Comment on Looking for a reverse proxy to put any service behind a login for external access.
node815@lemmy.world 7 months agoAuthentik is my IDP provider so I put it in front of all my publicly facing Apps which support OIDC login. For example, I can log into my Portainer instance from an external network, but to do so, I log into Authentik First which sends it to my service.
For the apps which support HTTP headers, like I said, Pomerium acts as the service which passes my credentials to the device. I admit - Authentik does this also without the need for Pomerium, (through their flow settings) but I found Pomerium to be much easier to set up for this than Authentik and haven’t looked back or felt the need to change it.
namelivia@lemmy.world 7 months ago
Ah I see! Thanks for the explanation, I have pomerium in front of everything using Google as IDP. Then if the app supports header authentication (like grafana) I get automatically logged in, and for those that don’t I have to log in again (a bit inconvenient) I event went as far as forking one and implementing header authentication myself.