Ubuntu just added a generic OIDC broker to AuthD. We can finally stop fighting SSSD and LDAP bridges for Linux machine auth.
- Bypasses legacy PAM module complexity
- Authenticate Ubuntu desktops/servers directly against @zitadel.com via standard OIDC
ubuntu.com/blog/more-id...
Thatβs a great idea!
I think we could adopt that as well
Check the details here github.com/zitadel/zita...
#OpenTelemetry #Golang #Auth #Opensource #NextJs
We also moved the Login App to structured JSON logging, automatically injecting trace IDs to correlate your logs. If you're running Jaeger or Honeycomb, your dashboards will actually map the full request lifecycle now.
Two unrelated traces. We built a custom gRPC interceptor to propagate W3C traceparent headers directly to the backend. One request = one trace.
Before this, the backend had OTel, but the Login UI was an observability black box. Your ingress would start a trace, the UI would drop the headers, and the backend would start a new one.
Disconnected traces make debugging auth latency impossible. We just merged PR #11429 to bring end-to-end distributed tracing to @zitadel.com (might land in v4.13.0). π§΅
Thanks to the community for all the help and input, this truly helps us grow.
github.com/zitadel/zita...
#go #golang #opensource #identity #iam
Building an open-source IdP means being buried in OIDC/SAML specs, dealing with multi-tenant data isolation, and optimizing for security, usability and reliability. It's plumbing that only gets noticed when it breaksπ
It has been a while since I checked the @github.com trending repos report, but out of sheer interest I took a look today and it brought me a lot of joy to see @zitadel.com back on the daily Go list.
Zitadel is a modern identity provider with OIDC, SAML, and passkey support. Built for developers who need more than basic auth but don't want Keycloak's complexity.
https://selfhosting.sh/apps/zitadel/
Auth is critical infrastructure, but setting it up locally shouldn't be a multi-day engineering ticket. It should be boring, predictable, and lightning-fast.
If you want to test this cold-start speed yourself, grab the compose file and time it -> zitadel.com/docs/self-ho...
No heavy runtime to boot. No undocumented config files to debug. No massive YAML mazes (no worries you can go there if you want).
Just a raw docker compose up -d. In under a minute, images are pulled, the DB is initialized, the Go API & Next.js UI are served, and I'm in.
A little while ago, I talked about our commitment to radically improve @zitadel.com's developer experience.
Today, Iβm just showing a first result -> 42 seconds. β±οΈ
That is the exact time it takes to go from an empty terminal to a fully operational identity stack. π§΅π
Thank you!
I think we are going to settle a debate soon... π
ZITADEL vs Zitadel
What do you prefer
@zitadel.com v4.12.0 got published recently and my small, but favorit change is that we now also support end to end TLS for the new Login UI!
github.com/zitadel/zita...
Great write up! Btw. we just improved our docker compose example to also include a traefik by default
zitadel.com/docs/self-ho...
I love to read this!
"Zitadel is the best modern alternative to Keycloak for self-hosted identity management..."
We enable AI to understand our docs/data so it can handle the initial vetting, while we focus on the human parts: certified compliance, guaranteed SLAs, and CVE liability.
Feed the AI the code. Pay the humans for the trust. π§π‘οΈ zitadel.com/blog/open-so...
At @zitadel.com , weβre focusing on "Risk Transfer" as the product. The "Code or Contribution" model we started a year ago has only been confirmed by the rise of AI.
The OSS funnel is evolving. ποΈ
AI is making architectural mapping and syntax a commodity. For infrastructure software, the real product is shifting from "how it works" to "who is responsible when it breaks."
We need eyes on the spec. If you run a distributed setup, does this syntax make sense to you?
github.com/zitadel/zita...
#OpenTelemetry #DevOps #Golang #OpenSource
Identity infrastructure shouldn't be a black box. π
We're rolling out a new OpenTelemetry (OTel) configuration for the @zitadel.com API. The goal: cleaner traces, better propagation, and less friction for your collectors (Jaeger, Honeycomb, etc.).
We love to hear this! We made a conscious choice to give everyone the option to own their login UI and not hide something like this behind the pricing π
We now support 3 connectors for our Go-based API:
- Redis (K8s standard)
- Postgres (Simple & robust, 30k+ RPS)
- In-Memory (Fast, but beware of sticky sessions!)
Read the full blog: zitadel.com/blog/scaling...
#golang #systemdesign #opensource #auth
Identity in can be an "N-over-N" problem. Resolving Instance -> Org -> User for every request hits hard in B2B SaaS. π
We engineered a new caching strategy for @zitadel.com to flatten this hierarchy, decoupling read performance from DB complexity. β‘
Ah I see, we can not do that yet natively in the login UI, but you can add to your own UI a check for that by creating a session.
So in essence your UI can ask the user for a OTP prompt.
zitadel.com/docs/referen...
You can already configure a different lifetime for MFA if that helps zitadel.com/docs/guides/...
