I thought someone really had to break some threshold so they wouldn't close the deal unless they got another .001. Like maybe some bonus depended upon some target value.
Rundeck uses it for its plugins. It might be like how people use lua for their main program's dynamic scripting except they know Java so they use groovy.
Wireguard Portal is an open source self service capable web interface for Wireguard user and configuration management. It supports creating users automatically from external sources such as LDAP and comes with LDAP, oauth and Passkey authentication for the web interface. No SSO tax.
Wireguard Portal allows creating, enabling and disabling Wireguard users and sessions both manually and via its API. i.e Removing an employee from LDAP would disable that user's Wireguard access almost immediately. (This is the missing bit in many of the similar projects right now)
They have an enterprise version now (mostly for support and bleeding edge features that later make it into the open source product.)
It's pretty easy to self host. I have been doing it for a small site for years and I couldn't even get any other open source solution to work. They are mostly huge with less features.
No provider has been able to match Auth0 actions unfortunately. Auth0 allows you to execute custom code at any point in the auth lifecycle and allow/deny based on that or enrich user attributes. Super useful when you have a legacy system that is hard to migrate away from. If anyone has any recommendations I'm all ears
We have lambdas (basically JavaScript code that can make API calls[0] and be managed and tested[1]) that execute at fixed points in the auth lifecycle:
- before a login is allowed
- before a token is created
- after a user returns from a federated login (SAML, OIDC, etc)
- before a user registers
And more[2].
And we're currently working on one for "before an MFA challenge is issued"[3].
There are some limitations[4]. We don't allow, for instance, loading of arbitrary JavaScript libraries.
Not sure if that meets all your needs, but thought it was worth mentioning.
I am not qualified to say whether Authentik can do all of what you need but it does allow custom python code in a lot of places. Perhaps you can ask whether what you need is available directly. They are very active in Discord.
(authentik maintainer here)
It does! Also, not only in the authentication process, but also during individual authorization flows, and in a few other places as well, like when a user edits their settings, or whenever an event (basically whenever something happens in authentik) but that's more a reactive process than inline
Thanks for the mention! (Authentik Security CEO here.) We've become something of Okta migration experts at this point... Cloudflare moved to us a couple years back after they had to be the ones to let Okta know it'd been breached yet again. [1]
Cloudflare??? Damn. that is HUGE! Congratulations. You guys have a super solid product full of features and a decent founder. Maybe enterprises don't care about my favorite feature but it makes securing EVERYTHING a breeze. Embedded proxy! That is GOAT.
I just paused cloudflare on a site of mine. On a normal day, it would be pretty easy to unpause it if it gets hit by a DDOS. Now cloudflare is down and the site is up again. Small sites do not benefit much from the performance effects of cloudflare either. Site won't be in their cache.
I was just able to save a proxied site. Then the dashboard went down again. I didn't even know it was still on. It's really not doing anything for performance because the traffic is quite low.
reply