Authentik - Making authentication simple.

potemkin_ai

@nj could you please, elaborate on your thoughts? Is it something coming from your experience?

timconsidine

@nj said in Authentik - Making authentication simple.:

If I had to choose between Authentik and Keycloak I'd pick Keycloak any day

I'd love to know more about why this opinion.
Keycloak sure looks an impressive beast.
But it seems to me almost "too impressive".
My brief review suggests to me that it is an Enterprise solution.
And it's only suitable for apps supporting OpenConnectID.
Great if they do, but that's a limited selection in reality.
Which is not what is needed "any day".

I'm not knocking Keycloak. Maybe I will come to love it.
For now I just want to put an authentication front-end in front of some simple utility apps which have no auth.

Seems that's not what Keycloak is about.

timconsidine

@Sam_uk / @marcusquinn : did the packaging for authentik get anywhere ?

timconsidine

@nj slightly off-topic but any suggestions of a tutorial for implementing Authentik ?
The documentation is totally clear but lacking in 'how to'.
The only I found (https://xpufx.com/posts/protecting-your-first-app-with-authentik/) was helpful as regards authentik but basically said it's all down to network config and provided little guidance as to what network config.

fbartels

@timconsidine said in Authentik - Making authentication simple.:

slightly off-topic but any suggestions of a tutorial for implementing Authentik ?

The authentik documentation has example configurations for quite some applications: https://goauthentik.io/integrations/

I have only just started taking a dive into Authentik but for portability reasons I decided to deploy it on a machine independent from my Cloudron.

ccfu

Has there been any further development with this? I am considering deploying Authentik on a non-Cloudron server but would wait if it is likely to be on Cloudron in the near future.

fbartels

@ccfu if you want to take advantage of Authentiks proxy mode, when I would recommend to install Authentik independently of Cloudron. You can still connect the two however by configuring Cloudron as an LDAP client of Authentik.

Sam_uk

@ccfu You could put it on https://elest.io/open-source/authentik if it's worth $10/month to you.

stalecontext

I've put up a Git repo to make a Cloudron app for Authentik. I was able to fully set it up, but let me know if you guys have any issues
https://github.com/stalecontext/authentik-cloudron-app

I also had to fork the Immich app to allow custom OAuth configuration incase you guys want to use Authentik for that:
https://github.com/stalecontext/immich-cloudron-custom-oauth

jdaviescoates

@stalecontext said in Authentik - Making authentication simple.:

I've put up a Git repo to make a Cloudron app for Authentik. I was able to fully set it up, but let me know if you guys have any issues
https://github.com/stalecontext/authentik-cloudron-app

I also had to fork the Immich app to allow custom OAuth configuration incase you guys want to use Authentik for that:
https://github.com/stalecontext/immich-cloudron-custom-oauth

I'm getting 404s on both those links

james

Hello @jdaviescoates

The whole profile is gone https://github.com/stalecontext/ maybe he has renamed his github account?

stalecontext

Have to email GitHub Support to get my account fixed. I think one of my repos needed cleaning up or something. I've reposted it on my private git incase you wanna check it out there @jdaviescoates @james

https://git.cathedral.gg/Ben/authentik-cloudron-app

https://git.cathedral.gg/Ben/immich-cloudron-custom-oauth

stalecontext

Authentik has been working magnificently in my case by the way. It's really nice and documentation for it is extremely thorough.

crazybrad

@james What does the team think about making Authentik an official Cloudron-supported app? @stalecontext has started the process. I think Authentik would serve a niche between Cloudron OIDC (simple) and Keycloak (Enterprise/complex).

If someone wanted to run "auth-as-a-service", Authentik would be perfect for that use case. Having it official at Cloudron would make it less risky to implement.

Lanhild

@crazybrad Core features such as outposts wouldn't work by packaging authentik as a Cloudron application.

As mentioned earlier in this topic, authentik is the kind of application I'd suggest having installed on a separate server.

crazybrad

@lanhild Didn't see the comment you were referring to. Can you explain why outposts would not work if Authentik were packaged as a Cloudron app? Why would it be any different from any other Docker app or Authentik hosted on an independent server running Docker?

Lanhild

@crazybrad outposts are their own docker containers, created by the authentik worker, itself connected to the docker socket. I reckon we have an addon to connect an app to the socket, but iirc it's not recommended to use it.

crazybrad

@lanhild Got it. Is a dockerized app creating its own connected docker containers a typical pattern? Lastly, is Authentik without the ability to use outposts still useful, or is it crippled without them?

Lanhild

@crazybrad

1. For applications with networking related features, not uncommon
2. Depends on the use case, as soon as you need LDAP or other protocols, an outposts necessary. Other features like SAML and OIDC will work without additional configuration.

You can see authentik's documentation about this, it's well detailed.

crazybrad

@lanhild Thank you. I will explore the documentation.