What’s everyones recommendations for a self-hosted authentication system?

My requirements are basically something lightweight that can handle logins for both regular users and google. I only have 4-5 total users.

So far, I’ve looked at and tested:

  • Authentik - Seems okay, but also really slow for some reason. I’m also not a fan of the username on one page, password on the next screen flow
  • Keycloak - Looks like it might be lighter in resources these days, but definitely complicated to use
  • LLDAP - I’d be happy to use it for the ldap backend, but it doesn’t solve the whole problem
  • Authelia - No web ui, which is fine, but also doesn’t support social logins as far as I can tell. I think it would be my choice if it did support oidc
  • Zitadel - Sounds promising, but I spent a couple hours troubleshooting it just to get it working. I might go back to it, but I’ve had the most trouble with it so far and can’t even compare the actual config yet
  • @[email protected]
    link
    fedilink
    English
    7
    edit-2
    8 months ago

    Authentik works very well and has the most flexibility if you have the resources to run it (not an rpi)

    You can change the logon flow to make the username and password on the same page

    Another user mention issues with password managers auto filling. There is a comparability button as well on the login flow that allows bitwarden and other to auto fill correctly.

    Authentik has LDAP built in along with every SSO method that exists. Makes it super nice to integrate into as many services as possible.

    I use it with oAuth, LDAP and reverse proxy authentication.

    • @[email protected]OP
      link
      fedilink
      English
      18 months ago

      You can change the logon flow to make the username and password on the same page There is a comparability button as well on the login flow that allows bitwarden and other to auto fill correctly.

      Thanks for the tips, I found the compatibility button and will try it out. I’m not sure I see how to change the username/password to be on the same page though. Do you have to create a whole new login flow?