In case that’s too many acronyms,
A UI-first Identity Access Management (IAM) / Single-Sign-On (SSO) platform supporting OAuth 2.0, OIDC, SAML and CAS, integrated with Casbin RBAC and ABAC permission management. Supports third-party applications login, such as GitHub, Google, QQ, WeChat, etc., and other plugins can extend the third party logins Casdoor can use.
I’m looking into kanidm, it’s a pretty new project and very lightweight (compared to Keycloak).
If that won’t pan out, I’ll probably fall back to lldap + Authelia.
If that fails I’ll set up Authentik.