- I’m new to #Authentik - I’ve just spun up a test instance and tried to connect my first application (#Postiz) but I’m kind of stuck.
I’ve installed both Postiz and Authentik using Docker Compose - as provided by the relevant apps.
As far as #Authentik goes it looks like its approving authentication requests (its showing successes in the GUI) but the application just returns to the login screen without progressing.
One thing that I found was that within the configuration of the Application and Provider one URL provided by Authentik is the /application/o/postiz/.well-known/openid-configuration which lists several URLs used by the application - one is /application/o/authorize/ but unlike all the others this returns a 404 error when I try to load it via the browser.
I am struggling to work out if - this URL should 404 should occur and also how to diagnose what the problem is.
I’ve popped messages in their relevant Discord forums but any ideas or input would be greatly appreciated - I’m figuring getting Authentik is going to be key to getting other applications going.
I have self hosted for years using Authentik and have 50 + services. Postiz has been one of the most challenging to spin up and maintain. The documentation is not up to date, the software is constantly changing and I had to tweak lots to get it to work. Even now, it seems to crash after a few days and haven’t had the chance to investigate. All these posts I set up didn’t go through and now if I turn it back on, it’ll release them all in one go before I can get in to stop it, or have to revert to a fresh install…
The vast majority of services and not like this so don’t get disheartened! Try some other ones first them come back to this when more experienced. I recommend Bento PDF, ConvertX, outline wiki, vikunja and immich (if you have the storage space).
At first, try to stick to software on Authentik’s guides (https://integrations.goauthentik.io/). Once you do a few OIDC and forward proxy services you’ll get the hang of it.
When I get a chance I’ll share my docker compose SSO settings and authentik redirect uri that worked for me with the caveat that the software crashes for some reason.
@brewery Oh cheers. Yeah I think I need to test setting up another app to confirm whether its Authentik or Postiz. The other app I am looking at is an open source core banking system so I think I’ll leave that one for a while and as you suggest try something more straight forward.
I’m keen to get Postiz working because I belong to a sailing club and its a time vacuum posting updates all over the place.
I’m interested do you you anything for social listening - I’d like to pull together a few social feeds from Twitter, Instal, Facebook and provide them to the few of us that are working on keeping the club’s profile up.
I moved away from authentik for void-auth: https://github.com/voidauth/voidauth
Life is so much better…
If you don’t mind me asking, what made you go with VoidAuth vs Authelia or something else entirely?
I’m in a similar boat as OP and while VoidAuth looks very promising I’m put off a little by the young age and size of the project.
I tried literally every mature option and they all were ridiculously complicated or just straight didn’t work for me. Voidauth just works. One container. Does everything you need to offer SSO for your users, and secures apps that don’t use SSO just as easily with proxyauth.
https://integrations.goauthentik.io/applications/
https://youtube.com/playlist?list=PLH73rprBo7vSkDq-hAuXOoXx2es-1ExOP
Everything you need is there. Authentik is fantastic.
Any particular reason for Authentik? I found it very resource hungry and slow. PocketId on the other hand, is super lightweight and fast
@devaly Is it possible to use PocketID without Https if I am testing it internally ?
nope, https only. Because pocket id uses web authn which requires encryption
@devaly Ah ok … it looks interesting… I might need to push on with Authentik in the meantime just till I get more of an idea - It might also prove useful when I need to link to LDAP and Azure AD
Pocket-id also supports ldap sync https://pocket-id.org/docs/configuration/ldap
I tried Authentik then moved to Authelia and then to pocket-id. I found the first two unnecessarily complicated for selfhosting unless you want to specifically learn them.
Setting up https is quite straightforward, especially with caddy.
@devaly I really just went for the one that Postiz had suggested and had some template configurations for … and it seemed to be one of the most used (oh and a friend had suggested it to )
If you are getting the authentik login screen and being redirected, it’s either the redirect url not being right or the app itself not being configured for authentik.
Source: my limited knowledge with authentik and other apps.
