Authelia

Authelia is an open-source authentication and authorization server providing two-factor authentication and single sign-on (SSO) for your applications via a web portal. It acts as a companion for reverse proxies by allowing, denying, or redirecting requests.

Features

• Several second factor methods:
  • Security Keys that support [FIDO2] [WebAuthn] with devices like a [YubiKey].
  • Time-based One-Time password with compatible authenticator applications.
  • Mobile Push Notifications with Duo.
• Password reset with identity verification using email confirmation.
• Access restriction after too many invalid authentication attempts.
• Fine-grained access control using rules which match criteria like subdomain, user, user group membership, request uri, request method, and network.
• Choice between one-factor and two-factor policies per-rule.
• Support of basic authentication for endpoints protected by the one-factor policy.
• Highly available using a remote database and Redis as a highly available KV store.
• Compatible with Traefik out of the box using the ForwardAuth middleware.
• Curated configuration from LinuxServer via their SWAG container as well as a guide.
• Compatible with [Caddy] using the forward_auth directive.
• Kubernetes Support:
  • Compatible with several Kubernetes ingress controllers:
    • ingress-nginx
    • Traefik Kubernetes CRD
    • Traefik Kubernetes Ingress
    • Istio
  • Beta support for installing via Helm using our Charts.
• Beta support for OAuth 2.0 and OpenID Connect 1.0.