Okay, authentik is up! Took a while, I was fighting against flux and the helm release because it deployed with the wrong StorageClass (I forgot to have that configuration ready before release.) Helm wasn't able to modify the PVC because they're immutable, updating the release has to wait for the initial release to succeed (which it won't) or timeout and flux is quiet on the reasons for all of this unless you know where to look lots of learning was had though!

Anyway, admin and personal user accounts created, MFA enabled. Got my first application integrated too! (actual budget)

What next? The world is my oyster... Probably gitea or semaphore. I'm hesitant to integrate services like jellyfin before I have more users onboarded and this gives me an opportunity to experiment with other edge cases like other providers and service accounts and such

In work right now I'm working with our IAM team on setting up SSO for a new internal facing service and it's kinda boring...

In contrast, for my homelab, I'm investigating Authentik so I can start setting up SSO for my services at home and I gotta admit I'm pretty excited

Spent way too much time today setting up #authentik and moving over my self hosted stuff to SSO... Good stuff.

Has anyone managed to implement a password expiration policy in an #authentik flow?

There's little to no documentation available and I can't figure it out for the life of me

I set up Pocket ID (https://docs.pocket-id.org/) for self-hosted OIDC SSO at the weekend. It was incredibly simple to get going (though testing out Authentik taught me a lot that carried over). I'd been ignoring Passkeys up until now, and it's the only credential type Pocket ID supports. I think I'm sold on them now, though the story on migrating them is still poor.

For about 30 years I have #selfhosted my #email. Just family and friends on there. About 7-8 people. About 6 months ago I converted the #homelab to using #authentik for single sign on. For the first time in those 30 years, my users can change their own passwords and recover them if they lose them.

Interestingly, the “I forgot my password” workflow is not built and turned on by default in authentik. It’s easy to add and the steps are clear, but you have to turn that on.

À La Contre-Voie, ces deux dernières années, nous avons testé plus d’une dizaine d’outils d’authentification centralisée (#SSO)… On vous livre les conclusions de nos recherches !
https://lacontrevoie.fr/blog/2024/comparatif-de-onze-solutions-de-sso-libres/

La semaine prochaine, nous vous présenterons notre troisième et dernier article sur la partie technique de notre association, avec un coup de projecteur sur nos « fermes à services » :)

Spending a little time on my #selfhosted #nextcloud this morning. Want to switch over to SSO with #authentik. But first, lemme check and see if it needs updating... Oh. I'm on Nextcloud 27 that went EOL in June 2023.... well. lemme just go update that first.

that's fair
#authentik #fairmail
https://goauthentik.io/pricing/

I hear really good things about #authentik and from what I can tell from reviews and the documentation, it is very flexible and can do a lot.

But man, if it’s not confusing. #Authelia has worked so well for the last few years, but development has slowed and I haven’t had the time to dig into the code base.

We’ll see how far I get, but it hasn’t been a good start. I can’t setup my #ldap outpost because my #ldap application doesn’t show up as an available app. #SelfHosting #authentication

I'm self-hosting the design tool, @penpot, I use for personal projects. For login, I'm running my own #OpenID auth server with #Authentik.

Boy does this make me happy.

I am looking for public real world examples of applications using UMA (User-Managed Access). Do you know about any implementation of a **client application** using UMA?
I would like to talk about it in a authz course I'll be teaching this week.
Thanks for your help!

I start to develop my own #openDesk called #myCloud,
The code gives me inspiration, but is not modular enougth (for easy add components).
Thank you #authentik and this patch from @genofire https://github.com/goauthentik/helm/pull/146
und den authentik-blueprint helmchart für applicationen:
https://codeberg.org/wrenix/helm-charts/src/branch/main/authentik-application

Code:
https://codeberg.org/wrenix/helmfile-mycloud/

PS: It is in alpha (no persistent yet), current it does not ship anything else then #authentik (but my infra #helmfile)