Which, if I’m reading it correctly tells me that SWAG (Secure Web Application Gateway) is essentially a web server, reverse proxy with lets encrypt support. It doesn’t seem to do any authentication.
Authelia is a component of an identity and authentication solution that provides single sign on and 2FA but, crucially, does not include a user directory, by default it uses a YAML file but can be connected to an LDAP server - www.authelia.com/overview/…/first-factor/
Which I think goes towards the point in my original post - none of this is simple so I’d like a nice explanation that helps me understand what I need running, how they work together and what settings to use.