Skip to content

SSO — Authentik Unified Identity Authentication#414

Open
sungdark wants to merge 1 commit intoillbnm:masterfrom
sungdark:feature/sso-authentik
Open

SSO — Authentik Unified Identity Authentication#414
sungdark wants to merge 1 commit intoillbnm:masterfrom
sungdark:feature/sso-authentik

Conversation

@sungdark
Copy link
Copy Markdown

@sungdark sungdark commented Apr 3, 2026

Implemented Authentik SSO per issue #9: auto OIDC provider setup, Traefik ForwardAuth, user groups, multi-service integration.

Features:

  • Geo-IP tracking disabled by default (privacy)
  • Automatic OIDC provider creation for Grafana, Gitea, Outline, Nextcloud, OpenWebUI, Portainer
  • Traefik ForwardAuth middleware (authentik@file)
  • Basic auth fallback middleware for APIs
  • User groups design: admins/users/media
  • Nextcloud social login + OIDC dual support
  • Portainer OAuth2 via AUTH_OIDC env vars
  • OpenWebUI OIDC via WEBUI_OAUTH_* env vars
  • Updated .env.example with all required OAuth variables

feat(sso): implement Authentik unified identity with Traefik ForwardAuth
682f880 
Implemented Authentik SSO per issue illbnm#9:
- Geo-IP tracking disabled by default (privacy)
- Automatic OIDC provider setup for Grafana, Gitea, Outline,
  Nextcloud, OpenWebUI, Portainer via setup-authentik.sh
- Traefik ForwardAuth middleware (config/traefik/dynamic/middlewares.yml)
- Basic auth fallback for APIs (config/traefik/middlewares-basic.yml)
- User groups design (admins/users/media) in sso/README.md
- Nextcloud social login + OIDC dual support (nextcloud-oidc.config.php)
- Portainer OAuth2 config (AUTH_OIDC env vars)
- Open WebUI OIDC config (WEBUI_OAUTH_* env vars)
- .env.example: AUTHENTIK_BOOTSTRAP_TOKEN + per-service OAuth vars
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@sungdark