HOME
02-262000
93
1853
24109
7
7024
322
4149
86
05
21509
68417
80
2048
319825
46233
05
2014
30986
585101
25403
31219
752
0604
21048
293612
534082
206
2107853
12201972
24487255
30412
98
4024161
888
35045462
41520257
33
56
04
69
41
15
25
65
21
0223
688
28471
21366
8654
31
1984
272
21854
633
51166
41699
6188
15033
21094
32881
26083
2143
406822
81205
91007
38357
110
2041
312
57104
00708
12073
688
21982
20254
55
38447
26921
285
30102
21604
15421
25
3808
582031
62311
85799
87
6895
72112
101088
604122
126523
86801
8447
210486
LV426
220655
272448
29620
339048
31802
9859
672304
581131
338
70104
16182
711632
102955
2061
5804
850233
833441
465
210047
75222
98824
63
858552
696730
307124
58414
209
808044
331025
62118
2700
395852
604206
26
309150
885
210411
817660
121979
20019
462869
25002
308
52074
33
80544
1070
020478
26419
372122
2623
79
90008
8049
251664
900007
704044
982365
25819
385
656214
409
218563
527222
80106
1314577
39001
7162893
12855
57
23966
4
6244009
2352
308
928
2721
8890
402
540
795
23
66880
8675309
821533
249009
51922
600454
9035768
453571
825064
131488
641212
218035
37
6022
82
572104
799324
4404
8807
4481
8915
2104
1681
326
446
8337
526
593
8057
22
23
6722
890
2608
7274
2103
03-111968
04-041969
05-1701D
06-071984
07-081940
08-47148
09-081966
10-31

Investigating SSO apps

As I'm growing my little constellation of services -- Forgejo for code versioning and repo storage, pipelines etc, Eleventy for SSG blogging and whatever, Azuracast for Radio, I find myself really wanting to simplify authentication and get into some SSO. I've used enterprise SSO tools like whatever the one is called at AWS, Okta, Jumpcloud, a few other ones too. But I don't have Enterprise income at this point yet, and also I just want to use something open source. That's my jam.

I attempted an install of Authentik, but it didn't go very well. I couldn't get any of my services integrated and eventually I just uninstalled it. So now I'm looking at Authelia, and possibly comparing to Keycloak. So here's a little table comparing the two.

Authelia vs. Keycloak Comparison

Feature Authelia Keycloak
Type Reverse-proxy-based access Full OAuth2/OIDC/SAML Identity Provider
Ideal Use Protecting apps behind a proxy Central login for multiple apps using standard protocols
Complexity Medium: config file-based High: many options via web UI
User Interface Minimal login portal Full admin + user UI
User Store Options YAML, LDAP, etc. Built-in DB, LDAP, external IdPs
2FA Support TOTP only TOTP, WebAuthn, Duo, etc.
OAuth2 / OIDC Provider ❌ Not supported ✅ Fully supported
SAML Support ❌ No ✅ Yes
SSO Experience SSO via reverse proxy True SSO via standard protocols
App Compatibility Only apps behind a reverse proxy Apps with OAuth2/OIDC/SAML (e.g., Forgejo, Nextcloud, Matrix, etc.)
Self-Service Features ❌ None ✅ Password reset, registration, profile edits
Access Rules YAML-defined (per path/domain) Role- and group-based
Docker Support ✅ Official image + Compose setup ✅ Official image but more setup required
Performance Footprint 🟢 Lightweight (Go) 🟡 Heavy (Java-based)
Learning Curve 🟡 Medium (YAML-heavy) 🔴 Steep (many moving parts)
Best For Homelab, simple setups Centralized identity, app integration, teams

So I am kinda torn here, there's not a clear winner although Keycloak seems like it might have more of the features I'm looking for. We'll see how it pans out.