#kanidm — Public Fediverse posts
Live and recent posts from across the Fediverse tagged #kanidm, aggregated by home.social.
-
IMPORTANT: #Kanidm has released 1.9.4 and 1.10.2 that resolves a CRITICAL security issue. This issue allows any authenticated user to elevate privileges to idm_admin/admin. Details: https://github.com/kanidm/kanidm/security/advisories/GHSA-xxwr-vvr3-2g9f
-
IMPORTANT: #Kanidm has released 1.9.4 and 1.10.2 that resolves a CRITICAL security issue. This issue allows any authenticated user to elevate privileges to idm_admin/admin. Details: https://github.com/kanidm/kanidm/security/advisories/GHSA-xxwr-vvr3-2g9f
-
IMPORTANT: #Kanidm has released 1.9.4 and 1.10.2 that resolves a CRITICAL security issue. This issue allows any authenticated user to elevate privileges to idm_admin/admin. Details: https://github.com/kanidm/kanidm/security/advisories/GHSA-xxwr-vvr3-2g9f
-
IMPORTANT: #Kanidm has released 1.9.4 and 1.10.2 that resolves a CRITICAL security issue. This issue allows any authenticated user to elevate privileges to idm_admin/admin. Details: https://github.com/kanidm/kanidm/security/advisories/GHSA-xxwr-vvr3-2g9f
-
IMPORTANT: #Kanidm has released 1.9.4 and 1.10.2 that resolves a CRITICAL security issue. This issue allows any authenticated user to elevate privileges to idm_admin/admin. Details: https://github.com/kanidm/kanidm/security/advisories/GHSA-xxwr-vvr3-2g9f
-
On Thursday 14th of May, at 07:00 UTC (17:00 AEST, 9:00 CEST) #Kanidm will be releasing a security update containing a CRITICAL security fix. All users should be ready to upgrade!
-
On Thursday 14th of May, at 07:00 UTC (17:00 AEST, 9:00 CEST) #Kanidm will be releasing a security update containing a CRITICAL security fix. All users should be ready to upgrade!
-
On Thursday 14th of May, at 07:00 UTC (17:00 AEST, 9:00 CEST) #Kanidm will be releasing a security update containing a CRITICAL security fix. All users should be ready to upgrade!
-
On Thursday 14th of May, at 07:00 UTC (17:00 AEST, 9:00 CEST) #Kanidm will be releasing a security update containing a CRITICAL security fix. All users should be ready to upgrade!
-
On Thursday 14th of May, at 07:00 UTC (17:00 AEST, 9:00 CEST) #Kanidm will be releasing a security update containing a CRITICAL security fix. All users should be ready to upgrade!
-
@viq interesting... #KaniDM is new for me. I was thinking to deploy #authelia in my #Selfhosting environment. I'll read more about it. Thanks
-
@viq interesting... #KaniDM is new for me. I was thinking to deploy #authelia in my #Selfhosting environment. I'll read more about it. Thanks
-
@viq interesting... #KaniDM is new for me. I was thinking to deploy #authelia in my #Selfhosting environment. I'll read more about it. Thanks
-
@viq interesting... #KaniDM is new for me. I was thinking to deploy #authelia in my #Selfhosting environment. I'll read more about it. Thanks
-
@viq interesting... #KaniDM is new for me. I was thinking to deploy #authelia in my #Selfhosting environment. I'll read more about it. Thanks
-
Be me.
Make a typo `pcke` instead of `pkce` in your NixOS config for headscale.
Config does not get spellchecked, just converted to yml.
Kandidm does not reciece pkce challenge.
Fight for hours over 4 weeks to finally decide to open the generated yml.GG.
-
Be me.
Make a typo `pcke` instead of `pkce` in your NixOS config for headscale.
Config does not get spellchecked, just converted to yml.
Kandidm does not reciece pkce challenge.
Fight for hours over 4 weeks to finally decide to open the generated yml.GG.
-
Be me.
Make a typo `pcke` instead of `pkce` in your NixOS config for headscale.
Config does not get spellchecked, just converted to yml.
Kandidm does not reciece pkce challenge.
Fight for hours over 4 weeks to finally decide to open the generated yml.GG.
-
Be me.
Make a typo `pcke` instead of `pkce` in your NixOS config for headscale.
Config does not get spellchecked, just converted to yml.
Kandidm does not reciece pkce challenge.
Fight for hours over 4 weeks to finally decide to open the generated yml.GG.
-
Be me.
Make a typo `pcke` instead of `pkce` in your NixOS config for headscale.
Config does not get spellchecked, just converted to yml.
Kandidm does not reciece pkce challenge.
Fight for hours over 4 weeks to finally decide to open the generated yml.GG.
-
I proposed something for #kanidm which a reviewer described as "what if CSRF tokens but they hurt to touch"
-
I proposed something for #kanidm which a reviewer described as "what if CSRF tokens but they hurt to touch"
-
I proposed something for #kanidm which a reviewer described as "what if CSRF tokens but they hurt to touch"
-
I proposed something for #kanidm which a reviewer described as "what if CSRF tokens but they hurt to touch"
-
I proposed something for #kanidm which a reviewer described as "what if CSRF tokens but they hurt to touch"
-
Finally got Forgejo running on Kubernetes with single-sign-on based on Kanidm!
Took me one day of work, which I'm not sure if it's a good or a bad thing…
-
Finally got Forgejo running on Kubernetes with single-sign-on based on Kanidm!
Took me one day of work, which I'm not sure if it's a good or a bad thing…
-
Finally got Forgejo running on Kubernetes with single-sign-on based on Kanidm!
Took me one day of work, which I'm not sure if it's a good or a bad thing…
-
ClaimMaps in Kanidm on NixOS fixed.
Now paperless-ngx and wiki-js can read user groups/roles over OIDC.The trick wad to `_` instead of `-` in thr naming scheme.
-
ClaimMaps in Kanidm on NixOS fixed.
Now paperless-ngx and wiki-js can read user groups/roles over OIDC.The trick wad to `_` instead of `-` in thr naming scheme.
-
ClaimMaps in Kanidm on NixOS fixed.
Now paperless-ngx and wiki-js can read user groups/roles over OIDC.The trick wad to `_` instead of `-` in thr naming scheme.
-
ClaimMaps in Kanidm on NixOS fixed.
Now paperless-ngx and wiki-js can read user groups/roles over OIDC.The trick wad to `_` instead of `-` in thr naming scheme.
-
ClaimMaps in Kanidm on NixOS fixed.
Now paperless-ngx and wiki-js can read user groups/roles over OIDC.The trick wad to `_` instead of `-` in thr naming scheme.
-
kanidm seems to be a cool project
managed to deploy it pretty quickly and without any issues
(and also found out that i never set a pin on my yubikey in the process for firefox reasons)
-
kanidm seems to be a cool project
managed to deploy it pretty quickly and without any issues
(and also found out that i never set a pin on my yubikey in the process for firefox reasons)
-
kanidm seems to be a cool project
managed to deploy it pretty quickly and without any issues
(and also found out that i never set a pin on my yubikey in the process for firefox reasons)
-
commands for kanidm + bookstack
kanidm create group bookstack_admin
kanidm system oauth2 create-claim-map bookstack bookstack_roles bookstack_admin admin
kanidm system oauth2 update-scope-map bookstack bookstack_users email groups openid profile bookstack_roles
kanidm group add-members bookstack_admin stelb
Environment for bookstack:
OIDC_USER_TO_GROUPS=true
OIDC_GROUPS_CLAIM=bookstack_roles
OIDC_REMOVE_FROM_GROUPS=true -
commands for kanidm + bookstack
kanidm create group bookstack_admin
kanidm system oauth2 create-claim-map bookstack bookstack_roles bookstack_admin admin
kanidm system oauth2 update-scope-map bookstack bookstack_users email groups openid profile bookstack_roles
kanidm group add-members bookstack_admin stelb
Environment for bookstack:
OIDC_USER_TO_GROUPS=true
OIDC_GROUPS_CLAIM=bookstack_roles
OIDC_REMOVE_FROM_GROUPS=true -
commands for kanidm + bookstack
kanidm create group bookstack_admin
kanidm system oauth2 create-claim-map bookstack bookstack_roles bookstack_admin admin
kanidm system oauth2 update-scope-map bookstack bookstack_users email groups openid profile bookstack_roles
kanidm group add-members bookstack_admin stelb
Environment for bookstack:
OIDC_USER_TO_GROUPS=true
OIDC_GROUPS_CLAIM=bookstack_roles
OIDC_REMOVE_FROM_GROUPS=true -
I did this for bookstack with kanidm
Given the oauth2 app is 'bookstack':
map claims (roles in bookstack, say admin)
to scopes and groups in IAM, e.g. bookstack_roles and bookstack_adminadd the scope to the oauth2 application
assign users to these groups as needed.
configure app which scope to use for roles
-
I did this for bookstack with kanidm
Given the oauth2 app is 'bookstack':
map claims (roles in bookstack, say admin)
to scopes and groups in IAM, e.g. bookstack_roles and bookstack_adminadd the scope to the oauth2 application
assign users to these groups as needed.
configure app which scope to use for roles
-
I did this for bookstack with kanidm
Given the oauth2 app is 'bookstack':
map claims (roles in bookstack, say admin)
to scopes and groups in IAM, e.g. bookstack_roles and bookstack_adminadd the scope to the oauth2 application
assign users to these groups as needed.
configure app which scope to use for roles
-
Ok, first time I tried to use a custom scope to map oauth2 users to application specific roles.
Followed some sample and I just replaced names.
Working with one role.. adding another. Both roles not working anymore.
Reading more theory about scopes and claims did help to understand (oh well 🙈)
It's actually not that complicated 🤓
Both roles working now. Writing up some docs and adding another 2 roles is planned for tomorrow.
#oauth2 #idm #kanidm -
Ok, first time I tried to use a custom scope to map oauth2 users to application specific roles.
Followed some sample and I just replaced names.
Working with one role.. adding another. Both roles not working anymore.
Reading more theory about scopes and claims did help to understand (oh well 🙈)
It's actually not that complicated 🤓
Both roles working now. Writing up some docs and adding another 2 roles is planned for tomorrow.
#oauth2 #idm #kanidm -
Ok, first time I tried to use a custom scope to map oauth2 users to application specific roles.
Followed some sample and I just replaced names.
Working with one role.. adding another. Both roles not working anymore.
Reading more theory about scopes and claims did help to understand (oh well 🙈)
It's actually not that complicated 🤓
Both roles working now. Writing up some docs and adding another 2 roles is planned for tomorrow.
#oauth2 #idm #kanidm