HACKER Q&A
📣 aloukissas

Open-source auth0/octa alternative?


Hi HN community! Are you familiar with any OSS projects that aim to have somewhat parity with using an identity service like auth0 or octa? The idea is for this to have all the nice things about having a 3rd party service for identity, but being able to run in one's infra. Something e.g. what https://github.com/mikecao/umami does for analytics.

What I'd like this to have: (a) .sql files to setup the DB, (b) Dockerfile for easy deployment, (c) admin panel for stuff like tracking/revoking sessions, etc, (d) built on something battle-tested (e.g. devise).

  👤 ThePhysicist Accepted Answer ✓
Keycloak (https://www.keycloak.org/) seems to be the most popular OS solution.
👤 verdverm
Check the CNCF Landscape. DEX used to be there but doesn't seem to be lately. There ought to be something over there.

I don't think you will find something as mature as you want in OSS. I have yet to find it, maybe someone else is aware...

👤 matdehaast
Highly recommend the stuff from Ory. They have Kratos (https://github.com/ory/kratos). Which I haven’t used because it was still alpha but have used Hydra extensively and it is an amazing piece of tech
👤 notmyname9173
auth0 and Okta are basically private SAML (+OAuth +OIDC) federation facilitators. The pieces to build what you describe are all out there, but there aren’t a ton of pre-assembled packages.

Keycloak is a pretty competent all-in-one solution, but has weak support for some standards that are critical for higher-Ed (who tend to drive most of the new work in IAM).

FreeIPA is also worth a look. If you add Shibboleth or SimpleSAMLphp and a web UI, you’d be close to Keycloak in terms of features (but maybe not maintenance).

👤 avenger123
I'm evaluating fusionauth.io myself. It seems it would fit your requirements. It's not fully OSS though.
👤 dylz
keycloak

hydra/kratos

fusionauth (not FOSS; not very good for a public internet application - probably ok for internal apps)

gluu