pfSense

The idea have been discussed in the forum 2 years ago and the author said he would create a feature request about it. Still, I can not find it so I open it myself.

https://forum.netgate.com/topic/170010/add-support-for-openid-connect?_=1718753442010

As of now, pfSense can authenticate against its local database or via single password solutions (Radius or LDAP). The limitation is that it does not support single sign-on solutions. Also, by itself, pfSense does not enforce 2FA or passwordless authentication.

All of these features have been a strong requirement for security and their importance will only grows.

If SAML was the way to go for this in the past, today these features are provided by OpenID (Keycloak, Authentik, Federated identities like Github, Google, Microsoft and more).

As a critical part of the security solution everywhere it is deployed, it would be important for pfSense to stay up-to-date in the security features, even more about Authentication because if that one fails, all other will fail at the same time.