diff --git a/README.md b/README.md
index 785e0e8..4e726d5 100644
--- a/README.md
+++ b/README.md
@@ -31,7 +31,7 @@ Other installed packages and tools are described in the config files (like ./hos
 - [Hedgedoc](https://md.feal.no) ([source](./hosts/defiant/services/hedgedoc.nix)) - Collaborative markdown notes editor
 - HomeAssistant ([source](./hosts/defiant/services/home-assistant.nix))- Home automation / IOT controller
 - [VaultWarden](https://pw.feal.no) ([source](./hosts/defiant/services/vaultwarden.nix)) - BitWarden Password Manager backend
-- [Kanidm](https://auth.feal.no) ([source](./hosts/voyager/services/kanidm.nix)) - Authentication provider with support for OAuth2/OIDC, LDAPS, SSH, etc.
+- [KeyCloak](https://iam.feal.no) ([source](./hosts/defiant/services/nextcloud.nix)) - Authentication provider, giving SSO with OIDC or SAML
 - [Jellyfin](https://jf.feal.no) ([source](./hosts/voyager/services/jellyfin.nix)) - Local media streaming
 
 ## Networking
diff --git a/hosts/defiant/services/hedgedoc.nix b/hosts/defiant/services/hedgedoc.nix
index b7ee49f..c1b8d27 100644
--- a/hosts/defiant/services/hedgedoc.nix
+++ b/hosts/defiant/services/hedgedoc.nix
@@ -55,7 +55,6 @@ in {
   systemd.services.hedgedoc = {
     requires = [
       "postgresql.service"
-      # "kanidm.service"
     ];
     serviceConfig = let
       workDir = "/var/lib/hedgedoc";
diff --git a/hosts/defiant/services/nginx.nix b/hosts/defiant/services/nginx.nix
index 0b6c87a..7be178d 100644
--- a/hosts/defiant/services/nginx.nix
+++ b/hosts/defiant/services/nginx.nix
@@ -54,14 +54,6 @@ in {
       '';
     } // overrides;
   in {
-    "auth.feal.no" = publicProxy "" {
-      locations."/" = {
-        proxyPass = "https://voyager.home.feal.no:8300";
-        extraConfig = ''
-          proxy_ssl_verify off;
-        '';
-      };
-    };
     "cloud.feal.no" = publicProxy "" {
       locations."/" = {
         proxyPass = "http://voyager.home.feal.no";
diff --git a/hosts/voyager/backup.nix b/hosts/voyager/backup.nix
index 3d63e35..12ee7d5 100644
--- a/hosts/voyager/backup.nix
+++ b/hosts/voyager/backup.nix
@@ -38,7 +38,7 @@
         };
       };
 
-      # TODO: kanidm, timemachine, calibre(?), nextcloud
+      # TODO: timemachine, nextcloud, komga, calibre
 
     };
 
diff --git a/hosts/voyager/configuration.nix b/hosts/voyager/configuration.nix
index cac05a1..7a99a5e 100644
--- a/hosts/voyager/configuration.nix
+++ b/hosts/voyager/configuration.nix
@@ -13,7 +13,6 @@
       ./services/calibre.nix
       ./services/fancontrol.nix
       ./services/jellyfin.nix
-      ./services/kanidm.nix
       ./services/komga.nix
       ./services/nextcloud.nix
       ./services/nginx
diff --git a/hosts/voyager/services/kanidm.nix b/hosts/voyager/services/kanidm.nix
deleted file mode 100644
index caf989d..0000000
--- a/hosts/voyager/services/kanidm.nix
+++ /dev/null
@@ -1,36 +0,0 @@
-{ config, pkgs, lib, ... }:
-let
-  cfg = config.services.kanidm;
-  certPath = "/etc/ssl-snakeoil/auth_feal_no";
-  ldapbindaddress = "0.0.0.0:636";
-in {
-  # Kanidm - Identity management / auth provider
-  services.kanidm = {
-    enableServer = true;
-    serverSettings = {
-      origin = "https://${cfg.serverSettings.domain}";
-      domain = "auth.feal.no";
-      bindaddress = "0.0.0.0:8300";
-      inherit ldapbindaddress;
-
-      tls_chain = "/run/credentials/kanidm.service/cert.crt";
-      tls_key   = "/run/credentials/kanidm.service/cert.key";
-    };
-  };
-
-  systemd.services.kanidm = {
-    serviceConfig.LoadCredential = [
-      "cert.crt:${certPath}.crt"
-      "cert.key:${certPath}.key"
-    ];
-  };
-
-  environment = {
-    systemPackages = [ pkgs.kanidm ];
-    etc."kanidm/config".text = ''
-      uri="${cfg.serverSettings.origin}"
-    '';
-  };
-
-  networking.firewall.allowedTCPPorts = [ 8300 ];
- }