Kenpat7177 ea8b426f23 feat: configure Authentik SSO for all kitestacks.com services

- Enable OIDC in Kavita appsettings.json (Authority, ClientId, Enabled)
- Add OIDC env vars to BookStack compose + APP_URL + kitestacks network
- Add OIDC env vars to OpenProject compose + kitestacks network declaration
- Add kitestacks network + error reporting setting to Authentik compose
- Create .env secret placeholders for BookStack and OpenProject
- Add comprehensive SSO setup guide: docs/authentik-sso-setup.md
- Version bump: v1.3.883 → v1.3.884

Services getting native OIDC: Grafana, OpenWebUI, Forgejo, BookStack, OpenProject, Kavita
Services getting proxy auth:  Shaarli, Uptime Kuma, LiteLLM
Excluded: Portainer, Prometheus, Node Exporter, OpenRouter

Manual steps pending: Authentik admin UI app creation, Forgejo OAuth source, Cloudflare tunnel updates.
See docs/authentik-sso-setup.md for the full checklist.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

2026-06-08 14:42:11 -05:00

648 B

Raw Blame History

KiteStacks Homelab

Private GitOps repository for the KiteStacks homelab.

Cluster

K3s
FluxCD (planned)
Longhorn (planned)

Applications

Homepage
Authentik (SSO identity provider)
Grafana
Open WebUI (Kite AI)
Forgejo
BookStack
OpenProject
Kavita
Shaarli
Uptime Kuma
LiteLLM
Linkding
Prometheus (monitoring, no SSO)
Portainer (admin, no SSO)

SSO

All services use Authentik as the identity provider.
Setup guide: docs/authentik-sso-setup.md

Documentation

docs/KiteStacks-Homelab-Documentation-v1.3.884.md

648 B Raw Blame History

KiteStacks Homelab

Cluster

Applications

SSO

Documentation

648 B

Raw Blame History