authelia: The Single Sign-On Multi-Factor portal for web apps

authelia

Authelia is an open-source authentication and authorization server providing 2-factor authentication and single sign-on (SSO) for your applications via a web portal. It acts as a companion of reverse proxies like nginxTraefik or HAProxy to let them know whether queries should pass through. An unauthenticated user is redirected to the Authelia Sign-in portal instead.

The architecture is shown in the diagram below.

 

Features summary

Here is the list of the main available features:

  • Several kinds of the second factor:
  • Password reset with identity verification using email confirmation.
  • Single-factor only authentication method available.
  • Access restriction after too many authentication attempts.
  • Fine-grained access control per subdomain, user, resource and network.
  • Support of basic authentication for endpoints protected by single factor.
  • Highly available using a remote database and Redis as a highly available KV store.
  • Compatible with Kubernetes ingress-nginx controller out of the box.

It works in combination with nginxTraefik or HAProxy. It can be deployed on bare metal with Docker or on top of Kubernetes.

Install && Use

Copyright 2019 Clément Michaud