authentik icon indicating copy to clipboard operation
authentik copied to clipboard
verified publisher icon goauthentik

Federation between Authentik

Open thefiredragon opened this issue 1 year ago • 3 comments

Describe your question/ Hey there, I'm relative new to spend time into Authentik and SSO, Is it possible to federate between 2 Authentik instances? Under Federation I think OpenID OAuth Source would be the correct option. Both Authentik instances have ldap sources configured, too.

So could we connect the second Authentik to our instance that remote ldap users can sign in into our delegated services we want to use?

Relevant infos 2023.10.6

Screenshots

Screenshot_20240221_180930

  • authentik version: [2023.10.6]
  • Deployment: [docker-compose]

thefiredragon avatar Feb 21 '24 17:02 thefiredragon

I’m also trying to do this and got OIDC to work, but groups don’t come across.

I also tried LDAP, but can only sync users, can’t get sync to even run when sync groups is enabled.

Last thing I’m trying is SAML, it almost works, but user gets a CSRF validation failure for an unknown reason at this point or a 405 depending on if configured as redirect or post.

los93sol avatar Mar 26 '24 08:03 los93sol

I am also trying to do this but when the user logs in I get an authentication failed: could not retrieve token. error,and occasionally it succeeds

tseking555 avatar Apr 25 '24 09:04 tseking555

Required group sync from OAuth sources will be supported with the upcoming 2024.8 release: https://docs.goauthentik.io/docs/releases/2024.8#new-features

For @tseking555 could you post the logs of the server container when this error message shows up?

setting up authentik federation via OIDC should pretty much just work out of the box, however this is also something we'll document in the future.

BeryJu avatar Aug 15 '24 16:08 BeryJu