I was looking for turnkey AuthN/AuthZ using OIDC for closed networks and self hosting, turnkey as in being able to drop a configured container in place and hit the ground running, and not being dex with keycloak.
If you're looking for something but more production ready, Authelia seems like a good option. Vouch and oauth2-proxy are even simpler but more specific in what they do. If you can provide more details of what you're trying to accomplish I might be able to give more specific advice.
I'm looking for something that can federate identity, i.e. allow login with the @company microsoft identity provider, or support a users table, and ideally allows linking them. I just want to properly authenticate for internal tooling.
Thank you for the nice words you describe well what we try to achieve!
With ZITADEL we aspire to become the best of Auth0 and Keycloak in more modern package. Or in other words are a end-to-end open source identity infrastructure. I know this sounds a little unspecific but our goals are:
1) Have AuthN/AuthZ, Login, SSO as Turnkey features but also allow people to build their own UIs
2) Have an audit trail that allows people to see all changes ever made
3) Give devs the ability to extend zitadel with custom code (actions)
4) Support well given standards (OIDC/Oauth/SAML/LDAP) with certification if possible
5) Be ease to operate and scale
6) Provide APIs for everything ;-)
Btw. its always nice to see other projects to solve problems in the identity space. To me it feels like Obligator can, at the moment, be best compared to Dex since it feels a lot like a façade service that has little user management capabilities (not that this is a bad thing) but wraps them for easier usage in multiple services. But please take this observation with a lot of salt since I have not used or tinkered with Obligator.
Fair enough, but developers and sysadmins don't want to choose between two great options. They want one obvious best option and a second option that is good enough and can be made better if option one turns evil.
Gitlab is a great example of what I'm saying. Few use it today but that's probably where we would all go. You know, because we never actually learn the lessons of centralization.
I use keycloak, but it's Java and I need Go or better performance.
With the new UI mass admin tasks are no longer possible.
At least version upgrades are better now.
Keycloak has no ed25519 support. Louketo proxy or whatever it's called nowadays only supports RS256, so I had to write my own OIDC middleware.
At least they stopped generating UUIDv4 secrets.
Hydra is too complex.
Dex is too simple.
Identity Server lacks performance because C#.
Zitadel, heard but not tried yet. The keycloak vs zitadel page doesn't help. Is the Zitadel access token also jwt like in keycloak and included role membership?
I use a Vue client specifically for Keycloak.
The generic openid-connect-client is unmaintained.
The TS fork doesn't have a working, maintained, reactive implementation.
Why does OIDC have to be so complicated?
I know why... so you, like with k8s, trust external, paid for (expensively), companies with your work and data.
The old "make it complicated so people would rather pay for our services".
Remember the story about the oauth1 creator quitting the oauth2 project?
> Zitadel, heard but not tried yet. The keycloak vs zitadel page doesn't help. Is the Zitadel access token also jwt like in keycloak and included role membership?
By default Zitadel uses opaque tokens but you can switch to JWT and use an piece of JS code (actions) to insert whatever claim you want into the tokens
i think most people look at keycloak, and just feel overwhelmed, but that seems to be the case for OIDC in general, they always feel insanely heavy, something like this with a flatfile config and single file executable seems pretty amazing.
You might want to take a look at FusionAuth (I'm an employee).
It's not open source, which may be a deal breaker for some, but it is "free as in beer". If you use the community edition and run it yourself, it is free for however many users you want. Also supports SAML (I know, I know, but when you need it you need it).
I was looking for turnkey AuthN/AuthZ using OIDC for closed networks and self hosting, turnkey as in being able to drop a configured container in place and hit the ground running, and not being dex with keycloak.