The OpenID Foundation added a new member to its roster of conformant implementations: Authelia, a popular free and open-source SSO and multi-factor-authentication solution.
According to an announcement, the project is now officially OpenID Certified for five key OpenID Connect 1.0 provider profiles—Basic OP, Implicit OP, Hybrid OP, Form Post OP, and Config OP. In other words, Authelia’s identity-provider codebase passes the Foundation’s conformance test suite for every feature it currently exposes.
Certification offers an external stamp of approval that Authelia’s implementation speaks OpenID Connect the way other certified parties expect. While the badge is not a security audit per se, it greatly reduces the risk of silent protocol deviations—the kind that have produced public CVEs in other providers over the years.
Out of the gate, Authelia’s certification covers the foundational pieces most self-hosters need: discovery, standard authorization flows, and the form-post response mode. Nevertheless, the devs laid out an ambitious roadmap for closing the remaining gaps.
High-priority items include Dynamic Client Registration, Session Management, and the trio of front-, back-, and RP-initiated logout profiles. Further down the list are WebFinger support, Federated Credential Management, and a long-requested SAML 2.0 bridge.
If the remaining profiles are certified on schedule, Authelia could soon join the short list of providers offering a one-stop, fully conformant, and community-owned SSO stack.
The team also plans to refactor consent policies, introduce a multi-issuer configuration to match its existing multi-domain model, and permit database-backed storage of issuers and clients—changes should make large-scale deployments less brittle.
For administrators running Authelia behind reverse proxy solutions such as NGINX, Traefik, or Caddy, the news provides reassurance that standard-compliant relying parties—think Kubernetes dashboards, Grafana, or Nextcloud—should authenticate without protocol quirks.
Last but not least, even though this was a big step toward making this open-source software comparable to its enterprise-level closed-source counterparts, Authelia’s maintainers emphasize that the project will “remain fully and fiercely dedicated” to a permissive open-source license.
For more information, see the announcement.
