Posts for: #SSO

Authentik Proxy

Setting up a page to authenticate and protect an unauthenticated page using Authentik, from a kubernetes cluster isn’t as well documented if your primary ingress is nginx. Traefik seems to be more popular and better documented. Authentik does have some documentation but there are a couple clarifying steps missing.

docs.goauthentik.io/docs/add-secure-apps/providers/proxy/server_nginx

For starters, create the group that will be assigned the app, users do not need to be assigned yet. Then create an application and a provider using the Wizard. We can use the embedded outpost that’s provided alongside the Authentik helm install. When supplying details on the Provider, “Advanced flow Settings->Authentication flow” should be set. While still within Authentik’s admin panel we need to add the application in question to the outpost that will be used or create a new one as needed.

[Read more]

OIDC with K3s

I want to authenticate to work on my kubernetes (k3s) cluster not for any particular reason but specifically for knowledges sake. Following this I was able to get most of the way but there were a couple caveats and it doesn’t seem to be documented that many places. I’m not sure if it’s because it’s a bare metal situation and most k8 clusters are run on hyperscalers or if it’s just not something that’s usually done.

[Read more]