Single Sign On With OAuth2.0 - Authentik Is AWESOME!
Рет қаралды 34,209
Күн бұрынAuthentik is a powerful authentication tool that uses a number of industry leading protocols and services for a seamless delegated access experience. Best of all, you can self-host it in your homelab to have complete control of your data.
In this video I show you how to configure OAuth2.0 for Portainer, but the same process can be used to connect Authentik to other common applications to give you seamless single sign on across all of your apps.
Authentik Docker Files:
github.com/JamesTurland/JimsG...
Recommended Hardware: github.com/JamesTurland/JimsG...
Discord: / discord
Twitter: / jimsgarage_
Reddit: / jims-garage
GitHub: github.com/JamesTurland/JimsG...
00:00 - Introduction to OAuth2.0 and Authentik
03:13 - Docker Compose Overview
06:20 - Docker Deployment
08:40 - Authentik Dashboard
09:27 - Connecting Authentik and Portainer
16:25 - Testing It Works
17:40 - Outro
@bluesquadron593 9 ай бұрын
Awesome content and superb channel!
@Jims-Garage 9 ай бұрын
Thanks 👍
@alisawongsawat3979 9 ай бұрын
I am loving it. Thank you for pushing me to improve my home lab!
@Jims-Garage 9 ай бұрын
You're welcome!
@accesser 9 ай бұрын
Great job researching this and then presenting in a clear way, this looks like a fun thing to tinker with
@Jims-Garage 9 ай бұрын
Thanks 👍
@chrisumali9841 9 ай бұрын
Thanks for the demo and info, have a great day
@Jims-Garage 9 ай бұрын
Thanks, you too!
@bertocross 9 ай бұрын
A big thank you for giving me loads of inspiration and lots of new projects to undertake in my homelab. I'm currently in the process of migrating from nginx proxy manager to traefik. Keep up the excellent work, I really enjoy your videos. I'm looking forward to the next authentik episode. 👍
@Jims-Garage 9 ай бұрын
Thanks for the feedback, really appreciate it.
@crc_code 9 ай бұрын
Thank you so much for sharing this information with us..this is a great video as always ❤❤❤
@Jims-Garage 9 ай бұрын
Thanks 👍
@DarrylGibbs 7 ай бұрын
Ah man!!!! Your guide is amazing! I just managed to get my Immich instance behind Oauth!! Dude, you're amazing!! Not to mention I've now learnt HOW to learn from Authentiks documentation.
@Jims-Garage 7 ай бұрын
You're most welcome, good job 👍
@dmbrv 9 ай бұрын
Very nice explanation. Thanks a lot for the video.
@Jims-Garage 9 ай бұрын
Thanks, you're welcome 😁
@henrysowell 4 ай бұрын
Thanks Jim! Great video
@Jims-Garage 4 ай бұрын
Appreciate the feedback ☺️
@idonteatpeopleonfriday4566 9 ай бұрын
Yes finally ! You're the man Jim :)
@Jims-Garage 9 ай бұрын
Thanks 👍
@skinwalker_ 27 күн бұрын
Your videos are so good they deserve more likes and shares than they have. I guess we are a specilaized group of people. Thank you for these videos they are really helpful and appreciated.
@Jims-Garage 27 күн бұрын
Thanks, really appreciate the feedback
@MacJFitness Ай бұрын
Thanks a lot for this guide! I set this up earlier watching another video and could not get the OAuth to work with Portainer. After I added the middleware you specified to the traefik config file and the labels to the compose file everything worked as expected!
@Jims-Garage Ай бұрын
Great, good to hear that
@hasanerken9604 8 ай бұрын
Fantastic explanation, please continue with all capabilities of Authentik
@Jims-Garage 8 ай бұрын
Thanks. I did a follow up for web proxies.
@hasanerken9604 8 ай бұрын
Now I am watching it. Awesome guidance. thanks@@Jims-Garage
@thieuson 9 ай бұрын
Very useful, thank you
@Jims-Garage 9 ай бұрын
Thanks 👍
@monish05m 9 ай бұрын
using authentik for over an year now, I can say this with confidence that it is awesome, functional, and logical. all with great support and pretty UI.
@Jims-Garage 9 ай бұрын
Awesome, I agree - it's a great tool!
@draukuxan1081 9 ай бұрын
Thanks for another fantastic video! This and the next Authentik video on your channel are my projects for today. I've been using Auth0 for years, and have been wanting to switch to Authentik for a while now. One suggestion for your videos: please leave the pop-up/clarification text on the screen for a little bit longer than you did for the "workers" blurb at 4:10 as I had to back up and pause to read it.
@Jims-Garage 9 ай бұрын
Thanks, noted.
@Iahmel. 8 ай бұрын
Looking forward to more content on Authentik. It's an awesome product and very capable of many things, although finding good examples and guidance for someone who isn't a devops guy is difficult.
@Jims-Garage 8 ай бұрын
Thanks, make sure to check out my follow up with web proxies (like Authelia).
@BoKKeR111 9 ай бұрын
Thanks for this great content! For me portainer created the user properly. No issues at all
@Jims-Garage 9 ай бұрын
Great to hear!
@andoniortiz4774 7 ай бұрын
Gracias por compartir!
@Jims-Garage 7 ай бұрын
You're weclome
@cybr774 9 ай бұрын
Now a video about Keycloak would be quite fitting + a video comparing Authelia, Authentik and Keycloak😁
@Jims-Garage 9 ай бұрын
Thanks, it's on the list! :D My goal is to start off with simpler things and move onto the more Enterprise stuff (hence Authelia -> Authentik -> Keycloak).
@cybr774 9 ай бұрын
@@Jims-Garage Awesome to hear, keep up the great work!
@drbyte2009 Ай бұрын
Nice video Jim, i would love to see a video to secure selfhosting in the combination Authentik / Traefik
@Jims-Garage Ай бұрын
Thanks, can you explain what you mean? You can plug your apps into Authentik as demoed.
@drbyte2009 Ай бұрын
@@Jims-Garage I recently setup Traefik 3.0 in a demo environment, in combination with PiHole as a DNS server. I want to acces some local hosted websites / apps with Authentik
@PeterBatah 7 ай бұрын
Clear and precise. Thank you for sharing your time and experience with us. I must be the only one having trouble logging into Portainer. After clicking on Login with OAuth I see the Portainer logo / Log in to your account / Welcome back! Please enter your details / Authentication in progress / Spinning gear / I am taken back to the login screen / Unable to login via OAuth. Running in a Docker Proxmox VM
@Jims-Garage 7 ай бұрын
Thanks. Be sure to check all of the URLs in the redirection journey. If you're still stuck hop onto Discord - lots of people to help.
@PeterBatah 7 ай бұрын
Thanks so much for the prompt response. I created a new Debian 11 Proxmox container and went through the entire setup again. Everything is working as it should. I suspect that my versions of Docker and Portainer may have well been outdated. Have an awesome evening.@@Jims-Garage
@Jims-Garage 7 ай бұрын
@@PeterBatah great to hear. A strange issue!
@mrtreehugger4259 8 ай бұрын
Thank you very much! Maybe you could also take a look at Zitadel?
@Jims-Garage 8 ай бұрын
You're welcome 😁 Yes, it's on the list. It looks promising.
@larsskage5584 2 ай бұрын
Great video! Exactly what I have been looking for. At 8:10 you mention using a proper domain. My initial setup was wo port forwarding and only using pihole as my internal ens with all fqdn pointing to the nginx proxy manager. The issue is portainer can not resolve the name. It will work if I add the auth fqdn and point it to my public ip and port forward to nginx but I would rather knep it all internal. Is this setup impossible? TIA /lars
@Jims-Garage 2 ай бұрын
Ofc, follow my Traefik video. That uses a DNS challenge which doesn't require any port forwarding.
@senj3ru 22 күн бұрын
and in the future, if you need to update postgres to a newer version, what is the correct way to do this?
@javiesteban4510 9 ай бұрын
one question, You're docker machine is standalone or is installed on proxmox? All of your docker compose are in the same docker machine? If it's proxmox use all the hdd size in this docker machine? best Regards and thanks for all your videos
@Jims-Garage 9 ай бұрын
The machine I'm using in my videos is a standalone VM on Proxmox, it's a replica of what I used to use (hence why it's the homelab journey). I now use Kubernetes, which is what we'll get onto later in the series. For the docker host I used to have, there was a single 512GB nvme drive with a TrueNAS samba share mounted to it for media and backups.
@javiesteban4510 9 ай бұрын
@@Jims-Garage Thanks, related to the TrueNAS server, which the cpu and memory you're using? Thnks
@Jims-Garage 9 ай бұрын
@@javiesteban4510 I'm using a Pentium G4560 (yes, it's ancient), with 32GB of Samsung ECC memory
@fedefede843 9 ай бұрын
Hi, so you need to do the same for each app right? And those apps need to support this (auth2), correct?
@Jims-Garage 9 ай бұрын
Correct, otherwise choose a proxy provider which will behave like Authelia instead.
@planeetpaul 2 ай бұрын
Hi Jim, I am looking for a solution which I can use for my homelab apps but also for my WordPress websites members area. Is it possible to integrate Authelia or Authentik into my WordPress site?
@Jims-Garage 2 ай бұрын
Yes, web proxy should do it.
@fulesmackofule 5 ай бұрын
Awesome! But what happens after 16:52? No password asked? It just gets in Portainer? Too bad all other applications I run for my home lab need password through either pop-up or form...
@Jims-Garage 5 ай бұрын
It's because I'm using the same account as I'm currently logged into Authentik with.
@user-vh1xi1yf1z 2 ай бұрын
how to install not by docker do it by bare install way?
@PeterBatah 7 ай бұрын
Hello again Jim. At approximately 11:38 you state that you can have a single provider for many applications (one to many). Are you sure about that? I have attempted to do so and get the following error message: Application with this provider already exists.
@Jims-Garage 7 ай бұрын
Thanks, I should have been clearer. From the official docs: "Starting with authentik 2023.5, applications can use multiple providers, to augment the functionality of the main provider".
@PeterBatah 7 ай бұрын
My apologies Jim. I should have mentioned that I was using Authentik version 2023.8.3@@Jims-Garage
@abessesmahi4888 9 ай бұрын
Thank you for this great content, and please mute the music during the tutorial because its disturbing.
@Jims-Garage 9 ай бұрын
Thanks, will take that into consideration.
@DesertCookie 4 ай бұрын
I am stuck on the initial setup. It won't redirect me after I have entered my details. The logs don't show anything special either; just a regular API request is logged. Edit: I had to use the HTTPs port. The HTTP port does not work for this. Edit 2: Firefox doesn't work with parts of the UI. I recommend a Chromium-based browser.
@Jims-Garage 4 ай бұрын
Glad it's working. Likely because the Traefik proxy is set to redirect to HTTPS
@user-rs8ln9vz1n 4 ай бұрын
Your docker-compose file on github doesn't work with newer images it seems...
@Jims-Garage 4 ай бұрын
Thanks, I'll investigate when I have time. Please submit a pr if you have a working one.
@michaelventarola7100 6 ай бұрын
What is better? This or Keycloak?
@Jims-Garage 6 ай бұрын
For homelab I would go for Authentik as it has a proxy. For enterprise and OAuth it's keycloak all the way
@user-vh1xi1yf1z 2 ай бұрын
如何使用用户的 id作为唯一键 该如何配置呢
@radhiyahwilliams829 Ай бұрын
Hi, Has anyone managed to setup authentik with a angular project?
@cyberjohn44 8 ай бұрын
Does it support 2FA with SSO?
@Jims-Garage 8 ай бұрын
I believe it does.
@mb0133 9 ай бұрын
how do i enable https for authentik?
@Jims-Garage 9 ай бұрын
Check my follow up video on Authentik, I've added the Traefik labels necessary.
@bradfordjns 4 ай бұрын
Great video ! The files and video has gotten me set up with Authentik on my Docker server working great with openid and the proxy auth. I have also been migrating my services to my K3S cluster, have you managed to set this up in Kubernetes with a deployment.yaml and a traefik ingress.yaml?
@Jims-Garage 4 ай бұрын
Yes, I did a livestream that's available showing how (without Traefik but it's simple to do). I will do it in Kubernetes at a later time
@bradfordjns 4 ай бұрын
Thanks @@Jims-Garage for the quick reply, I just found your video and I working through it now.
Jim's Garage
Рет қаралды 45 М.
Awesome Open Source
Рет қаралды 52 М.
Authelia on Proxmox - 2FA SSO with Nextcloud, Proxmox, Portainer Gitea OpenID Connect Single Sign On
OneMarcFifty
Рет қаралды 21 М.