Well that is not good! It looks to be working for me on iOS and Windows Firefox (librefox), I don’t have a way to test on Android 😕 If you don’t mind opening a GitHub issue that would be helpful, and I will add some extra debug logging that may help narrow down the issue.

I think technically you might actually not need https termination anymore, it was required when the session cookies were set secure manually but now they should be set automatically if the request protocol was https. You can give it a try just using http or self-signed certs, if you do let me know if it works!

You should be aware though that if you are not using https your password and other secrets will be transmitted unencrypted on that layer, so make sure that your setup is secured/encrypted in some other way like wireguard/vpn tunneling.

I would recommend checking out the Getting Started page in the docs, which I realize can be a lot! Once you have an initial instance running (you can always change environment variables later to suite your needs) and have logged in with the initial admin username and password that appear in the logs on first start, you can check out the Admin Guides section in the docs sidebar. There you should be able to see pages relating to OIDC Setup (including for specific apps) and other topics. If you set up OIDC on a new app that doesn’t yet have documentation, PRs with updates to the documentation are welcome! If you have any questions you can feel free to ask in the repo issues/discussions and I will try to help out 😊

VoidAuth is an Authentik alternative that aims to be easier to use/setup (and look a bit nicer imo). It does provide OIDC and ProxyAuth (ForwardAuth), but Authentik is certainly a more mature/complex SSO provider.

I have never used Smallstep, but based on the documentation it looks like a native+id_token client. If you can get an error message or debug trace, you can sent it to me or open a GitHub issue and I will take a look at it 🙂

Thank you!

You can try VoidAuth, it is kinda similar to Authelia+lldap. I am the developer and I created it because I wasn’t satisfied with Authelia’s user management. If you decide you want to try it and run into any issues or questions I will try to help :)

VoidAuth is simpler to setup/use than Authentik for sure, but of course Authentik has more features. They both support proxy-auth, OIDC, and have user management UIs so in that way they are similar. I like VoidAuth for its simplicity but you can always run both and decide, if you have any questions about setup I will try to answer!

I would not recommend using VoidAuth to anyone who needs to be any kind of security compliant. I am not a security professional and am using packages for the OIDC and other security heavy-lifting. I can recommend VoidAuth for those just looking for a simple but good looking auth app for securing their own selfhosted apps and resources.

Let me know how it goes!