is not an OAuth or OpenID Connect provider yet (planned in the roadmap)
is not a SAML provider yet.
does not support authentication against an OAuth or OpenID Connect provider yet.
does not support authentication against a SAML provider yet.
does not support using hardware devices as single factor.
does not provide a PAM module yet.
oauth2_proxy is a great tool that lets you create a transparent OAuth proxy to provide SSO for any internal service. Protect an entire subdomain of services using one identity provider! Guides exist for integrating it with K8s, but luckily it's just a binary so you can protect non-K8s services with it too. It's also super easy to deploy, as you can configure the whole thing with just environment variables, or a config file. The docs are decent too. https://github.com/oauth2-proxy/oauth2-proxy
They all have different OAuth providers, so check them each out to see which one works with your identity provider. (GitHub OAuth + SSO makes using these a no-brainer)
There's also S.S.Octopus, and Pomerium. https://github.com/buzzfeed/sso https://github.com/pomerium/pomerium
They all have different OAuth providers, so check them each out to see which one works with your identity provider. (GitHub OAuth + SSO makes using these a no-brainer)
For just SAML, there's saml-auth-proxy, though I haven't looked into it much. https://github.com/itzg/saml-auth-proxy