🌻:Services/Single-Sign-On

Cyberia Single Sign-On

This is a stub.

This is a placeholder for a single sign-on system to be selected and built for cyberia. It does not yet exist.

Rough Criteria:

• OpenID Connect with .well-known/openid-configuration

• WebAuthN Passkey support

Unstructured Thoughts:

• Forgejo is able to act as an identity provider

• SSH key management would be excellent. Maybe an agent too.

• It would be great if it can use existing logins from either matrix or forgejo.

Candidates

rauthy

https://github.com/sebadob/rauthy

• Rust server

• OpenID Connect Identity Provider

• Forest suggested

authentik

https://goauthentik.io/features/

• Designed for enterprise, overwhelming

• Supports SSH/RDP/VNC

• Many ways to integrate with existing services

Forgejo

• https://forgejo.org/docs/latest/user/oauth2-provider/

• Already deployed and maintained

• Limited oidc grant-type support

• "At the moment, Forgejo only supports the Authorization Code Grant standard"

Duende IdentityServer

• https://duendesoftware.com/products/communityedition

• C# Server

• kbot has experience building custom identity servers using duende.

• Fully customizable in code. We can customize for any out-of-band cases.

• Proprietary, but free license <$1M revenue.

OpenIddict

• https://openiddict.com/

• C# Server

• Apache 2.0 license

• Most or even all the features of duende

• Somewhat streamlined C# sdk