Homelab

371 readers

9 users here now

Rules

Be Civil.
Post about your homelab, discussion of your homelab, questions you may have, or general discussion about transition your skill from the homelab to the workplace.
No memes or potato images.
We love detailed homelab builds, especially network diagrams!
Report any posts that you feel should be brought to our attention.
Please no shitposting or blogspam.
No Referral Linking.
Keep piracy discussion off of this community

founded 1 year ago

MODERATORS

communick@selfhosted.forum

rglullis@communick.news

Home lab single sign on options (alien.top)

submitted 1 year ago by supercamlabs@alien.top to c/homelab@selfhosted.forum

2 comments fedilink hide all child comments

Hello,

I am doing some research on SSO for homelab. My fallback is to use ADFS but from my understanding this would only work if I'm on my home network.

I've looked into other options like Keycloak / Authelia / Authentik

I know google offers a free identity solution that does SSO, but not sure if that would work for my situation.

you are viewing a single comment's thread
view the rest of the comments

[–] mreiner@beehaw.org 1 points 1 year ago

When I had my homelab services exposed to the broader web, I enjoyed using Authelia with NGINX. It supported MFA and worked well enough.

That said, I HIGHLY suggest you expose as few of your home systems to the web as possible. Ideally, I would set up a VPN like WireGuard or OpenVPN and use that to connect into your LAN while on the go.

The more of your home network you expose to the web, the bigger your attack surface. If you can just turn on a VPN that already has strong authentication like asymmetric key pairs, you significantly reduce the ways someone can break into your home network while making as many (or few) of your home services available through that VPN as you want.