I have a lot of different services which I self host for me and my family like:

  • PeerTube
  • Lemmy
  • Mastodon
  • Synology NAS
  • TTRSS
  • NextCloud
  • Matrix
  • HomeAssistant
  • etc.

Right now every family member needs to create a user on each of those services and have a different password on them, which is OK when you use a Password Manager, but most of my extended family members don’t. And they often forget their password and stop using the service because they can’t figure out how to reset the password with each and every service.

I would like to try to consolidate all of it with a Single Sign-On (SSO) solution but It’s not obvious to me if there is one which is not overly over engineered for hundreds of thousands of users but small and lightweight, perhaps even easy to set up.

I tried OpenLDAP but Jesus that was very involved.

  • chiisana@lemmy.chiisana.net
    link
    fedilink
    English
    arrow-up
    2
    ·
    1 year ago

    I started trying out FusionAuth and it’s been pretty neat. I off-load my auth to Google because I don’t want yet another username/password nor do I want to be responsible in storing it, but you can certainly use built-in auth if your objective is to stop using external auth. I currently have my Kasm Workspace deployed behind it, so when user lands on Kasm, they get bounced to FusionAuth where there’s a login prompt and Login w/ Google button; when they authenticate (be it through built-in auth or Google in my case), they get bounced back to Kasm Workspace in their account. This was deployed using docker compose, so I just annotate containers I want to protect w/ some labels, traefik handles all the glue work. I really like the way it worked out.

    I’d imagine something like Authelia, which gets pushed a lot as well, would be able to offer a similar if not identical workflow.

    For Lemmy, at this time, I don’t think it is possible to gate it like that, otherwise inbound federation (i.e.: comment replies to this post) won’t make it into your instance.