🔑

Simplifying Home Lab Authentication with Authentic

Aug 2, 2024

Lecture Notes: Handling Authentication with Authentic

Introduction

  • Speaker: Christian
  • Focus: Handling authentication in a home lab using Authentic, an open-source identity provider (IDP).
  • Benefits: Secure login to administrative services without needing to log in multiple times.

Key Features of Authentic

  • Single Sign-On: Log in once to access all services (e.g., Proxmox, POA).
  • Multi-Factor Authentication (MFA): Stronger security with MFA integration.
  • Integration: Works well with Docker, Traefik (reverse proxy).
  • Protocol Support: Supports SAML, OpenID Connect, and OAuth.
  • Documentation: Rich documentation available, covering architecture and terminology.

Additional Security Tool: Wasa

  • Wasa Overview: An open-source security platform for endpoint and cloud workload protection.
  • Features: Extended detection and response, security information management, security configuration assessments against CIS Benchmark.
  • Recommendation: Check out Wasa for securing devices.

Installing Authentic

  • Installation Options: Can be installed via Kubernetes, Docker, or other methods.
  • Preferred Setup: Using Docker Compose with Traefik as a reverse proxy.
  • Configuration: Steps to set up Docker containers for Authentic with Redis and PostgreSQL.

Environment Configuration

  • Use .env files for managing environment variables.
  • Importance of securing secret keys and using specific version tags instead of "latest" for Docker images.

Initial Setup of Authentic

  • Access the Authentic setup via the configured subdomain.
  • Default Admin User: Created during setup. Set strong password and admin email.

User Management

  • Create new users and configure multi-factor authentication.
  • Deactivate the default admin user to enhance security.

Connecting Services to Authentic

Proxmox and Painer Integration

  • Steps to connect Painer using OpenID provider settings in Authentic.
  • Adjust settings in Painer to recognize Authentic as the authentication provider.
  • Follow similar steps for integrating Proxmox:
    • Create a new provider in Authentic, configure client ID and secret, and set proper redirect URIs.

Protecting Web Applications

  • Use Traefik for protecting any web application with an authentication lock-in.
  • Configure middleware in Traefik for forward authentication with Authentic.
  • Create a provider and application in Authentic for the web application (e.g., Nginx web server).

Conclusion

  • Authentic simplifies and centralizes authentication for different services in a home lab.
  • Future considerations include learning more about additional authentication methods and deployments.
  • Encouragement to engage with the speaker through likes and subscriptions for future content.

Full transcript