Authentik vs Authelia?
-
I'm currently using Authelia to authenticate for some of my self hosted services. It works fine, but the limited user backends (ldap or... yaml??) make me want to look for an alternative.
Authentik seems good, but after looking at their website I get the feeling of imminent enshitification, where they're going to either pull the rug on the open source version, or basically gatekeep essential features behind an enterprise license.
So, for those using Authentik, how has your experience been so far?
-
I'm currently using Authelia to authenticate for some of my self hosted services. It works fine, but the limited user backends (ldap or... yaml??) make me want to look for an alternative.
Authentik seems good, but after looking at their website I get the feeling of imminent enshitification, where they're going to either pull the rug on the open source version, or basically gatekeep essential features behind an enterprise license.
So, for those using Authentik, how has your experience been so far?
Authelia + lldap(lightweight ldap) has been a really nice and powerful setup that negates the need for authentik for me. Authelia and authentik have diffrent goals tho, authelia is by design less powerfull and has a much smaller code base so that independent teams can audit the code themselves and a "set and forget" type configuration. Authentik is targeted at being an enterprise solution with all the bells and whistles. If you need those bells and whistles and dont want to use authentik try looking at keycloak (which also needs an ldap backend)
-
I'm currently using Authelia to authenticate for some of my self hosted services. It works fine, but the limited user backends (ldap or... yaml??) make me want to look for an alternative.
Authentik seems good, but after looking at their website I get the feeling of imminent enshitification, where they're going to either pull the rug on the open source version, or basically gatekeep essential features behind an enterprise license.
So, for those using Authentik, how has your experience been so far?
I just switched from Authelia to PocketID
No good reason.
Mainly because Authelia was a bit convoluted and I needed something very basic. -
Authelia + lldap(lightweight ldap) has been a really nice and powerful setup that negates the need for authentik for me. Authelia and authentik have diffrent goals tho, authelia is by design less powerfull and has a much smaller code base so that independent teams can audit the code themselves and a "set and forget" type configuration. Authentik is targeted at being an enterprise solution with all the bells and whistles. If you need those bells and whistles and dont want to use authentik try looking at keycloak (which also needs an ldap backend)
Keycloak user here!
You don't need** LDAP to use keycloak, but you can use it (I do too). Afaik keycloak is not always the easiest (not always clear instructions) but it works flawlessly for me and those who I authenticate. I use it for almost all my self hosted services except those who don't support it (obviously).I can manage my users in LDAP and use keycloak for SSO etc. I would definitely recommend it! -
I'm currently using Authelia to authenticate for some of my self hosted services. It works fine, but the limited user backends (ldap or... yaml??) make me want to look for an alternative.
Authentik seems good, but after looking at their website I get the feeling of imminent enshitification, where they're going to either pull the rug on the open source version, or basically gatekeep essential features behind an enterprise license.
So, for those using Authentik, how has your experience been so far?
I'm using PocketID as it is super simple to set up. I've also paired it with TinyAuth for those services that don't support SSO.
I also use Swag as my reverse proxy, which just added native support for TinyAuth.
-
I'm currently using Authelia to authenticate for some of my self hosted services. It works fine, but the limited user backends (ldap or... yaml??) make me want to look for an alternative.
Authentik seems good, but after looking at their website I get the feeling of imminent enshitification, where they're going to either pull the rug on the open source version, or basically gatekeep essential features behind an enterprise license.
So, for those using Authentik, how has your experience been so far?
I doubt authentik will enshittify, i have been using it since 2 years and have been on their discord interacting with the team. They are very helpful and recently made some useful enterprise features available for self hosted users which is the opposite of enshittification. -
I'm currently using Authelia to authenticate for some of my self hosted services. It works fine, but the limited user backends (ldap or... yaml??) make me want to look for an alternative.
Authentik seems good, but after looking at their website I get the feeling of imminent enshitification, where they're going to either pull the rug on the open source version, or basically gatekeep essential features behind an enterprise license.
So, for those using Authentik, how has your experience been so far?
I very much enjoy authentik. Great tool. Lots of great documentation.
-
I'm currently using Authelia to authenticate for some of my self hosted services. It works fine, but the limited user backends (ldap or... yaml??) make me want to look for an alternative.
Authentik seems good, but after looking at their website I get the feeling of imminent enshitification, where they're going to either pull the rug on the open source version, or basically gatekeep essential features behind an enterprise license.
So, for those using Authentik, how has your experience been so far?
You can try VoidAuth, it is kinda similar to Authelia+lldap. I am the developer and I created it because I wasn’t satisfied with Authelia’s user management. If you decide you want to try it and run into any issues or questions I will try to help
-
I'm currently using Authelia to authenticate for some of my self hosted services. It works fine, but the limited user backends (ldap or... yaml??) make me want to look for an alternative.
Authentik seems good, but after looking at their website I get the feeling of imminent enshitification, where they're going to either pull the rug on the open source version, or basically gatekeep essential features behind an enterprise license.
So, for those using Authentik, how has your experience been so far?
I use authentik and like it. The learning curve isn’t that steep so not a lot of wasted investment if you decide to ditch it for something else. No password flow with webauthn is pretty cool.
-
I'm using PocketID as it is super simple to set up. I've also paired it with TinyAuth for those services that don't support SSO.
I also use Swag as my reverse proxy, which just added native support for TinyAuth.
wrote last edited by [email protected]Seconding Pocket ID. Very lightweight and fast while also doing everything I need.
-
You can try VoidAuth, it is kinda similar to Authelia+lldap. I am the developer and I created it because I wasn’t satisfied with Authelia’s user management. If you decide you want to try it and run into any issues or questions I will try to help
I like the motivation behind this, but have a allergy to running critical infrastructure like authentication on node.
To each their own, though, and good luck with the project. Diversity is life.
-
I'm currently using Authelia to authenticate for some of my self hosted services. It works fine, but the limited user backends (ldap or... yaml??) make me want to look for an alternative.
Authentik seems good, but after looking at their website I get the feeling of imminent enshitification, where they're going to either pull the rug on the open source version, or basically gatekeep essential features behind an enterprise license.
So, for those using Authentik, how has your experience been so far?
Why don't you like LDAP? OpenLDAP is a PITA (necessarily, I guess, to be considered "enterprise"), but lldap has been pretty nice to me. I mean, it's the identity protocol, it's just that the server software has been complex until relatively recently.
What would you use instead? A SQL DB with some custom schema, that just re-invents LDAP?
-
I'm currently using Authelia to authenticate for some of my self hosted services. It works fine, but the limited user backends (ldap or... yaml??) make me want to look for an alternative.
Authentik seems good, but after looking at their website I get the feeling of imminent enshitification, where they're going to either pull the rug on the open source version, or basically gatekeep essential features behind an enterprise license.
So, for those using Authentik, how has your experience been so far?
There’s also Zitadel: https://zitadel.com/
-
I'm currently using Authelia to authenticate for some of my self hosted services. It works fine, but the limited user backends (ldap or... yaml??) make me want to look for an alternative.
Authentik seems good, but after looking at their website I get the feeling of imminent enshitification, where they're going to either pull the rug on the open source version, or basically gatekeep essential features behind an enterprise license.
So, for those using Authentik, how has your experience been so far?
Authentik has done the opposite of enshittification. As they've gotten more successful, they've taken enterprise features and moved them into the community edition. I've been extremely happy with Authentik so far and the dev has been nothing short of fantastic every time I've seen them interacting with the community.
-
I'm currently using Authelia to authenticate for some of my self hosted services. It works fine, but the limited user backends (ldap or... yaml??) make me want to look for an alternative.
Authentik seems good, but after looking at their website I get the feeling of imminent enshitification, where they're going to either pull the rug on the open source version, or basically gatekeep essential features behind an enterprise license.
So, for those using Authentik, how has your experience been so far?
wrote last edited by [email protected]I'm on my phone rn and can't write a longer post. This comment is to remind me to write an essay later. I've been using authentik heavily for my cybersecurity club and have a LOT of thoughts about it.
The tldr about authentik's risk of enshittification is that authentik follows a pattern I call "supportware". It's when extremely (intentionally/accidentally) complex software (intentionally/accidentally) lacks edge cases in their docs,because you are supposed to pay for support.
I think this is a sustainable business model, and I think keycloak has some similar patterns (and other Red Hat software).
The tldr about authentik itself is that it has a lot of features, but not all of them are relevant to your usecase, or worth the complexity. I picked up authentik for invites (which afaik are rare, also official docs about setting up invites were wrong, see supportware), but invites may not something you care about.
Anyway. Longer essay/rant later. Despite my problems, I still think authentik is the best for my usecase (cybersecurity club), and other options I've looked at like zitadel (seems to be more developer focused),or ldap + sso service (no invites afaik) are less than the best option.
Sidenote: Microsoft entra is offers similar features to what I want from authentik, but I wanted to self host everything.
-
Why don't you like LDAP? OpenLDAP is a PITA (necessarily, I guess, to be considered "enterprise"), but lldap has been pretty nice to me. I mean, it's the identity protocol, it's just that the server software has been complex until relatively recently.
What would you use instead? A SQL DB with some custom schema, that just re-invents LDAP?
LDAP and ldaps are not great from a security perspective. They pass password though the application which means a single compromised app will create a full breach.
Better to use OpenID which uses a single sign on portal that tells the underlying app when authentication is successful. It has a much smaller attack surface and allows for much more flexibility.
-
I'm currently using Authelia to authenticate for some of my self hosted services. It works fine, but the limited user backends (ldap or... yaml??) make me want to look for an alternative.
Authentik seems good, but after looking at their website I get the feeling of imminent enshitification, where they're going to either pull the rug on the open source version, or basically gatekeep essential features behind an enterprise license.
So, for those using Authentik, how has your experience been so far?
Keycloak all the way
-
I'm on my phone rn and can't write a longer post. This comment is to remind me to write an essay later. I've been using authentik heavily for my cybersecurity club and have a LOT of thoughts about it.
The tldr about authentik's risk of enshittification is that authentik follows a pattern I call "supportware". It's when extremely (intentionally/accidentally) complex software (intentionally/accidentally) lacks edge cases in their docs,because you are supposed to pay for support.
I think this is a sustainable business model, and I think keycloak has some similar patterns (and other Red Hat software).
The tldr about authentik itself is that it has a lot of features, but not all of them are relevant to your usecase, or worth the complexity. I picked up authentik for invites (which afaik are rare, also official docs about setting up invites were wrong, see supportware), but invites may not something you care about.
Anyway. Longer essay/rant later. Despite my problems, I still think authentik is the best for my usecase (cybersecurity club), and other options I've looked at like zitadel (seems to be more developer focused),or ldap + sso service (no invites afaik) are less than the best option.
Sidenote: Microsoft entra is offers similar features to what I want from authentik, but I wanted to self host everything.
I like the "supportware" term, I can apply that to a few other tools (airbyte, teleport).
I ended up setting up authentik today and it went really smoothly. So far I like it a lot, so hopefully the full enshittification process doesn't happen soon.
Even though right now I just want to use it for my own self-hosting purposes, I'm also interested in potentially using it for work. We have a few hundred thousand users and AWS cognito is getting pretty expensive. -
LDAP and ldaps are not great from a security perspective. They pass password though the application which means a single compromised app will create a full breach.
Better to use OpenID which uses a single sign on portal that tells the underlying app when authentication is successful. It has a much smaller attack surface and allows for much more flexibility.
Yep, this is what I'm looking for
-
There’s also Zitadel: https://zitadel.com/
I tried it before authelia, and it felt like an unfinished product. Nice looking, but there were weird issues, like you could create projects (or apps? i don't remember) through the UI, but then if you wanted to delete them you had to use the API.
The hierarchy of resources also didn't really feel intuitive to me. But that's just personal preference.
I've been testing out authentik today and I really like it. I like that the UI works great, but there's also a terraform provider to manage things declaratively.
