JimmyChezPants 🇨🇦<p>So if I want to host a number of different services (Tandoor, Discourse, Lemmy, GtS) and offer <a href="https://growers.social/tags/SelfHosted" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>SelfHosted</span></a> <a href="https://growers.social/tags/SSO" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>SSO</span></a>, so that I can create a single account for each user and enable or disable specific sites/apps for them, what are my options for that? </p><p>No information that could screw with anyone's life will ever be on these sites so I'm not looking for, you know, NSA-busting cryptography or anything. Just a single go-to spot for user management.</p>
Recent searches
No recent searches
Search options
Only available when logged in.
fosstodon.org is one of the many independent Mastodon servers you can use to participate in the fediverse.
Fosstodon is an invite only Mastodon instance that is open to those who are interested in technology; particularly free & open source software.
If you wish to join, contact us for an invite.
Administered by:
Server stats:
10Kactive users
fosstodon.org: About · Status · Profiles directory · Privacy policy
Mastodon: About · Get the app · Keyboard shortcuts · View source code · v4.3.7
#sso
5 posts · 5 participants · 0 posts today
Inautilo<p><a href="https://mastodon.social/tags/Development" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Development</span></a> <a href="https://mastodon.social/tags/Techniques" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Techniques</span></a><br>Multi-step logins with password manager support · The problem with email-first logins and how to solve it <a href="https://ilo.im/163at0" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="">ilo.im/163at0</span><span class="invisible"></span></a></p><p>_____<br><a href="https://mastodon.social/tags/Logins" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Logins</span></a> <a href="https://mastodon.social/tags/Forms" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Forms</span></a> <a href="https://mastodon.social/tags/Passwords" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Passwords</span></a> <a href="https://mastodon.social/tags/PasswordManagers" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>PasswordManagers</span></a> <a href="https://mastodon.social/tags/SSO" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>SSO</span></a> <a href="https://mastodon.social/tags/Accessibility" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Accessibility</span></a> <a href="https://mastodon.social/tags/Usability" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Usability</span></a> <a href="https://mastodon.social/tags/WebDev" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>WebDev</span></a> <a href="https://mastodon.social/tags/Frontend" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Frontend</span></a> <a href="https://mastodon.social/tags/HTML" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>HTML</span></a></p>
Maciek<p>It is my considered opinion that all software meant for self-hosting should offer built-in authentication.</p><p>I wanted to self host a spreadsheet software and, three days later, find myself configuring an OIDC IdP. This is not something I want to be doing.</p><p><a href="https://hachyderm.io/tags/selfHosted" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>selfHosted</span></a> <a href="https://hachyderm.io/tags/sso" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>sso</span></a></p>
Nic Roland :mastodon:<p>Okay, authentik is up! Took a while, I was fighting against flux and the helm release because it deployed with the wrong StorageClass (I forgot to have that configuration ready before release.) Helm wasn't able to modify the PVC because they're immutable, updating the release has to wait for the initial release to succeed (which it won't) or timeout and flux is quiet on the reasons for all of this unless you know where to look 😔 lots of learning was had though! </p><p>Anyway, admin and personal user accounts created, MFA enabled. Got my first application integrated too! (actual budget)</p><p>What next? The world is my oyster... Probably gitea or semaphore. I'm hesitant to integrate services like jellyfin before I have more users onboarded and this gives me an opportunity to experiment with other edge cases like other providers and service accounts and such </p><p><a href="https://techhub.social/tags/selfhosted" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>selfhosted</span></a> <a href="https://techhub.social/tags/homelab" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>homelab</span></a> <a href="https://techhub.social/tags/authentik" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>authentik</span></a> <a href="https://techhub.social/tags/sso" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>sso</span></a> <a href="https://techhub.social/tags/fluxcd" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>fluxcd</span></a> <a href="https://techhub.social/tags/gitops" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>gitops</span></a> <a href="https://techhub.social/tags/helm" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>helm</span></a></p>
LemonLDAP::NG<p>🍋 LemonLDAP::NG 2.21 is out!</p><p>📃 This new release includes improvements on OpenID Connect and CAS protocols, Loki logger, public notifications and much more.</p><p>🔗 Read our release notes: <a href="https://projects.ow2.org/view/lemonldap-ng/lemonldap-ng-2-21-0-is-out/" target="_blank" rel="nofollow noopener noreferrer" translate="no"><span class="invisible">https://</span><span class="ellipsis">projects.ow2.org/view/lemonlda</span><span class="invisible">p-ng/lemonldap-ng-2-21-0-is-out/</span></a></p><p><span class="h-card" translate="no"><a href="https://fosstodon.org/@ow2" class="u-url mention">@<span>ow2</span></a></span> <span class="h-card" translate="no"><a href="https://mastodon.social/@worteks_com" class="u-url mention">@<span>worteks_com</span></a></span> </p><p><a href="https://fosstodon.org/tags/IAM" class="mention hashtag" rel="tag">#<span>IAM</span></a> <a href="https://fosstodon.org/tags/SSO" class="mention hashtag" rel="tag">#<span>SSO</span></a> <a href="https://fosstodon.org/tags/CAS" class="mention hashtag" rel="tag">#<span>CAS</span></a> <a href="https://fosstodon.org/tags/SAML" class="mention hashtag" rel="tag">#<span>SAML</span></a> <a href="https://fosstodon.org/tags/OpenIDConnect" class="mention hashtag" rel="tag">#<span>OpenIDConnect</span></a> <a href="https://fosstodon.org/tags/OW2" class="mention hashtag" rel="tag">#<span>OW2</span></a> <a href="https://fosstodon.org/tags/lemonldap" class="mention hashtag" rel="tag">#<span>lemonldap</span></a> <a href="https://fosstodon.org/tags/lemonldapng" class="mention hashtag" rel="tag">#<span>lemonldapng</span></a> <a href="https://fosstodon.org/tags/Passkeys" class="mention hashtag" rel="tag">#<span>Passkeys</span></a> <a href="https://fosstodon.org/tags/Passwordless" class="mention hashtag" rel="tag">#<span>Passwordless</span></a> <a href="https://fosstodon.org/tags/WebAuthn" class="mention hashtag" rel="tag">#<span>WebAuthn</span></a> <a href="https://fosstodon.org/tags/FIDO2" class="mention hashtag" rel="tag">#<span>FIDO2</span></a> <a href="https://fosstodon.org/tags/Loki" class="mention hashtag" rel="tag">#<span>Loki</span></a> <a href="https://fosstodon.org/tags/WebSSO" class="mention hashtag" rel="tag">#<span>WebSSO</span></a> <a href="https://fosstodon.org/tags/OpenSource" class="mention hashtag" rel="tag">#<span>OpenSource</span></a> <a href="https://fosstodon.org/tags/FreeSoftware" class="mention hashtag" rel="tag">#<span>FreeSoftware</span></a> <a href="https://fosstodon.org/tags/LogicielLibre" class="mention hashtag" rel="tag">#<span>LogicielLibre</span></a> <a href="https://fosstodon.org/tags/Perl" class="mention hashtag" rel="tag">#<span>Perl</span></a></p>
Kettwachsler<p>Unternehmen machen sowas bei ihren Mitarbeitenden sehr gerne, da sie zentral an einer Stelle alle Zugänge deaktivieren können ( <a href="https://sueden.social/tags/SSO" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>SSO</span></a> ).</p><p>Wollen wir in unserem Privatleben auch, dass uns jemand an einer zentralen Stelle den Stecker ziehen kann? </p><p><a href="https://sueden.social/tags/unplugtrump" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>unplugtrump</span></a></p>
:rss: DevelopersIO<p>【Snowflake】MFAデフォルト有効化に対応できるようIAM Identity Centerを使ってSSOログインさせてみた【AWS】<br><a href="https://dev.classmethod.jp/articles/snowflake-mfa-iam-identity-center-sso-login/" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">dev.classmethod.jp/articles/sn</span><span class="invisible">owflake-mfa-iam-identity-center-sso-login/</span></a></p><p><a href="https://rss-mstdn.studiofreesia.com/tags/dev_classmethod" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>dev_classmethod</span></a> <a href="https://rss-mstdn.studiofreesia.com/tags/Snowflake" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Snowflake</span></a> <a href="https://rss-mstdn.studiofreesia.com/tags/AWS_IAM_Identity_Center" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>AWS_IAM_Identity_Center</span></a> <a href="https://rss-mstdn.studiofreesia.com/tags/SSO" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>SSO</span></a> <a href="https://rss-mstdn.studiofreesia.com/tags/MFA" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>MFA</span></a></p>
Nic Roland :mastodon:<p>In work right now I'm working with our IAM team on setting up SSO for a new internal facing service and it's kinda boring...</p><p>In contrast, for my homelab, I'm investigating Authentik so I can start setting up SSO for my services at home and I gotta admit I'm pretty excited 😂</p><p><a href="https://techhub.social/tags/homelab" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>homelab</span></a> <a href="https://techhub.social/tags/selfhosted" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>selfhosted</span></a> <a href="https://techhub.social/tags/authentik" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>authentik</span></a> <a href="https://techhub.social/tags/sso" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>sso</span></a></p>
爪卂尺匚-卂ㄩ尺乇ㄥ乇<p>Stumbled upon <a href="https://mastodon.social/tags/SSO" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>SSO</span></a> wall of shame, that a nice one! <a href="https://sso.tax/" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="">sso.tax/</span><span class="invisible"></span></a> <br>And the domain is so well picked!</p>
Ankit Agarwal<p>🔍 Debugging OIDC can be frustrating. Let’s fix that.</p><p>Spent hours debugging OIDC flows? We built an OIDC Tester to make life easier.</p><p>✅ Test authorization flows (Auth Code, PKCE, Client Credentials, etc.)<br>✅ Validate ID & access tokens<br>✅ Debug configs quickly</p><p>Try it here 👉 <a href="https://oidc-tester.compile7.org/" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="">oidc-tester.compile7.org/</span><span class="invisible"></span></a></p><p>Would love to hear your thoughts—what’s the most annoying part of working with OIDC? 🤔 </p><p><a href="https://mastodon.social/tags/OIDC" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>OIDC</span></a> <a href="https://mastodon.social/tags/DevTools" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>DevTools</span></a> <a href="https://mastodon.social/tags/IAM" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>IAM</span></a> <a href="https://mastodon.social/tags/SSO" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>SSO</span></a> <a href="https://mastodon.social/tags/DevSecOps" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>DevSecOps</span></a></p>
Silke Meyer<p>Ich empfahl ja neulich auf den <a href="https://univention.social/tags/clt2025" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>clt2025</span></a> den Vortrag über <a href="https://univention.social/tags/Passkeys" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Passkeys</span></a>, die man für <a href="https://univention.social/tags/2fa" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>2fa</span></a> oder bei manchen Anbietern auch als einzige Authentifizierungsmethode nutzen kann. Auch den Vortrag könnt Ihr nachschauen. Link und Materialien sind hier: <a href="https://chemnitzer.linux-tage.de/2025/de/programm/beitrag/188" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">chemnitzer.linux-tage.de/2025/</span><span class="invisible">de/programm/beitrag/188</span></a></p><p><a href="https://univention.social/tags/mfa" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>mfa</span></a> <a href="https://univention.social/tags/login" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>login</span></a> <a href="https://univention.social/tags/sso" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>sso</span></a> <a href="https://univention.social/tags/webauthn" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>webauthn</span></a></p>
Kettwachsler<p>Je länger ich darüber nachdenke, desto wichtiger und umfangreicher wird das simple Backup schon.</p><p>Und man will ja nicht nur die <a href="https://sueden.social/tags/Daten" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Daten</span></a> und <a href="https://sueden.social/tags/Dateien" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Dateien</span></a> kopieren und sichern, sondern zum Beispiel auch eine Liste von Diensten, für die man <a href="https://sueden.social/tags/SSO" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>SSO</span></a> benutzt.</p><p>Oder auch alle Dokumente und Sheets aus dem "kostenlosen" <a href="https://sueden.social/tags/Office" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Office</span></a>-Paket.</p><p>Oder alle <a href="https://sueden.social/tags/Mails" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Mails</span></a> der letzten X Jahre als Archiv.</p><p>Meine Todo-Liste wächst gerade...</p><p><a href="https://sueden.social/tags/unplugTrump" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>unplugTrump</span></a> <a href="https://sueden.social/tags/freiheit" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>freiheit</span></a> <a href="https://sueden.social/tags/freedom" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>freedom</span></a></p>
🔐 PwMgmt-InfoMan<p><span class="h-card" translate="no"><a href="https://chaos.social/@kubikpixel" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>kubikpixel</span></a></span> <br>Ich bin immer wieder überrascht zu lesen (auch Jahre später), wie viele Teilnehmer des Internets beweisen, dass sie nicht daran teilnehmen sollten ... unfassbar. Und allem Anschein nach auch nichts dazu lernen wollen. Alleine schon, Google alles anzuvertrauen. 🤦♂️ <a href="https://social.anoxinon.de/tags/digitalem%C3%BCndigkeit" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>digitalemündigkeit</span></a> <a href="https://social.anoxinon.de/tags/sso" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>sso</span></a> <a href="https://social.anoxinon.de/tags/WeilEsJaSoPraktischIst" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>WeilEsJaSoPraktischIst</span></a> <a href="https://social.anoxinon.de/tags/itinsecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>itinsecurity</span></a></p>
AzureCerulean<p>### <a href="https://4bear.com/tags/Cloudflare" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Cloudflare</span></a> open sources <a href="https://4bear.com/tags/OPKSSH" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>OPKSSH</span></a> to bring Single Sign-On <a href="https://4bear.com/tags/SSO" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>SSO</span></a> to <a href="https://4bear.com/tags/SSH" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>SSH</span></a></p><p>This week, it was officially open-sourced under the umbrella of the <a href="https://4bear.com/tags/OpenPubkey" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>OpenPubkey</span></a> project, itself became a <a href="https://4bear.com/tags/Linux" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Linux</span></a> Foundation open-source initiative in 2023, OPKSSH remained closed-source until now. Making it easy to <a href="https://4bear.com/tags/authenticate" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>authenticate</span></a> to <a href="https://4bear.com/tags/servers" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>servers</span></a> over SSH using <a href="https://4bear.com/tags/OpenID" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>OpenID</span></a> Connect (<a href="https://4bear.com/tags/OIDC" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>OIDC</span></a>), allowing developers to ditch manually configured SSH keys in favor of identity provider-based access.</p><p><a href="https://www.helpnetsecurity.com/2025/03/28/opkssh-sso-ssh/" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">helpnetsecurity.com/2025/03/28</span><span class="invisible">/opkssh-sso-ssh/</span></a></p>
Matv1<p>Ik zoek contact met personen of bedrijven die evaring hebben met <a href="https://mastodon.social/tags/keycloak" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>keycloak</span></a> <a href="https://mastodon.social/tags/idm" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>idm</span></a> <a href="https://mastodon.social/tags/iam" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>iam</span></a> in organisaties van omvang in nederland. En liefst ruimer dan alleen voor <a href="https://mastodon.social/tags/sso" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>sso</span></a> en <a href="https://mastodon.social/tags/Authenticatie" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Authenticatie</span></a> <br>Ken je implementaties, migraties vanuit andere systemen?<br>Ken je implementatiepartners die dit doen, of mensen die Keycloak binnen hun eigen organisatie (bij voorkeur non-profit, liefst <a href="https://mastodon.social/tags/onderwijs" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>onderwijs</span></a> ) die beheren, aarzel niet om me te pingen. Mag ook n dm.</p><p>Boost waardeer ik!</p><p><a href="https://mastodon.social/tags/identitymanagement" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>identitymanagement</span></a> <a href="https://mastodon.social/tags/accessmanagent" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>accessmanagent</span></a> <a href="https://mastodon.social/tags/surf" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>surf</span></a></p>
Seth Grover<p><u>This has been a busy month for Malcolm! I pushed hard to get <a href="https://github.com/cisagov/Malcolm/releases/tag/v25.03.0" rel="nofollow noopener noreferrer" target="_blank">v25.03.0</a> out earlier this month, as it contained pretty much just the Keycloak integration one of our partners (and major funding sources) was waiting for. Rather than wait until April for the other stuff that would have gone into the regular end-of-the-month release, I decided to pull those items into this smaller release just a week and a half after the last one.</u></p><p><a href="https://github.com/cisagov/Malcolm/releases/tag/v25.03.0" rel="nofollow noopener noreferrer" target="_blank">Malcolm v25.03.1</a> contains a few enhancements, bug fixes, and several component version updates, including one that addresses a CVE that may affect Hedgehog Linux Kiosk mode and Malcolm's API container.</p><p><strong>NOTE:</strong> If you have not already upgraded to v25.03.0, read the notes for <a href="https://github.com/cisagov/Malcolm/releases/tag/v25.02.0" rel="nofollow noopener noreferrer" target="_blank">v25.02.0</a> and <a href="https://github.com/cisagov/Malcolm/releases/tag/v25.03.0" rel="nofollow noopener noreferrer" target="_blank">v25.03.0</a> and follow the <strong>Read Before Upgrading</strong> instructions on those releases.</p><p><a href="https://github.com/cisagov/Malcolm/compare/v25.03.0...v25.03.1" rel="nofollow noopener noreferrer" target="_blank">Changes in this release</a></p><ul><li>✨ Features and enhancements<ul><li>Incorporate new S7comm device identification log, <code>s7comm_known_devices.log</code> (<a href="https://github.com/cisagov/malcolm/issues/622" rel="nofollow noopener noreferrer" target="_blank">#622</a>)</li><li>Display current PCAP, Zeek, and Suricata capture results in Hedgehog Linux <a href="https://malcolm.fyi/docs/hedgehog-boot.html#HedgehogKioskMode" rel="nofollow noopener noreferrer" target="_blank">Kiosk mode</a> (<a href="https://github.com/cisagov/malcolm/issues/566" rel="nofollow noopener noreferrer" target="_blank">#566</a>)</li><li>Keycloak authentication: configurable group or role membership restrictions for login (<a href="https://github.com/cisagov/malcolm/issues/633" rel="nofollow noopener noreferrer" target="_blank">#633</a>) (see <a href="https://malcolm.fyi/docs/authsetup.html#AuthKeycloakGroupsAndRoles" rel="nofollow noopener noreferrer" target="_blank"><strong>Requiring user groups and realm roles</strong></a>)</li><li>Mark newly-discovered and uninventoried devices in logs during NetBox enrichment (<a href="https://github.com/cisagov/malcolm/issues/573" rel="nofollow noopener noreferrer" target="_blank">#573</a>)</li><li>Added "Apply recommended system tweaks automatically without asking for confirmation?" question to <code>install.py</code> to allow the user to accept changes to <code>sysctl.conf</code>, grub kernel parameters, etc., without having to answer "yes" to each one.</li></ul></li><li>✅ Component version updates<ul><li>Arkime to <a href="https://github.com/arkime/arkime/blob/8c014b0e4e5c9a4dca05780b172def120a50bf30/CHANGELOG#L37-L52" rel="nofollow noopener noreferrer" target="_blank">v5.6.2</a></li><li>evtx to <a href="https://github.com/omerbenamram/evtx/releases/tag/v0.9.0" rel="nofollow noopener noreferrer" target="_blank">v0.9.0</a></li><li>Fluent Bit to <a href="https://github.com/fluent/fluent-bit/releases/tag/v3.2.10" rel="nofollow noopener noreferrer" target="_blank">v3.2.10</a></li><li>gunicorn to <a href="https://github.com/benoitc/gunicorn/releases/tag/23.0.0" rel="nofollow noopener noreferrer" target="_blank">v23.0.0</a> to address <a href="https://github.com/advisories/GHSA-hc5x-x2vx-497g" rel="nofollow noopener noreferrer" target="_blank">CVE-2024-6827</a>, "Gunicorn HTTP Request/Response Smuggling vulnerability"</li><li>Zeek to <a href="https://github.com/zeek/zeek/releases/tag/v7.1.1" rel="nofollow noopener noreferrer" target="_blank">v7.1.1</a></li></ul></li><li>🐛 Bug fixes<ul><li>Fix <code>install.py</code> error when answering yes to "Pull Malcolm images?" with podman (<a href="https://github.com/cisagov/malcolm/issues/604" rel="nofollow noopener noreferrer" target="_blank">#604</a>)</li><li>Order of user-provided tags from PCAP upload interface not preserved (<a href="https://github.com/cisagov/malcolm/issues/624" rel="nofollow noopener noreferrer" target="_blank">#624</a>)</li></ul></li><li>📄 Configuration changes (in <a href="https://malcolm.fyi/docs/malcolm-config.html#MalcolmConfigEnvVars" rel="nofollow noopener noreferrer" target="_blank">environment variables</a> in <a href="https://github.com/cisagov/Malcolm/blob/main/config" rel="nofollow noopener noreferrer" target="_blank"><code>./config/</code></a>) for Malcolm and in <a href="https://github.com/cisagov/Malcolm/blob/main/hedgehog-iso/interface/sensor_ctl/control_vars.conf" rel="nofollow noopener noreferrer" target="_blank"><code>control_vars.conf</code></a> for Hedgehog Linux<ul><li>added <code>NGINX_REQUIRE_GROUP</code> and <code>NGINX_REQUIRE_ROLE</code> to <a href="https://github.com/cisagov/Malcolm/blob/main/config/auth-common.env.example" rel="nofollow noopener noreferrer" target="_blank"><code>auth-common.env</code></a> to support <a href="https://malcolm.fyi/docs/authsetup.html#AuthKeycloakGroupsAndRoles" rel="nofollow noopener noreferrer" target="_blank"><strong>Requiring user groups and realm roles</strong></a> for Keycloak authentication</li></ul></li><li>🧹 Code and project maintenance<ul><li>Ensure Malcolm's NetBox configuration Python scripts are baked into the image in addition to bind-mounting them in <code>docker-compose.yml</code> at runtime.</li></ul></li></ul><p><a href="https://malcolm.fyi/" rel="nofollow noopener noreferrer" target="_blank">Malcolm</a> is a powerful, easily deployable network 🖧 traffic analysis tool suite for network security monitoring 🕵🏻♀️.</p><p>Malcolm operates as a cluster of containers 📦, isolated sandboxes which each serve a dedicated function of the system. This makes Malcolm deployable with frameworks like Docker 🐋, <a href="https://malcolm.fyi/docs/quickstart.html#DockerVPodman" rel="nofollow noopener noreferrer" target="_blank">Podman</a> 🦭, and <a href="https://malcolm.fyi/docs/kubernetes.html#Kubernetes" rel="nofollow noopener noreferrer" target="_blank">Kubernetes</a> ⎈. Check out the <a href="https://malcolm.fyi/docs/quickstart.html" rel="nofollow noopener noreferrer" target="_blank">Quick Start</a> guide for examples on how to get up and running.</p><p>Alternatively, dedicated official <a href="https://malcolm.fyi/docs/malcolm-hedgehog-e2e-iso-install.html#InstallationExample" rel="nofollow noopener noreferrer" target="_blank">ISO installer images</a> 💿 for Malcolm and Hedgehog Linux 🦔 can be downloaded from Malcolm's <a href="https://github.com/cisagov/Malcolm/releases" rel="nofollow noopener noreferrer" target="_blank">releases page</a> on GitHub. Due to limits on individual files in GitHub releases, these ISO files have been split 🪓 into 2GB chunks and can be reassembled with scripts provided for both Bash 🐧 (<a href="https://github.com/cisagov/Malcolm/blob/main/scripts/release_cleaver.sh" rel="nofollow noopener noreferrer" target="_blank"><code>release_cleaver.sh</code></a>) and PowerShell 🪟 (<a href="https://github.com/cisagov/Malcolm/blob/main/scripts/release_cleaver.ps1" rel="nofollow noopener noreferrer" target="_blank"><code>release_cleaver.ps1</code></a>). See <a href="https://malcolm.fyi/docs/download.html#DownloadISOs" rel="nofollow noopener noreferrer" target="_blank"><strong>Downloading Malcolm - Installer ISOs</strong></a> for instructions.</p><p>As always, join us on the <a href="https://github.com/cisagov/Malcolm/discussions" rel="nofollow noopener noreferrer" target="_blank">Malcolm discussions board</a> 💬 to engage with the community, or pop some corn 🍿 and <a href="https://www.youtube.com/@malcolmnetworktrafficanalysis/playlists" rel="nofollow noopener noreferrer" target="_blank">watch a video</a> 📼.</p><p><a href="https://infosec.exchange/tags/Malcolm" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Malcolm</span></a> <a href="https://infosec.exchange/tags/HedgehogLinux" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>HedgehogLinux</span></a> <a href="https://infosec.exchange/tags/Zeek" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Zeek</span></a> <a href="https://infosec.exchange/tags/Arkime" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Arkime</span></a> <a href="https://infosec.exchange/tags/NetBox" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>NetBox</span></a> <a href="https://infosec.exchange/tags/OpenSearch" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>OpenSearch</span></a> <a href="https://infosec.exchange/tags/Elasticsearch" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Elasticsearch</span></a> <a href="https://infosec.exchange/tags/Suricata" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Suricata</span></a> <a href="https://infosec.exchange/tags/SSO" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>SSO</span></a> <a href="https://infosec.exchange/tags/OIDC" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>OIDC</span></a> <a href="https://infosec.exchange/tags/Keycloak" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Keycloak</span></a> <a href="https://infosec.exchange/tags/PCAP" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>PCAP</span></a> <a href="https://infosec.exchange/tags/NetworkTrafficAnalysis" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>NetworkTrafficAnalysis</span></a> <a href="https://infosec.exchange/tags/networksecuritymonitoring" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>networksecuritymonitoring</span></a> <a href="https://infosec.exchange/tags/OT" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>OT</span></a> <a href="https://infosec.exchange/tags/ICS" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>ICS</span></a> <a href="https://infosec.exchange/tags/icssecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>icssecurity</span></a> <a href="https://infosec.exchange/tags/CyberSecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>CyberSecurity</span></a> <a href="https://infosec.exchange/tags/Cyber" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Cyber</span></a> <a href="https://infosec.exchange/tags/Infosec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Infosec</span></a> <a href="https://infosec.exchange/tags/INL" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>INL</span></a> <a href="https://infosec.exchange/tags/DHS" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>DHS</span></a> <a href="https://infosec.exchange/tags/CISA" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>CISA</span></a> <a href="https://infosec.exchange/tags/CISAgov" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>CISAgov</span></a></p>
Habr<p>Мой опыт настройки SSO OpenID Connect в 1С с помощью Authentik</p><p>При внедрении единой системы аутентификации в компании я столкнулся с задачей организовать SSO-доступ к 1С через протокол OpenID Connect. За основу я взял статью на InfoStart ( <a href="https://infostart.ru/1c/articles/1538390/" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">infostart.ru/1c/articles/15383</span><span class="invisible">90/</span></a> ), однако в качестве провайдера аутентификации использовал не Keycloak, как в оригинале, а Authentik — современную и удобную альтернативу с простым UI и богатым функционалом.</p><p><a href="https://habr.com/ru/articles/895294/" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="">habr.com/ru/articles/895294/</span><span class="invisible"></span></a></p><p><a href="https://zhub.link/tags/sso" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>sso</span></a> <a href="https://zhub.link/tags/authentik" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>authentik</span></a> <a href="https://zhub.link/tags/authentication" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>authentication</span></a> <a href="https://zhub.link/tags/1c" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>1c</span></a> <a href="https://zhub.link/tags/%D1%82%D1%83%D1%82%D0%BE%D1%80%D0%B8%D0%B0%D0%BB" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>туториал</span></a></p>
Silke Meyer<p>Learnings am Wegesrand: Für die Signierung und Verschlüsselung von <a href="https://univention.social/tags/SAML" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>SAML</span></a>-Metadaten nutzt man wegen der häufigen Rotationen und fehlender Automatisierungsmöglichkeit bei Kommunikationspartnern ja meist keine Letsencrypt-Zertifikate. Gestern dachte ich, ach für diesen kurzen Test geht’s mal. Und dann habe ich lange nach dem Fehler gesucht und gemerkt, dass Letsencrypt inzwischen EC-Schlüssel statt RSA generiert,mit denen der <a href="https://univention.social/tags/Shibboleth" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Shibboleth</span></a> SP nicht signieren kann. <a href="https://univention.social/tags/til" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>til</span></a> <a href="https://univention.social/tags/sso" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>sso</span></a> <a href="https://univention.social/tags/singlesignon" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>singlesignon</span></a></p>
John Leonard<p>The dispute between Oracle and security researchers at CloudSEK has intensified in recent days, with Oracle continuing to deny that hackers accessed sensitive data from the company’s Cloud federated Single Sign-On service.</p><p><a href="https://www.computing.co.uk/news/2025/security/oracle-continues-to-dispute-claims-of-major-security-breach" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">computing.co.uk/news/2025/secu</span><span class="invisible">rity/oracle-continues-to-dispute-claims-of-major-security-breach</span></a></p><p><a href="https://mastodon.social/tags/technews" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>technews</span></a> <a href="https://mastodon.social/tags/oracle" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>oracle</span></a> <a href="https://mastodon.social/tags/cloudsek" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>cloudsek</span></a> <span class="h-card" translate="no"><a href="https://mastodon.social/@infosec" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>infosec</span></a></span> <span class="h-card" translate="no"><a href="https://mastodon.social/@cybersecurity" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>cybersecurity</span></a></span> <a href="https://mastodon.social/tags/sso" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>sso</span></a></p>
Chis-R 🐟<p><a href="https://sso.tax/" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="">sso.tax/</span><span class="invisible"></span></a></p><p>Was shown this website by our IT manager today during an <a href="https://aus.social/tags/InfoSec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>InfoSec</span></a> chat. I always thought single-sign on was a bullshit gated additional cost but seeing the price hike for some of these services is absolutely disgraceful.</p><p>Would like to see a list of services that offer SSO for free or on their basic service, too.</p><p><a href="https://aus.social/tags/SSO" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>SSO</span></a> <a href="https://aus.social/tags/ITSecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>ITSecurity</span></a></p>
ExploreLive feeds
Mastodon is the best way to keep up with what's happening.
Follow anyone across the fediverse and see it all in chronological order. No algorithms, ads, or clickbait in sight.
LoginDrag & drop to upload