What are you folks using for self-hosted single sign-on?

I have my little LDAP server (lldap is fan-fucking-tastic – far easier to work with than OpenLDAP, which gave me nothing but heartburn). Some applications can be configured to work with it directly; several don’t have LDAP account support. And, ultimately, it’d be nice to have SSO - having the same password everywhere if great, but having to sign in only once (per day or week, or whatever) would be even nicer.

There are several self-hosted Auth* projects; which is the simplest and easiest? I’d really just like a basic start-it-up, point it at my LDAP server, and go. Fine grained ACLs and RBAC support is nice and all, but simplicity is trump in my case. Configuring these systems is, IME, a complex process, with no small numbers of dials to turn.

A half dozen users, and probably only two groups: admin, and everyone else. I don’t need fancy. OSS, of course. Is there any of these projects that fit that bill? It would seem to be a common use case for self-hosters, who don’t need all the bells and whistles of enterprise-grade solutions.

  • steventhedev@lemmy.world
    link
    fedilink
    English
    arrow-up
    8
    ·
    edit-2
    1 day ago

    Keycloak might seem a little daunting to start with, but is basically glue between your idp (ldap) and whatever apps need to authenticate.

    • Grunt4019@lemm.ee
      link
      fedilink
      English
      arrow-up
      4
      ·
      1 day ago

      My issue with keycloak is that the documentation is very poor as a beginner. It and almost any other guides online assume you already know things that you may not so I wasn’t able to get past that hurdle.

      • steventhedev@lemmy.world
        link
        fedilink
        English
        arrow-up
        1
        ·
        19 hours ago

        Strongly agree. A guide for dead simple setups would be incredibly useful (e.g. gsuite as idp, oauth for a single app).

        It took me a few days to get that basic setup working, and a few days more to improve it. But once it was up, it was rock solid.

    • jaark@infosec.pub
      link
      fedilink
      English
      arrow-up
      4
      ·
      1 day ago

      Another for Keycloak. Though it is probably overkill for many people’s needs in here - it certainly is for mine! But it is what I have up and running and see no need to change to a simpler option.

    • AddiXz@feddit.nl
      link
      fedilink
      English
      arrow-up
      1
      ·
      1 day ago

      Plus one for Keycloak here. Initially it may be a bit daunting but once it’s set it’s a rock and works flawlessly!