WilliamLam.com

Search Results for: authentik

MS-A2 VCF 9.0 Lab: Configuring Authentik Identity Provider VMware for Private AI Services (PAIS)

by // Leave a Comment

In this blog post, we will walk through the configuration of an Identity Provider (IdP) and create an OIDC Public Application Client, which will be used to grant access to a PAIS deployment. As of this blog post, the instructions for setting up the required IdP will be based on Authentik (which I have blogged about before), which is a free and self-hosted IdP solution.

Note: I am also looking to get this working using Keycloak, but currently I am still debugging some issues, so will provide an updated blog post once I can also use Keycloak as an IdP for PAIS.

Requirements:

  • DNS entry for IdP (e.g. auth2.vcf.lab)
  • DNS placeholder entry for the PAIS deployment instance (e.g. pais.vcf.lab)
  • vSphere environment to deploy the IdP

[Read more...]

Setup HTTPS for OIDC endpoint with Authentik and Keycloak for vCenter Server or VCF Identity Federation

by // Leave a Comment

If you have been following my recent adventures in playing with both Authentik and Keycloak as an OAuth/OIDC Identity Provider (IdP) for use with vCenter Server or VMware Cloud Foundation (VCF) Identity Federation, you can take it one step further and authenticate with a Yubico YubiKey or Apple Face ID for additional security.

In my original setup, the OIDC endpoint provided by both Authentik and Keycloak was using HTTP and works perfectly fine with both vCenter Server and SDDC Manager for a VCF-based environment. With that said, if you have a requirement to serve the OIDC endpoint over HTTPS, which is a requirement for using WebAuthn (e.g. YubiKey, Face Id, etc), then some additional configurations are required on both the identity provider as well on the vCenter Server side depending on the type of TLS certificate you are using.

[Read more...]

vCenter Server Identity Federation with Authentik Identity Provider

by // 5 Comments

While answering a recent question on the VMware Reddit Community, I came to learn about Authentik, an open source identity provider (IdP), which is pretty feature rich and best of all, you can self-host the Authentik IdP solution.

While Authentik is not one of the officially supported Identity Providers for vCenter Server Identity Federation such as Okta, Microsoft Entra ID, Microsoft ADFS or PingFederate, I was curious if it would to allow me to easily play with the Identity Federation feature in vCenter Server? ?

Hint: It works! ?

Disclaimer: Authentik is currently not an officially supported vCenter Server IdP as mentioned earlier, please use at your own risk.

[Read more...]