| 29 May 2026 |
 hexa | might order a vm for a new part of infra, if I can allocate one in time | 17:25:37 |
| hexa | tl;dr is we want glitchtip, because we can't really have sentry at home | 17:30:19 |
| hexa | And I want scoped auth and the simplest solution would be a local dex instance | 17:30:51 |
| hexa | But the more interesting solution long-term would be a full idp | 17:31:21 |
| hexa | And I would want that on a dedicated VM tbh | 17:31:39 |
| hexa | Question is: Keycloak vs Authentik | 17:47:15 |
 Jeremy Fleischman (jfly) | I found Keycloak's UI arcane enough that I needed a tool to manage it (I used pulumi, but I imagine terraform would work).
I wouldn't be surprised if Authentik is similar, though. Probably just the nature of the problem space.
| 17:51:57 |
 leona | ideally you know all of the specs by heart if you use keycloak ^^ it's actually much more complicated than the other UIs of the other tools, but it can do anything | 17:57:01 |
| hexa | I have deployed keycloak before, around the Quarkus upgrade. It does offer all the features. | 18:07:56 |
| hexa | But what we mostly need is bridging the gap from where our existing users are. | 18:08:20 |
| hexa | And if someone can recommend Authentik over Keycloak I'm here to listen. | 18:12:26 |
 Marcel | It can be configured declerativly :) | 18:12:44 |
| Marcel | * | 18:13:02 |
| Marcel | ive used both before - there are pretty similar, authentik has an ldap interface (ive never tried it) and has some nice debugging features (you can inspect the id token e.g. in keycload you always had to hack into your applications or had to curl endpoints) | 18:14:05 |
 K900 | I am a certified keycloak hater | 18:14:07 |
| K900 | But I will say that keycloak is probably the only thing I've seen that can do anything | 18:14:19 |
| K900 | With authentik or kanidm or w/e you're eventually going to run into a thing that it just Won't Do | 18:14:42 |
| hexa | kanidm fails at "sign in with github" already :p | 18:15:04 |
| K900 | Well that's more of a "we don't have that yet" | 18:16:00 |
| K900 | But yes | 18:16:07 |
 Tom | 
Download image.png | 20:22:06 |
| Tom | Redacted or Malformed Event | 20:22:22 |
| Tom | also doesn't sound like that will change (if's from their forum) | 20:22:38 |
| Tom | * also doesn't sound like that will change anytime soon (if's from their forum) | 20:24:27 |
 raitobezarius | keycloak4life | 21:18:42 |
| raitobezarius | i contributed sign in with github config to the terraform provider, ur welcome | 21:19:00 |
| hexa | what a sad life. | 21:19:17 |
| raitobezarius | also Keycloak has proper forced PKCE, DPoP and will probably have transaction tokens | 21:19:27 |
| raitobezarius | if i could put the keycloak ui on my screenlocker, i would | 21:19:46 |
| raitobezarius | keycloak can log oidc tokens | 21:26:04 |
