Firstyear4d ago
IMPORTANT: #Kanidm has released 1.9.4 and 1.10.2 that resolves a CRITICAL security issue. This issue allows any authenticated user to elevate privileges to idm_admin/admin. Details: https://github.com/kanidm/kanidm/security/advisories/GHSA-xxwr-vvr3-2g9f
Incorrect handling of set modifications allows authenticated arbitrary writes to database content

### Impact Any authenticated user is able to modify any attribute of any other object that they have the rights to search/read. Since all authenticated users can read groups, this allows arbitrary...

GitHub
Firstyear6d ago
On Thursday 14th of May, at 07:00 UTC (17:00 AEST, 9:00 CEST) #Kanidm will be releasing a security update containing a CRITICAL security fix. All users should be ready to upgrade!
Show thread🄯 CarlOS6d ago

@viq interesting... #KaniDM is new for me. I was thinking to deploy #authelia in my #Selfhosting environment. I'll read more about it. Thanks

@homelab

viq6d ago

Out of the #IdM / #SSO solutions I can #SelfHost that I remembered about, apparently only #KaniDM has ability to create app passwords / bearer tokens that actually allow to access only a single application 🤔

#Linux #SysAdmin #Privacy #Security #SelfHosting #homelab
@homelab

chfkch  May 9

Be me.
Make a typo `pcke` instead of `pkce` in your NixOS config for headscale.
Config does not get spellchecked, just converted to yml.
Kandidm does not reciece pkce challenge.
Fight for hours over 4 weeks to finally decide to open the generated yml.

GG.

#NixOS #HeadScale #KanIDM

PascalApr 11

It’s been awhile since I’ve let the intrusive thoughts win but my current passion project could benefit from the concept of identities (and who doesn’t love mocking identities for tests), but before that I’m eying off Kanidm because it’s all in one and containerised.

Though I’m wondering if anyone has worked it into Aspire, or if I’ll be another person doing it and not documenting the process for anyone. Not expecting a library to exist to orchestrate it in an aspire-like way, just to have it start the container and have everything it hopefully needs.

If you don’t know what Kanidm is, it’s a single stop identity provider that can cover a lot of use cases. I just don’t want to rely on a third party because ?????? why would I want a remote dependency for local development, I’m not doing my day to day work after all

https://www.youtube.com/watch?v=R73hvFWQ7f8

#kanidm #aspire #dotnet

A Big Live Demo of Kanidm - William Brown (Everything Open 2025)

Presented by William BrownEveryday we all interact with Authentication systems. From when we login to our laptops, to authenticating at work and even when we...

YouTube
Show threadmortnApr 7
@admin When it comes to IdPs #kanidm is much preferred over Authentik and Authelia and others. Kanidm https://kanidm.github.io/ has a better security model and uses relatively way fewer resources. #Rust ftw!
FirstyearApr 2
I proposed something for #kanidm which a reviewer described as "what if CSRF tokens but they hurt to touch"
SteffoMar 30

Finally got Forgejo running on Kubernetes with single-sign-on based on Kanidm!

Took me one day of work, which I'm not sure if it's a good or a bad thing…

#Forgejo #Kubernetes #Kanidm

chfkch  Mar 19

ClaimMaps in Kanidm on NixOS fixed.
Now paperless-ngx and wiki-js can read user groups/roles over OIDC.

The trick wad to `_` instead of `-` in thr naming scheme.

#KanIDM #NixOS #OIDC #OpenIdConnect