I've often wondered why there isn't a simpler identity provider service that does the thing that ~90% of applications need without all of the complex configuration.

The world of Auth has been made miserable with everything having to support OAuth2/LDAP/SSO/SAML etc., plus a million versions of access control, session configs, yadda yadda. Each of these has their own (usually legitimate) purpose, but also each one has to integrate with other providers that each don't follow and/or extend the spec in their own special way. And the pain goes on and on.

Obviously you can make a product that only does really good username/password auth for example, but there's always more pressure to implement more things for another use case.

Another problem is also that "standards" like OAuth2/OIDC are used for a thousand use cases that weren't intended by the authors, so people get really creative with them. Plus the spec itself is vague on many essential things, for example how logout should work. Thankfully I never had to implement SAML but I would guess it's even worse there...

You can host authentik with one click in docker. It's super easy to set up

Ironically, their hard dependency on Docker is a showstopper for me - none of my systems run Docker Engine, they use containerd and Podman, neither of which are supported.

I hadn't heard of them, but I'm looking at their GitHub page now and they seem to support Kubernetes, which makes me think they must support containerd, right?

I run Authentik in podman; you could also in theory just run it without containers, although that would be obnoxious to set up.

Do you have a repo or example somewhere I can look at? Thanks

Have you tried Pocket-ID? I use it for my home server with LLDAP as the identity provider.

Honestly. We used dex. It worked pretty well.

Thanks for the rec. I’ll look into that.