this post was submitted on 20 Nov 2023
6 points (100.0% liked)

Homelab

22 readers
1 users here now

Rules

founded 1 year ago
MODERATORS
 

Hello,

I am doing some research on SSO for homelab. My fallback is to use ADFS but from my understanding this would only work if I'm on my home network.

I've looked into other options like Keycloak / Authelia / Authentik

I know google offers a free identity solution that does SSO, but not sure if that would work for my situation.

top 2 comments
sorted by: hot top controversial new old
[โ€“] mreiner 1 points 1 year ago

When I had my homelab services exposed to the broader web, I enjoyed using Authelia with NGINX. It supported MFA and worked well enough.

That said, I HIGHLY suggest you expose as few of your home systems to the web as possible. Ideally, I would set up a VPN like WireGuard or OpenVPN and use that to connect into your LAN while on the go.

The more of your home network you expose to the web, the bigger your attack surface. If you can just turn on a VPN that already has strong authentication like asymmetric key pairs, you significantly reduce the ways someone can break into your home network while making as many (or few) of your home services available through that VPN as you want.

I have been using cosmos and it's been great for that, even setup 2fa.