azorius.aria.company

🛡️ uSentry - Identity & Access Management (github.com)
from TCB13@lemmy.world to selfhosted@lemmy.world on 25 Apr 14:16
https://lemmy.world/post/28692919

uSentry is a lightweight, self-hosted Identity and Access Management (IAM) and Single Sign-On (SSO) solution designed for homelab and small-scale environments.

⚡ A single PHP file. < 400 lines of code. No database. No background processes. No cloud. Just works. ⚡

Most IAM and SSO solutions require databases, certificates and background services baked into a dozen containers. This is all fine but also also overkill for homelabs and impossible for low-power ARM devices. uSentry is different, it isn’t pretty but it sucks less for a lot of use cases.

Enjoy!

#selfhosted

threaded - newest

Xanza@lemm.ee on 25 Apr 16:57 next collapse

I’m torn between this being fucking genius, and a terrible idea all at once.

EDIT: Requires ngx_http_auth_request_module. * Caddy4lyfe. *

TCB13@lemmy.world on 25 Apr 16:59 next collapse

Well, me too. But frankly OpenIAM (24GB of RAM as a requirement) Keycloak, Authelia do too much, require too much and aren’t suitable at all for SBCs and small scale stuff.

Edit: This is targeted at people that run nginx as a standalone server or proxy.

Xanza@lemm.ee on 25 Apr 17:07 collapse

I respect it.

neodc@sh.itjust.works on 25 Apr 17:04 collapse

I didn’t test, but should be possible with forward_auth (caddyserver.com/docs/caddyfile/…/forward_auth)

Xanza@lemm.ee on 25 Apr 17:07 collapse

Nice! I’ll give it a try.

TCB13@lemmy.world on 25 Apr 21:16 collapse

If you manage to make it worth with Caddy can you share your config? I can add it to the readme or something. Thanks.

Xanza@lemm.ee on 26 Apr 02:58 collapse

For sure. I’m likely gonna take a look at it this weekend.

Vendetta9076@sh.itjust.works on 25 Apr 21:09 next collapse

I feel like committing secrets to a config file instead of .env is a terrible idea. Thats being said this is really useful I’m sure.

TCB13@lemmy.world on 25 Apr 21:17 next collapse

I get the point, but don’t forget those “secrets” are bcrypt hashes. Not really reversible.

Vendetta9076@sh.itjust.works on 25 Apr 23:49 collapse

The issue isn’t that. The issue is its a config folder and a lot of people back their configs up to things like github.

Xanza@lemm.ee on 26 Apr 02:59 collapse

The entire point of .env files are to separate secrets from code. Its specifically the usage for which they were created.

cecilkorik@lemmy.ca on 25 Apr 23:51 next collapse

I have been constantly asking myself why there isn’t something like this, and just wondering if maybe I was missing something about the seeming immense complexity of doing this on a small scale.

Now there is something like this.

I don’t love PHP, but I also don’t love having dozens of separate passwords, keys, certificates and other nonsense to keep track of like I’m doing now. I don’t mind using PHP to get around that if I can.

possiblylinux127@lemmy.zip on 26 Apr 03:24 next collapse

github.com/lldap/lldap

You also could go freeipa or Samba AD

x00z@lemmy.world on 26 Apr 04:14 collapse

Fun little project but I think auth_basic would be perfectly fine instead.