authelia: The Single Sign-On Multi-Factor portal for web apps

authelia

Authelia is an open-source authentication and authorization server providing 2-factor authentication and single sign-on (SSO) for your applications via a web portal. It acts as a companion of reverse proxies like nginx, Traefik or HAProxy to let them know whether queries should pass through. An unauthenticated user is redirected to the Authelia Sign-in portal instead.

The architecture is shown in the diagram below.

Features summary

Here is the list of the main available features:

• Several kinds of the second factor:
  • Security Key (U2F) with Yubikey.
  • Time-based One-Time password with Google Authenticator.
  • Mobile Push Notifications with Duo.
• Password reset with identity verification using email confirmation.
• Single-factor only authentication method available.
• Access restriction after too many authentication attempts.
• Fine-grained access control per subdomain, user, resource and network.
• Support of basic authentication for endpoints protected by single factor.
• Highly available using a remote database and Redis as a highly available KV store.
• Compatible with Kubernetes ingress-nginx controller out of the box.

It works in combination with nginx, Traefik or HAProxy. It can be deployed on bare metal with Docker or on top of Kubernetes.

Install && Use

Copyright 2019 Clément Michaud