | | | + | | Vaultwarden | + | | | | | | Gitea | + | | + | + | + | | Pleroma | + | | + | | | | Mastodon | + | + | + | + | + |
👍 2
inex added the
enhancement
 label 2023-11-23 20:20:20 +02:00
inex commented 2023-11-23 22:07:06 +02:00
Poster
Owner

Authelia is lightweight and may use the list of users provided by the YAML file, so we may use more-or-less in a declarative way.

However, it is a reverse-proxy companion. It only supports session cookies, OpenID Connect and trusted headers.

The solutions like Keycloak and authentik provide a wide range of protocols but eat a lot of ram.

Authelia is lightweight and may use the list of users provided by the YAML file, so we may use more-or-less in a declarative way. However, it is a reverse-proxy companion. It only supports session cookies, OpenID Connect and trusted headers. The solutions like Keycloak and authentik provide a wide range of protocols but eat a lot of ram.
lazycat commented 2024-01-20 19:52:20 +02:00

I think that in comparison it is also worth considering 2fa sso support. For example rfc6232 (totp) or fido2 (priority)

I think that in comparison it is also worth considering 2fa sso support. For example rfc6232 (totp) or fido2 (priority)
alexoundos self-assigned this 2024-04-17 21:03:32 +03:00
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
inex/test-collect-garbage
flakes
inex/test-autobackup
inex/test-systemd-rebuild
master
pre-release
flake-to-override-folder
flake-to-override
systemd-limits
ldap
api-redis
pleroma-fixes
development
rolling-testing
Labels
Clear labels   
Contributions welcome
   
Service packaging
   
bug

Something is not working   
duplicate

This issue or pull request already exists   
enhancement

New feature   
help wanted

Need some help   
invalid

Something is wrong   
question

More information is needed   
wontfix

This won't be fixed
No Label
Contributions welcome
Service packaging
bug
duplicate
enhancement
help wanted
invalid
question
wontfix
Milestone
Clear milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
No Assignees
alexoundos
2 Participants
Notifications
Due Date
The due date is invalid or out of range. Please use the format 'yyyy-mm-dd'.

No due date set.

Dependencies

No dependencies set.

Reference: SelfPrivacy/selfprivacy-nixos-config#51
There is no content yet.
Delete Branch "%!s(<nil>)"

Deleting a branch is permanent. Although the deleted branch may exist for a short time before cleaning up, in most cases it CANNOT be undone. Continue?