Je viens de faire la mise à jour d'#Authentik à la version 2.8.0. J'ai participé à la traduction de plusieurs dizaines de lignes via Transifex il y a quelques semaines, mais ça n'a pas été pris en compte. Du moins, pas dans leurs images docker... :flan_sad:

For anyone running #Apache #Guacamole for #RemoteDesktop stuff, build the server from source they say "has" to be built from source (?? Why??) or use Docker?

(Beginning to think I should have #Portainer on the #LXC container running #Authentik to manage stacks, but that's probably serious overkill versus just using watchtower to keep things updated)

I just had to steal this #meme from #reddit, it's about #selfhosting all your stuff. Instead of being relient on the constant threath of loosing your #google account. Or what about losing your centrally accessed #twitter account because #elonmusk thinks you are not worty of his platform?

This is the exact reason why I started to #selfhost more stuff like a #vaultwarden / #bitwarden vault, my own #authentik instance and for fun, a #warpgate instance. Planning to setup #portainer later probably.

Current #homelab projects:

- migrating everything off of my first and primary server to others do I can start over with SSD storage to replace the current failing disks
- slowly migrating service into HashiCorp #nomad
- moving secrets into HashiCorp #vault and eventually using #1password as the backend
- need to setup sso, should I use # #keycloak, #authelia, or #authentik?

@bjoern Thanks for the update! I used to integrate my #authentik-instance with Nextcloud via SSO/SAML with help of this article - also worth a read, depending on your SSO-platform:

https://blog.cubieserver.de/2022/complete-guide-to-nextcloud-saml-authentication-with-authentik/ 👍🏻

Just managed to build my own #authentik instance and link it to my #Mastodon account to make use of an OAuth2/OpenID Provider-based login flow. Feeling quite blessed right now... 😇 #security #sso

Like it says. I'm moving my apps (not blimps) to a new home server, which is running #proxmox, whereas I was running docker on ubuntu with Portainer to help out on my old Dell micro.

I'm unsure between #Keycloak and #Authentik as to which I should use. Already used Authentik but that's kinda #docker only now, which I don't have on Proxmox. Am unsure what to do. Losing LDAP sucks for VPN auth on pfSense. And keycloak seems complicated somehow?

Halp please.

Urrg.. I hate #discord! Searching for some #Oauth2 tingue i decided to give #authentik a try. It installed fine enough but something in connecting to my FreeIPA was not obvious. So I tried to access the discord group: Discord first tried to create a new account - then decided that my mail was already in use - not allowing me to login - and upon retry it now declares the invite from authentik invalid.
I dont get why any opensource project uses discord.

Yay, #Authentik working with undockerized #PostgreSQL, now to see how nice it is to work with for personal #SSO with #OIDC.

So, Arbeiten sind abgeschlossen, ich präsentiere #SSO.

Da wir mittlerweile einige Dienste haben, die einen Log-in erfordern, dachte ich mir, es wäre für euch ein schönes Feature, wenn ihr nur einen Log-in benötigen würdet.

Daher gibt es jetzt eine #authentik Instanz, die darum kümmert.

https://lemmy.rollenspiel.monster/post/32479

@mike I can definitely recommend #authentik. I've been running an instance for quite a while, and it just continues to improve.

Update your #authentik #sso instance to 2022.11.4!

I've discovered CVE-2022-23555, which allows an attacker to access a different invitation flow than the one specified in the invite link! #CVE #security #infosec #vulnerability

Still stuck on #authentik for some reason the auth cookies are set wrong. I am geting very annoyed.

Have been trying to set up #traefik and #authentik for the last week. It has not been going well

@yojimbo @lightweight I agree with the requirement for k8s as a must. Though, I think #authentik is aiming for larger use cases that have needs for these types of deployments anyway.

Also agree with the annoyance of doing support via Discord (only).

@lightweight Looks like #Authentik may be more what I'm looking for, as #Authelia seems to be more of a 'shielding proxy' in front.

https://goauthentik.io/
https://www.reddit.com/r/selfhosted/comments/q721e9/comment/hggnqsw/?context=3

Somewhat of an #InfoSec #Fail in #Authentik - https://github.com/goauthentik/authentik/security/advisories/GHSA-mjfw-54m5-fvjf #CVE-2022-46145 - "Unauthorized user creation and potential account takeover"

Seems to have been handled well, and I'm still going to continue evaluating it for my own needs.

@michcia https://goauthentik.io/docs/providers/ldap/
You can set up #Authentik, using either internal database for users, or external source, and then it has a concept of Outposts, one of things which they can do is act as an #LDAP server, though a bit limited, and expose that information to applications that don't understand #OIDC / #OAuth.
Another thing that an Outpost can apparently do is basically oauth2_proxy thing.

My #blog is back up and running using #ghost and #mysql now on the updated version because hey, if I had to redo everything why not update the whole shebang.

I rewrote a few of my old posts and will hopefully have all my old posts back soon when I write them. And new posts on the new services that I have started running.

#Ghost blog: https://stetsed.xyz/ghost-blog-with-mysql-backend/

#Gitea #Git sever: https://stetsed.xyz/selfhosted-git-server-with-gitea/

#authentik with #caddy reverse proxy: https://stetsed.xyz/authentik-with-docker-compose-setup/

And lastly remember everybody, don't work on production. It can never go well.

#homelab #selfhosted #selfhosting

Just published a guide on how to use Caddy with Authentik authentiction. Quick writeup as I found it hard to find the info myself so I hope it helps incase anybody was thinking of setting something similar up.

https://stetsed.xyz/caddy-reverse-proxy-with-authentik-authentication/

#authentik #caddy #selfhosted #homelab