Setting up a well-organized OIDC flow with a nice IdP and many relying parties is painful. In my opinion, at least. But at least for me, a decently open-source solution, Authentik was not unreasonably hard to use, but the difficulty and unfamiliarity with the whole workflow, and what is necessary for the application to work, made the whole process all the more tricky.
My setup has, as of now, an Authentik IdP serving an organized workflow to authorize connecting myself to currently two services - My Git hosting and private files directory, permissions for which I only give out to people I trust. This is why Authentik was such a nice choice for my use case. I wanted something decently easy to understand and set up as a beginner to SSO stuff. By comparison, Authelia or Keycloak, while being nice solutions, are either too complex, or comes with too much overhead to be practical.
Anyway, this article will continue to update as I understand more about OIDC. Right now, I’m just happy I need a few less passwords :)
The basic structure from which a login experience can be constructed for the end user.
Made with ❤ and at Delft, the Netherlands.