For sure! If you do end up taking it for a spin, feel free to ping me with any questions.

I’d like to encourage you to take another look at Authentik, it sounds like their Proxy Provider is exactly what you’re looking for: https://docs.goauthentik.io/docs/providers/proxy/

Authentik can certainly get complex, but only if you want/need it to. It is by far the most user-friendly IDP solution I’ve found, especially for what it offers. Their docs also have step-by-step guides for how to integrate a lot of popular self-hosted apps.

Only takes a couple mins to spin up a test environment using their Docker compose file: https://docs.goauthentik.io/docs/installation/docker-compose

Apps: SSO via Authentik where I can, unique user/pass combo via Bitwarden where I can’t (or, more realistically, don’t want to).

General infra: Unique RSA keys, sometimes Ed25519

Core infra: Yubikey

This is overkill for most, but I’m a systems engineer with a homelab, so it works well for me.

If you’re wanting to practice good security hygiene, the bare minimum would be using unique cred pairs (or at least unique passwords) per app/service, auto-filled in-browser via a proper password manager like KeePassXC or Bitwarden.

Thanks to The Primeagen, I’ve recently become fond of pronouncing it /skwiːl/

Y’know: Squeal, Squeal-lite, Pee-squeal, etc.