In a previous post I showed how to use Dex as an IdP. It’s a simple and small IdP ideal for home labs and self-hosting. However, Dex is pretty limited, keeps targetting cloud native deployments and keeps insisting that a database like SQLite is not appropriate for “real workloads.” I disagree.
I’m not going to show you how to set things up this time, but I am going to point you at Rauthy. It has everything you need from homelab to large scale deployments, requires very little in the way of resources and runs perfectly fine as a single-node deployment. Its development is currently sponsored by the NLnet Foundation.
Configuration
Rauthy’s configuration is well-documented, but I’m including a small snippet to show how to set up a single-node cluster:
[cluster]
node_id = 1
nodes = ["1 127.0.0.1:8100 127.0.0.1:8200"]
listen_addr_api = "127.0.0.1"
listen_addr_raft = "127.0.0.1"
Forward or proxy authentication
Rauthy also supports forward authentication or proxy authentication. You can pair it with Caddy or nginx’s forward auth to securely applictions that don’t natively support OpenID Connect.
Other stuff
Rauthy supports SCIM, so users and groups can be provisioned in systems that support it. It also comes with a PAM module, letting you delegate logging in to machines to Rauthy as well.