What are you folks using for self-hosted single sign-on?

I have my little LDAP server (lldap is fan-fucking-tastic – far easier to work with than OpenLDAP, which gave me nothing but heartburn). Some applications can be configured to work with it directly; several don’t have LDAP account support. And, ultimately, it’d be nice to have SSO - having the same password everywhere if great, but having to sign in only once (per day or week, or whatever) would be even nicer.

There are several self-hosted Auth* projects; which is the simplest and easiest? I’d really just like a basic start-it-up, point it at my LDAP server, and go. Fine grained ACLs and RBAC support is nice and all, but simplicity is trump in my case. Configuring these systems is, IME, a complex process, with no small numbers of dials to turn.

A half dozen users, and probably only two groups: admin, and everyone else. I don’t need fancy. OSS, of course. Is there any of these projects that fit that bill? It would seem to be a common use case for self-hosters, who don’t need all the bells and whistles of enterprise-grade solutions.

  • steventhedev@lemmy.worldEnglish
    8·
    2 days ago

    Keycloak might seem a little daunting to start with, but is basically glue between your idp (ldap) and whatever apps need to authenticate.

    • Grunt4019@lemm.eeEnglish
      5·
      2 days ago

      My issue with keycloak is that the documentation is very poor as a beginner. It and almost any other guides online assume you already know things that you may not so I wasn’t able to get past that hurdle.

      • steventhedev@lemmy.worldEnglish
        2·
        2 days ago

        Strongly agree. A guide for dead simple setups would be incredibly useful (e.g. gsuite as idp, oauth for a single app).

        It took me a few days to get that basic setup working, and a few days more to improve it. But once it was up, it was rock solid.

    • jaark@infosec.pubEnglish
      4·
      2 days ago

      Another for Keycloak. Though it is probably overkill for many people’s needs in here - it certainly is for mine! But it is what I have up and running and see no need to change to a simpler option.

    • Matt The Horwood@lemmy.horwood.cloudEnglish
      1·
      2 days ago

      Keycloak here, I plugged my keycloak into my Google workspace. Yes I know Google!!

      But the login flow is amazing and I get all the MFA without the faff

    • AddiXz@feddit.nlEnglish
      1·
      2 days ago

      Plus one for Keycloak here. Initially it may be a bit daunting but once it’s set it’s a rock and works flawlessly!