I'm part of a self-hosted company with about 50 employees. We've recently started using a service that only supports OIDC, so we switched on Keycloak, integrated with Univention, which made me dive deeper into OIDC. We're considering a full move to OIDC from LDAP due to this service. Before I kick off the testing phase, I've noticed many people on Reddit lean towards Authentik or Authelia instead of Keycloak, claiming that Keycloak can be tricky and has a steep learning curve.
Our needs are pretty straightforward: we want to use LDAP as a backend and implement some simple allow/deny policies based on LDAP groups. I've seen that both Authentik and Authelia support forward authentication, which would be a nice bonus. Authentik also has support for RADIUS and SSH, which seems interesting. While Keycloak's integration with Univention is a plus, I'm unsure if it outweighs any potential downsides. What do you guys think?
5 Answers
I recommend going with Keycloak. It's definitely the most established and enterprise-focused of the three. It supports everything you need, plus the configuration is simple with a JSON file, which makes moving from a dev to a production environment easier.
Hope you didn't have too much trouble getting Zitadel to work! If you did, I'm happy to help out.
In my experience, Keycloak is quite effective. It's very configurable, but I find the interface a bit frustrating because everything is more about clicking rather than just editing configuration files. Authelia is lightweight and minimal, but not as mature, while Authentik seems comprehensive though a bit heavy.
You might want to check out Kanidm as well; it could fit your needs. Keycloak is solid, though!
I can vouch for Keycloak working well. Just remember, all alternatives typically require a backing LDAP server, so keep that in mind. If you're looking for something lightweight, Authelia might be good, but Keycloak covers a lot of bases.
Related Questions
Can't Load PhpMyadmin On After Server Update
Redirect www to non-www in Apache Conf
How To Check If Your SSL Cert Is SHA 1
Windows TrackPad Gestures