Authelia

Authelia is an open-source authentication and authorization server for single sign-on and two-factor authentication. It provides a web portal for applications and sits in front of them to allow, deny, or redirect requests.

It supports OpenID Connect 1.0 and OAuth 2.0, security keys with FIDO2 WebAuthn, TOTP, mobile push notifications with Duo, and passwordless authentication via WebAuthn passkeys. It also includes identity-verification email password reset, access restriction after too many invalid attempts, and fine-grained access control rules based on subdomain, user, group membership, request URI, request method, and network.

Authelia ships as a standalone service from AUR, APT, FreeBSD Ports, static binaries, .deb packages, Docker, and Kubernetes. It works with nginx, Traefik, Caddy, Skipper, Envoy, and HAProxy, and can be deployed on bare metal or Kubernetes. The project is Apache 2.0 licensed and OpenID Certified for several OpenID Connect profiles.