OIDC Trumps XML Bloat: Which Self-Host SSO Tool Beats Authelia's YAML Setup?
OpenID Connect (OIDC) is the established standard for modern Single Sign-On (SSO), with users emphatically rejecting SAML due to its verbose, XML-based structure.
The conflict centers on defining 'easiest.' badlotus advocates for Authelia, citing its simple YAML files and Traefik support. Conversely, Chaser pushed Pocket ID for its initial simplicity, but Lemmchen slammed this approach for failing on non-browser clients like Android TV. Authentik and Kanidm are also proposed, with Tinkerer praising Authentik’s documentation, while stratself points to Kanidm for clean OAuth2 scoping.
The consensus favors OIDC protocols over SAML complexity. The major fault line is between Authelia’s documented setup ease and the inherent, sometimes brutal, limitations of Passkey reliance in tools like Pocket ID.
Key Points
OIDC is vastly superior to SAML.
MrPnut stated OIDC is technically simpler because it uses JWTs rather than convoluted XML namespaces.
Authelia is recommended for setup simplicity.
badlotus gave it high marks for its guides, especially integrating with Traefik via simple YAML.
Pocket ID's Passkey dependency creates major hurdles.
Lemmchen warned that Pocket ID's Passkey reliance breaks down for platforms like Android TV.
Authentik offers good documentation for homelabs.
Tinkerer praised its documentation, and generaldenmark called it manageable despite the learning curve.
Kanidm is a simple, container-based OAuth2 alternative.
stratself suggested it, noting its clear examples for mapping OAuth2 scopes and groups.
Source Discussions (3)
This report was synthesized from the following Lemmy discussions, ranked by community score.