World Basement ClassicFeb 25

Dear LazyFedi, I'm looking for a #SaaS solution that acts as a kind of #SSO multiplexer.

I have 4 Microsoft tenancies, and I can map users to tenancies by email address. What I want is something that acts as a single frontend to all of them for #SAML / #OpenID logins.

I need this to set up SSO for some of our other SaaS products which only support one provider.

(NB: this needs to be SaaS, UK/EU based. I'm not able to self host anything in this context)

#Authentication #AuthN

Alejandro BaezFeb 9

So I started to look over again for self hosting #oidc #authn. #pocketid, #voidauth, and #hanko are the simplest. All #passkey focused.

Yet still, Pocket ID is by far the easiest to run. Strictly Unix like focused on doing one thing. But doing one thing really well. 😎

https://pocket-id.org/

Pocket ID | Simple OIDC Provider

A simple and easy-to-use OIDC provider that allows users to authenticate with their passkeys to your services.

Pocket ID
robrichAug 13, 2025
https://dev.to/dotnet/authentication-in-asp-net-core-59k8 - there's nuance in #ASPnet #authN. Thanks for walking through it https://github.com/softchris.
Authentication in ASP .NET Core

How you can authenticate users in .NET Core

DEV Community
Nishant KaushikApr 3, 2025
Default passwords (in this case voicemail PIN) strike again! There are many #AuthN systems around that support sending OTPs by a phone call as an alternative/fallback to SMS (and is an accessibility requirement). Unfortunately, they can't account for this attack vector.
(Oh, and use Signal, not Telegram)
#Identity #Security
https://gbhackers.com/hackers-hijack-telegram-accounts/
Hackers Hijack Telegram Accounts via Default Voicemail Passwords

The Israeli Internet Association has issued a public warning about a surge in cyberattacks targeting Telegram accounts in Israel.

GBHackers Security | #1 Globally Trusted Cyber Security News Platform
Augustine CorreaMar 10, 2025

Excited to be speaking at @fossasia
🚀 This year, I'm diving deep into Identity and Access Management (#IAM) for #OSS.

All are welcome and I encourage all knowledge levels to attend: Don't be intimidated by "advanced security"! I'm breaking down complex concepts into easy-to-understand explanations, with a historical perspective to give context.

1️⃣Explore #AuthN #AuthZ 🔐
2️⃣ @keycloak Primer 🌐
3️⃣Best Practices for #OSS 🛡️

#FOSSAsia2025

iRODSAug 28, 2024

iRODS PAM Interactive Authentication Plugin v0.1.0 is released!

https://irods.org/2024/08/initial-release-of-the-irods-pam-interactive-auth-plugin/

#irods #cpp #authn #pam #openid #kerberos

iRODS

BillJul 16, 2024

Interesting attack method. "They are merging, wonder if they screwed up transfer? Yup."

https://www.theregister.com/2024/07/15/squarespace_fingered_for_dns_hijackings/

#squarespace #dns #authn

Infoseccers claim Squarespace migration linked to DNS hijackings at Web3 firms

Company keeps quiet amid high-profile compromises

The Register
Kyle AndersonApr 27, 2024

“At this point I think that #Passkeys will fail in the hands of the general consumer population. We missed our golden chance to eliminate passwords through a desire to capture markets and promote hype.”

https://fy.blackhats.net.au/blog/2024-04-26-passkeys-a-shattered-dream/

Big sadge 😭

#infosec #authn #webauthn

Passkeys: A Shattered Dream

Firstyear's blog

damienbodSep 11, 2023

Blogged: Implement a secure web application using nx Standalone Angular and an ASP.NET Core server

https://damienbod.com/2023/09/11/implement-a-secure-web-application-using-nx-standalone-angular-and-an-asp-net-core-server/

#aspnetcore #angular #nx #dotnet #bff #identity #entraid #entra #azuread #aad #microsoftidentity #cookie #oidc #oauth2 #authn

Implement a secure web application using nx Standalone Angular and an ASP.NET Core server

This article shows how to implement a secure web application using Angular and ASP.NET Core. The web application implements the backend for frontend security architecture (BFF) and deploys both tec…

Software Engineering
Tomas EkeliJul 12, 2023

maybe i'm getting old, but i feel the recent trend towards #passwordless with #passkeys / #authn might be a bad idea.

passwords (with all their problems) are a low-tech thing. depending on the people having access to a high-end device with their keys seems highly rich-tech-bro-in-the-western-world