IAMDevBoxDive into the OpenID Connect authentication flow with clear visuals and examples. Perfect for developers looking to secure their applications.
Štěpán ŠkorpilI just discovered, #Vaultwarden got single sign on support over #OIDC. I have to set it up soon.
https://github.com/dani-garcia/vaultwarden/wiki/Enabling-SSO-support-using-OpenId-Connect
https://github.com/dani-garcia/vaultwarden/wiki/Enabling-SSO-support-using-OpenId-Connect
Super OwlI've managed to get #Forgejo integrated with #Authelia. I'm now trying to integrate #Kanboard with Authelia as well. Authelia continues to seem pretty decent, in that the error messages are more helpful. Debugging is easier, and I guarantee plenty of troubleshooting awaits those wanting to follow a similar path. It seems that #OIDC integration is still a new-fangled thing to many #OpenSource projects, and it's sort of treated in this second-class-citizen way. Like with Kanboard, OIDC functionality is in a plugin; isn't integrated with stock Kanboard. And even enabling the use of plugins whatsoever is *itself* a second-class feature in Kanboard. #infosec #DataSovereignty
Analyst207SimpleHelp vulnerability exposes servers to rogue remote support accounts
A critical vulnerability in SimpleHelp, known as CVE-2026-48558, lets hackers create rogue remote support accounts and gain privileged access to servers, allowing them to execute scripts and wreak havoc on your system. This gaping security hole enables unauthenticated attackers to bypass multi-factor authentication and log in as a…
#Cve202648558 #OpenidConnect #Oidc #MfaBypass #Vulnerability
viq#Jellyfin #SSO plugin https://github.com/9p4/jellyfin-plugin-sso has been archived ("I'm tired of working on this after all the years", which, fair).
But it looks like it was forked into https://github.com/eddymoulton/jellyfin-plugin-oidc and development contiues, limiting itself to #OIDC but without #SAML
Nice!
GitHub - 9p4/jellyfin-plugin-sso: This plugin allows users to sign in through an SSO provider (such as Google, Microsoft, or your own provider). This enables one-click signin.
This plugin allows users to sign in through an SSO provider (such as Google, Microsoft, or your own provider). This enables one-click signin. - 9p4/jellyfin-plugin-sso
bertrand 🏃 👨💻 🎸
MichaelI've installed Pocked ID recently and switched many of my self hosted services over to it, and I absolutely love it! It's pretty, it's fast, it works really well!
Pocket ID is an Open ID provider that you can use for self hosted Single Sign On.
I just wish more services supported it!
StephanOpenCloud: Authelia als OIDC-Provider für SSO einrichten
https://www.codingblatt.de/opencloud-authelia-oidc-sso-einrichten/
Bit Regurgitator#Keycloak question: is there a way to allow multiple service accounts/machines to use one OIDC client?
Normally we'd go one OIDC client in confidential mode with the service account using client credentials flow - per machine access.
However, each OIDC client/service account means a new OIDC audience - and AWS has a hard limit of 100.
Direct Access grant flow is deprecated already and removed entirely I think from Oauth2.1 spec in strict mode.
Maybe we could just create users to represent the machines - but we'd have to find a way to exempt them from Realm policies like MFA etc and it still feels icky.
In my #SSO / #IdM adventures, looks like if I wanted to allow people to use my hackerspace's #OIDC SSO to access my services, I can configure this in #Authentik, but not in #KaniDM 🤔