Alternatives to Pomerium

Authelia is a comprehensive authentication and authorization server that provides single sign-on (SSO) and two-factor authentication for web applications. It integrates with reverse proxies to secure access to your services through a modern web portal.

Key Features

• Authentication Methods:

  • Username/password authentication
  • Two-factor authentication (2FA)
  • WebAuthn/FIDO2 support
  • Time-based One-Time Passwords (TOTP)
  • Mobile push notifications via Duo
  • Passwordless authentication with Passkeys

• Access Control:

  • Fine-grained access rules
  • Domain-based policies
  • User/group based restrictions
  • Network-level controls
  • One-factor vs two-factor policy options

• Integration Capabilities:

  • OpenID Connect 1.0 provider
  • OAuth 2.0 support
  • Reverse proxy compatibility
  • LDAP integration
  • Multiple storage backends
  • REST API access

• Security Features:

  • Brute force protection
  • Password reset with email verification
  • Session management
  • Secure cookie handling
  • TLS support
  • Security headers

Who Should Use Authelia

Authelia is ideal for:

• Organizations requiring self-hosted authentication
• Teams needing SSO capabilities
• Environments requiring 2FA/MFA
• Security-conscious deployments
• Multi-service infrastructures
• Privacy-focused implementations

Installation Requirements

• Reverse proxy (nginx, Traefik, etc.)
• Storage backend (SQL database)
• SMTP server for notifications
• Redis (optional, for high availability)
• Docker (recommended)

OAuth2 Proxy is a versatile authentication solution that brings OAuth2 and OpenID Connect authentication to web applications. Whether deployed as a standalone reverse proxy or integrated as middleware, it provides secure, standardized authentication while supporting a wide range of identity providers and deployment scenarios.

Key Features

• Comprehensive OAuth2/OIDC Support:

  • Full OAuth2 and OpenID Connect implementation
  • Support for authorization code flow
  • Token validation and refresh
  • Secure session management
  • PKCE (Proof Key for Code Exchange) support
  • JWT token handling

• Multiple Identity Provider Support:

  • Google OAuth integration
  • Microsoft Entra ID (Azure AD) support
  • GitHub OAuth authentication
  • Generic OIDC provider support
  • login.gov integration
  • Custom provider implementations

• Flexible Deployment Options:

  • Standalone reverse proxy mode
  • Middleware integration mode
  • Kubernetes ingress controller integration
  • Docker container deployment
  • Load balancer integration
  • Cloud-native architecture

• Advanced Authorization:

  • Email-based access control
  • Group and role-based authorization
  • Domain and organization restrictions
  • Custom authorization policies
  • Fine-grained permission control
  • Dynamic user validation

• Security Features:

  • Secure HTTP-only cookie management
  • CSRF protection mechanisms
  • TLS/SSL encryption support
  • Token encryption and signing
  • Session timeout management
  • Security header injection

• Request Processing:

  • HTTP header injection with user details
  • Username and group forwarding
  • Custom header configuration
  • Request path routing
  • Upstream service protection
  • API endpoint security

• Enterprise Features:

  • High availability support
  • Horizontal scaling capabilities
  • Comprehensive logging
  • Metrics and monitoring
  • Health check endpoints
  • Configuration management

Technical Specifications

• Language: Go
• Protocols: HTTP/1.1, HTTP/2, HTTPS, OAuth2, OIDC
• Platforms: Linux, Windows, macOS, Docker, Kubernetes
• License: MIT
• Package Formats: Binary, Docker, Helm charts
• Configuration: Command-line flags, environment variables, config files

Use Cases

• Web Application Protection: Securing web applications with OAuth2 authentication
• API Gateway Security: Protecting API endpoints with token validation
• Microservices Authentication: Centralized auth for microservice architectures
• Enterprise SSO: Single sign-on integration with corporate identity providers
• Development Environments: Secure access to development and staging services
• Multi-tenant Applications: Tenant-specific authentication and authorization

Unique Advantages

• Provider Flexibility: Support for multiple OAuth2 and OIDC providers
• Deployment Versatility: Works as standalone proxy or integrated middleware
• Enterprise Ready: Battle-tested with high availability and scaling features
• Community Driven: Active open-source community with regular updates
• Standards Compliant: Full OAuth2 and OIDC specification compliance
• Easy Integration: Simple integration with existing infrastructure

Based on the OAuth2 Proxy GitHub repository, this tool provides organizations with a robust, flexible authentication solution that can be easily integrated into existing infrastructure while supporting modern OAuth2 and OpenID Connect standards, making it ideal for securing web applications and APIs in both cloud and on-premises environments.

Jauth is a modern, lightweight reverse proxy that brings contemporary authentication methods to self-hosted applications. By integrating with Telegram and SSH, it provides secure, convenient access control without the complexity of traditional authentication systems.

Key Features

• Modern Authentication Methods:

  • Telegram bot-based authentication
  • SSH key authentication support
  • Multi-factor authentication options
  • Secure session management
  • User authorization controls
  • Token-based access

• SSL/TLS Reverse Proxy:

  • SSL/TLS termination and encryption
  • HTTP to HTTPS redirection
  • Certificate management
  • Secure request forwarding
  • Header manipulation
  • Path-based routing

• Telegram Integration:

  • Telegram bot API integration
  • User verification via Telegram
  • Group-based access control
  • Real-time authentication
  • Message-based authorization
  • Secure token exchange

• SSH Authentication:

  • SSH public key authentication
  • Key-based user verification
  • Secure key management
  • SSH agent integration
  • Multiple key support
  • Key rotation capabilities

• Security Features:

  • End-to-end encryption
  • Secure session handling
  • Rate limiting protection
  • IP-based access control
  • Request validation
  • Security headers

• Simple Configuration:

  • YAML-based configuration
  • Environment variable support
  • Minimal setup requirements
  • Hot configuration reloading
  • Docker-friendly deployment
  • Systemd service integration

• Monitoring & Logging:

  • Access logging and monitoring
  • Authentication event tracking
  • Error logging and debugging
  • Status monitoring
  • Performance metrics
  • Security audit trails

Technical Specifications

• Language: Go
• Protocols: HTTP/1.1, HTTPS, SSH
• Authentication: Telegram API, SSH keys
• Platforms: Linux, Windows, macOS
• License: GPL-3.0
• Deployment: Binary, Docker

Use Cases

• Self-hosted Applications: Secure access to personal web services
• Home Lab Security: Authentication for home lab environments
• Development Environments: Secure access to development services
• Small Team Access: Simple authentication for small teams
• Remote Access: Secure remote access to internal applications
• IoT Device Management: Secure access to IoT web interfaces

Unique Advantages

• Modern Authentication: Telegram and SSH instead of traditional passwords
• Lightweight: Minimal resource usage and simple deployment
• User-Friendly: Familiar authentication methods (Telegram, SSH)
• Secure by Default: Strong encryption and security practices
• Easy Setup: Minimal configuration required
• Open Source: Transparent and customizable solution

Based on the Jauth GitHub repository, this tool provides a fresh approach to web application authentication by leveraging modern communication platforms and secure protocols, making it ideal for developers and system administrators who want secure access control without complex authentication infrastructure.