- I’m new to #Authentik - I’ve just spun up a test instance and tried to connect my first application (#Postiz) but I’m kind of stuck.
I’ve installed both Postiz and Authentik using Docker Compose - as provided by the relevant apps.
As far as #Authentik goes it looks like its approving authentication requests (its showing successes in the GUI) but the application just returns to the login screen without progressing.
One thing that I found was that within the configuration of the Application and Provider one URL provided by Authentik is the /application/o/postiz/.well-known/openid-configuration which lists several URLs used by the application - one is /application/o/authorize/ but unlike all the others this returns a 404 error when I try to load it via the browser.
I am struggling to work out if - this URL should 404 should occur and also how to diagnose what the problem is.
I’ve popped messages in their relevant Discord forums but any ideas or input would be greatly appreciated - I’m figuring getting Authentik is going to be key to getting other applications going.
Any particular reason for Authentik? I found it very resource hungry and slow. PocketId on the other hand, is super lightweight and fast
@devaly I really just went for the one that Postiz had suggested and had some template configurations for … and it seemed to be one of the most used (oh and a friend had suggested it to )
@devaly Is it possible to use PocketID without Https if I am testing it internally ?
nope, https only. Because pocket id uses web authn which requires encryption
@devaly Ah ok … it looks interesting… I might need to push on with Authentik in the meantime just till I get more of an idea - It might also prove useful when I need to link to LDAP and Azure AD
Pocket-id also supports ldap sync https://pocket-id.org/docs/configuration/ldap
I tried Authentik then moved to Authelia and then to pocket-id. I found the first two unnecessarily complicated for selfhosting unless you want to specifically learn them.
Setting up https is quite straightforward, especially with caddy.
I feel the same, at least for a homelab. It’s very feature rich though.
For that reason I switched to Keycloak. It seems a lot faster.
https://integrations.goauthentik.io/applications/
https://youtube.com/playlist?list=PLH73rprBo7vSkDq-hAuXOoXx2es-1ExOP
Everything you need is there. Authentik is fantastic.
So an update. It turns out that all the issues were actually to do with Postiz rather than Authentic. - I tried installing a few other apps and linking them to Authentik but I ran into a few issues. Then I took Postiz and tried turning off the Atuthentik authentication and then just getting it to work with native user accounts. This initially didn’t work - it turned out that there were a few issues.
-
The startup procedure for Poztiz actually left the backend API service not running properly. I had to run the docker compose, get all the other services running and then stop the postiz container specifically wait a bit more and then restart just that container. That got the API service running.
-
Because I was just running it internally I didn’t have SSL certificates configured and was just using http - consequently I had to introduce NOT_SECURED: “true” into the environment section of the Postiz service in the compose file and then repeat the process above. This resolved a silent error in my browser where cookies used to manage the authenticated browser session were discarded because I wasn’t using SSL.
So success at least getting Postiz running. I am now going to step back, reconfigure it for Authentic retry.
I am going to guess that these issues might be relevant if you are running Postiz behind a reverse proxy (I’m not sure if this is being done with the docker compose set-up). I possibly also need to look at how much memory and CPU I have on my test VM.
I’ve posted similar details in Postiz Discord. If anyone else is using #Postiz and would like to exchange notes - please do drop me a mention. Always good to have other people to talk to about these things and share notes.
-


