Thank you, this was actually inspiring. I’d like to imagine I was making a better world before, and will continue to do so with all my strengths.

There’s SwiftFin, but it’s been a while from the last update (iOS app was updated recently though) and there’s a number of issues. It’s usable though (I’m using it).

I mean, it is a bit rough, they’re not at 1.0 yet, also: are you looking at the stable or latest docs? That may be the reason the commands do not match with the docs.

I didn’t have any issues, do you see anything in the logs?

Yeah, sounds like a security feature… I was able to configure Traefik to connect with TLS, verifying the peer certificate.

Yes, it should cover all the use cases you mention!

I use oauth2-proxy as ForwardAuth on Traefik so I can protect apps that do not support OAuth/OIDC login/

I use kanidm with oauth2-proxy. No issues so far, it was pretty easy to set up.

Note that the connection to kanidm needs to be TLS even if you have a reverse proxy!

EDIT: currently using 80MB RAM for two users and three Service Providers.

Exactly this. In a federated network, the instance with the majority of users could dictate the protocol, forcing the smaller issues to continually adapt or die. See this post for a very real example of this.