What I want from SSO, in order from most to least importance:

• password-less via webauthn, not just 2FA. resident credentials (full passwordless) would be great
• lightweight
• no ties to emails, no password reset via email, etc
• not too complicated to set up

Authelia doesn’t have passwordless login, and it’s tied to email system. Authentik is too heavy, complicated and likely overkill for what I need - couple services behind caddy that I don’t want random internet people to access. I looked at Keycloak, same thing as Authentik.

Any suggestions?