- I’m new to #Authentik - I’ve just spun up a test instance and tried to connect my first application (#Postiz) but I’m kind of stuck.

I’ve installed both Postiz and Authentik using Docker Compose - as provided by the relevant apps.

As far as #Authentik goes it looks like its approving authentication requests (its showing successes in the GUI) but the application just returns to the login screen without progressing.

One thing that I found was that within the configuration of the Application and Provider one URL provided by Authentik is the /application/o/postiz/.well-known/openid-configuration which lists several URLs used by the application - one is /application/o/authorize/ but unlike all the others this returns a 404 error when I try to load it via the browser.

I am struggling to work out if - this URL should 404 should occur and also how to diagnose what the problem is.

I’ve popped messages in their relevant Discord forums but any ideas or input would be greatly appreciated - I’m figuring getting Authentik is going to be key to getting other applications going.

  • devaly@ani.social
    link
    fedilink
    English
    arrow-up
    3
    ·
    23 days ago

    Any particular reason for Authentik? I found it very resource hungry and slow. PocketId on the other hand, is super lightweight and fast

    • abeorch@friendica.ginestes.esOP
      link
      fedilink
      arrow-up
      2
      ·
      23 days ago

      @devaly I really just went for the one that Postiz had suggested and had some template configurations for … and it seemed to be one of the most used (oh and a friend had suggested it to )

      • devaly@ani.social
        link
        fedilink
        English
        arrow-up
        2
        ·
        23 days ago

        nope, https only. Because pocket id uses web authn which requires encryption

        • abeorch@friendica.ginestes.esOP
          link
          fedilink
          arrow-up
          2
          ·
          23 days ago

          @devaly Ah ok … it looks interesting… I might need to push on with Authentik in the meantime just till I get more of an idea - It might also prove useful when I need to link to LDAP and Azure AD

          • saddlebag@lemmy.world
            link
            fedilink
            English
            arrow-up
            2
            ·
            23 days ago

            Pocket-id also supports ldap sync https://pocket-id.org/docs/configuration/ldap

            I tried Authentik then moved to Authelia and then to pocket-id. I found the first two unnecessarily complicated for selfhosting unless you want to specifically learn them.

            Setting up https is quite straightforward, especially with caddy.

    • Lovable Titty @lemmy.world
      link
      fedilink
      English
      arrow-up
      1
      ·
      22 days ago

      I feel the same, at least for a homelab. It’s very feature rich though.

      For that reason I switched to Keycloak. It seems a lot faster.

  • abeorch@friendica.ginestes.esOP
    link
    fedilink
    arrow-up
    1
    ·
    20 days ago

    So an update. It turns out that all the issues were actually to do with Postiz rather than Authentic. - I tried installing a few other apps and linking them to Authentik but I ran into a few issues. Then I took Postiz and tried turning off the Atuthentik authentication and then just getting it to work with native user accounts. This initially didn’t work - it turned out that there were a few issues.

    1. The startup procedure for Poztiz actually left the backend API service not running properly. I had to run the docker compose, get all the other services running and then stop the postiz container specifically wait a bit more and then restart just that container. That got the API service running.

    2. Because I was just running it internally I didn’t have SSL certificates configured and was just using http - consequently I had to introduce NOT_SECURED: “true” into the environment section of the Postiz service in the compose file and then repeat the process above. This resolved a silent error in my browser where cookies used to manage the authenticated browser session were discarded because I wasn’t using SSL.

    So success at least getting Postiz running. I am now going to step back, reconfigure it for Authentic retry.

    I am going to guess that these issues might be relevant if you are running Postiz behind a reverse proxy (I’m not sure if this is being done with the docker compose set-up). I possibly also need to look at how much memory and CPU I have on my test VM.

    I’ve posted similar details in Postiz Discord. If anyone else is using #Postiz and would like to exchange notes - please do drop me a mention. Always good to have other people to talk to about these things and share notes.