[Superseded] Authelia - Authentication & SSO
Authelia has been replaced by Authentik for use in the kasad.com web apps. Authentik provides more customization, as well as a web-based user interface for managing users, which was my main gripe when using Authelia.
Authelia is an open-source authentication and authorization server and portal. It is used in the SWAG stack as an authentication agent and an SSO portal.
The Authelia container uses the
ghcr.io/authelia/authelia Docker image, version
To-do: document Authelia's configuration.
Authelia is configured to use a YAML file to store users, since there are not enough users that switching to an SQL database is justified.
Authelia is published at auth.kasad.com.
Because Authelia is used as the authentication backend for Cloudflare Access, it bypasses Access auth. Otherwise an infinite loop would occur, where Cloudflare tries to access Authelia as the auth backend and Authelia tries to redirect back to Cloudflare for pre-auth.
Authelia runs in a single container. It's currently part of the SWAG stack. It can (and probably should) be separated into its own stack. The Docker Compose service configuration for it is:
services: # ... authelia: image: ghcr.io/authelia/authelia:4.36.4 container_name: authelia user: '938:941' # swag:servlets environment: - TZ=America/Los_Angeles volumes: - /srv/swag/authelia_config:/config restart: unless-stopped
Authelia (auth.kasad.com) is used as an authentication backend for Cloudflare Zero Trust. It is also used as the authentication provider for the following web apps using the OpenID Connect specification: