Where are we at with the ongoing investigations into the best libre options for SSO across services?
I’ve already invested quite a bit of time in setting up and configuring an instance of Authentik - you can see it here. It just needs to be wired up, which is the hard part. As is managing the fact that people occasionally want to change their details (which gets tricky once SSO is in the picture)…
Wired into all the other services?
Why’s that? I’d expect that having one authentication tool for all services would allow me to change details on that tool, and have it apply as appropriate to my profiles on each service.
Yes, wired into the various services for which we want Authentik to provide SSO services. Each will offer a few, one, or no authentication options… with ‘magic’ URLs that have to be worked out, and we have to properly configure the SSO service.
And yes, what you’d expect (if you change your details on the SSO service, they’d be updated on the various dependent services) is what’s ideally supposed to happen… but it seldom works that way. In my experience, at least. I’ve been trying to tweak WordPress’ OpenID Connect plugin to behave that way for quite a while, and haven’t quite managed to get it right yet. Some platforms will be better, others much worse. It’s a non-trivial problem.
Sounds like sorting this out could be helped by getting some community-hosting admins like yourself in a room with some people from Authentik, and a bunch of app developers. Like the way SocialHub has been used to coordinate improvements to cross-fediverse compatibility. Maybe Librehost and/ or the Collaborative Technology Alliance could help to facilitate a project like this?