Not sure when it happened, but I have been binging self-hosted identity providers like Netflix shows, this season features Authentik, KeyCloak, Synology SSO and Pocket ID.
To add to my collection, I was recently asked whether Zitadel could also work as an identity provider with vCenter Server and/or VMware Cloud Foundation (VCF)?
As you can see from the screenshot above, you have your answer 😁
Having explored various OIDC identity providers, including Authentik, KeyCloak and Synology SSO, I recently came across Pocket ID, a super basic OIDC provider. Instead of using traditional username and passwords, Pocket ID only supports passkeys authentication based on the WebAuthn standard, which means you can login to your vCenter Server or VMware Cloud Foundation (VCF) environment using a physical device like a Yubico YubiKey or Apple Face ID.
Disclaimer: Pocket ID is not an officially supported vCenter Server IdP, please use at your own risk.
I recently found another cool use case for my Synology NAS, which is using the Synology SSO application to setup vCenter Server Identity Federation. I had not considered looking at Synology, but I was recently setting up some additional DNS entries and noticed there was SSO Server application, that supports both SAML2 and OIDC.
For those with a Synology, this is a super easy way to get hands on experience with configuring vCenter Server Identity Federation and this can all run locally within your environment, unlike some of the other external identity providers which typically will require direct/in-direction connection to your vCenter Server or require a SCIM (System for Cross-domain Identity Management) proxy server.
Disclaimer: Synology SSO is currently not an officially supported vCenter Server IdP, please use at your own risk.