home.social

#kanidm — Public Fediverse posts

Live and recent posts from across the Fediverse tagged #kanidm, aggregated by home.social.

  1. IMPORTANT: #Kanidm has released 1.9.4 and 1.10.2 that resolves a CRITICAL security issue. This issue allows any authenticated user to elevate privileges to idm_admin/admin. Details: github.com/kanidm/kanidm/secur

  2. IMPORTANT: #Kanidm has released 1.9.4 and 1.10.2 that resolves a CRITICAL security issue. This issue allows any authenticated user to elevate privileges to idm_admin/admin. Details: github.com/kanidm/kanidm/secur

  3. IMPORTANT: #Kanidm has released 1.9.4 and 1.10.2 that resolves a CRITICAL security issue. This issue allows any authenticated user to elevate privileges to idm_admin/admin. Details: github.com/kanidm/kanidm/secur

  4. IMPORTANT: #Kanidm has released 1.9.4 and 1.10.2 that resolves a CRITICAL security issue. This issue allows any authenticated user to elevate privileges to idm_admin/admin. Details: github.com/kanidm/kanidm/secur

  5. IMPORTANT: #Kanidm has released 1.9.4 and 1.10.2 that resolves a CRITICAL security issue. This issue allows any authenticated user to elevate privileges to idm_admin/admin. Details: github.com/kanidm/kanidm/secur

  6. On Thursday 14th of May, at 07:00 UTC (17:00 AEST, 9:00 CEST) #Kanidm will be releasing a security update containing a CRITICAL security fix. All users should be ready to upgrade!

  7. On Thursday 14th of May, at 07:00 UTC (17:00 AEST, 9:00 CEST) #Kanidm will be releasing a security update containing a CRITICAL security fix. All users should be ready to upgrade!

  8. On Thursday 14th of May, at 07:00 UTC (17:00 AEST, 9:00 CEST) #Kanidm will be releasing a security update containing a CRITICAL security fix. All users should be ready to upgrade!

  9. On Thursday 14th of May, at 07:00 UTC (17:00 AEST, 9:00 CEST) #Kanidm will be releasing a security update containing a CRITICAL security fix. All users should be ready to upgrade!

  10. On Thursday 14th of May, at 07:00 UTC (17:00 AEST, 9:00 CEST) #Kanidm will be releasing a security update containing a CRITICAL security fix. All users should be ready to upgrade!

  11. @viq interesting... #KaniDM is new for me. I was thinking to deploy #authelia in my #Selfhosting environment. I'll read more about it. Thanks

    @homelab

  12. @viq interesting... #KaniDM is new for me. I was thinking to deploy #authelia in my #Selfhosting environment. I'll read more about it. Thanks

    @homelab

  13. @viq interesting... #KaniDM is new for me. I was thinking to deploy #authelia in my #Selfhosting environment. I'll read more about it. Thanks

    @homelab

  14. @viq interesting... #KaniDM is new for me. I was thinking to deploy #authelia in my #Selfhosting environment. I'll read more about it. Thanks

    @homelab

  15. @viq interesting... #KaniDM is new for me. I was thinking to deploy #authelia in my #Selfhosting environment. I'll read more about it. Thanks

    @homelab

  16. Out of the #IdM / #SSO solutions I can #SelfHost that I remembered about, apparently only #KaniDM has ability to create app passwords / bearer tokens that actually allow to access only a single application 🤔

    #Linux #SysAdmin #Privacy #Security #SelfHosting #homelab
    @homelab

  17. Out of the #IdM / #SSO solutions I can #SelfHost that I remembered about, apparently only #KaniDM has ability to create app passwords / bearer tokens that actually allow to access only a single application 🤔

    #Linux #SysAdmin #Privacy #Security #SelfHosting #homelab
    @homelab

  18. Out of the #IdM / #SSO solutions I can #SelfHost that I remembered about, apparently only #KaniDM has ability to create app passwords / bearer tokens that actually allow to access only a single application 🤔

    #Linux #SysAdmin #Privacy #Security #SelfHosting #homelab
    @homelab

  19. Out of the #IdM / #SSO solutions I can #SelfHost that I remembered about, apparently only #KaniDM has ability to create app passwords / bearer tokens that actually allow to access only a single application 🤔

    #Linux #SysAdmin #Privacy #Security #SelfHosting #homelab
    @homelab

  20. Out of the #IdM / #SSO solutions I can #SelfHost that I remembered about, apparently only #KaniDM has ability to create app passwords / bearer tokens that actually allow to access only a single application 🤔

    #Linux #SysAdmin #Privacy #Security #SelfHosting #homelab
    @homelab

  21. Be me.
    Make a typo `pcke` instead of `pkce` in your NixOS config for headscale.
    Config does not get spellchecked, just converted to yml.
    Kandidm does not reciece pkce challenge.
    Fight for hours over 4 weeks to finally decide to open the generated yml.

    GG.

    #NixOS #HeadScale #KanIDM

  22. Be me.
    Make a typo `pcke` instead of `pkce` in your NixOS config for headscale.
    Config does not get spellchecked, just converted to yml.
    Kandidm does not reciece pkce challenge.
    Fight for hours over 4 weeks to finally decide to open the generated yml.

    GG.

    #NixOS #HeadScale #KanIDM

  23. Be me.
    Make a typo `pcke` instead of `pkce` in your NixOS config for headscale.
    Config does not get spellchecked, just converted to yml.
    Kandidm does not reciece pkce challenge.
    Fight for hours over 4 weeks to finally decide to open the generated yml.

    GG.

    #NixOS #HeadScale #KanIDM

  24. Be me.
    Make a typo `pcke` instead of `pkce` in your NixOS config for headscale.
    Config does not get spellchecked, just converted to yml.
    Kandidm does not reciece pkce challenge.
    Fight for hours over 4 weeks to finally decide to open the generated yml.

    GG.

    #NixOS #HeadScale #KanIDM

  25. Be me.
    Make a typo `pcke` instead of `pkce` in your NixOS config for headscale.
    Config does not get spellchecked, just converted to yml.
    Kandidm does not reciece pkce challenge.
    Fight for hours over 4 weeks to finally decide to open the generated yml.

    GG.

    #NixOS #HeadScale #KanIDM

  26. I proposed something for #kanidm which a reviewer described as "what if CSRF tokens but they hurt to touch"

  27. I proposed something for #kanidm which a reviewer described as "what if CSRF tokens but they hurt to touch"

  28. I proposed something for #kanidm which a reviewer described as "what if CSRF tokens but they hurt to touch"

  29. I proposed something for #kanidm which a reviewer described as "what if CSRF tokens but they hurt to touch"

  30. I proposed something for #kanidm which a reviewer described as "what if CSRF tokens but they hurt to touch"

  31. Finally got Forgejo running on Kubernetes with single-sign-on based on Kanidm!

    Took me one day of work, which I'm not sure if it's a good or a bad thing…

    #Forgejo #Kubernetes #Kanidm

  32. Finally got Forgejo running on Kubernetes with single-sign-on based on Kanidm!

    Took me one day of work, which I'm not sure if it's a good or a bad thing…

    #Forgejo #Kubernetes #Kanidm

  33. Finally got Forgejo running on Kubernetes with single-sign-on based on Kanidm!

    Took me one day of work, which I'm not sure if it's a good or a bad thing…

    #Forgejo #Kubernetes #Kanidm

  34. ClaimMaps in Kanidm on NixOS fixed.
    Now paperless-ngx and wiki-js can read user groups/roles over OIDC.

    The trick wad to `_` instead of `-` in thr naming scheme.

    #KanIDM #NixOS #OIDC #OpenIdConnect

  35. ClaimMaps in Kanidm on NixOS fixed.
    Now paperless-ngx and wiki-js can read user groups/roles over OIDC.

    The trick wad to `_` instead of `-` in thr naming scheme.

    #KanIDM #NixOS #OIDC #OpenIdConnect

  36. ClaimMaps in Kanidm on NixOS fixed.
    Now paperless-ngx and wiki-js can read user groups/roles over OIDC.

    The trick wad to `_` instead of `-` in thr naming scheme.

    #KanIDM #NixOS #OIDC #OpenIdConnect

  37. ClaimMaps in Kanidm on NixOS fixed.
    Now paperless-ngx and wiki-js can read user groups/roles over OIDC.

    The trick wad to `_` instead of `-` in thr naming scheme.

    #KanIDM #NixOS #OIDC #OpenIdConnect

  38. ClaimMaps in Kanidm on NixOS fixed.
    Now paperless-ngx and wiki-js can read user groups/roles over OIDC.

    The trick wad to `_` instead of `-` in thr naming scheme.

    #KanIDM #NixOS #OIDC #OpenIdConnect

  39. kanidm seems to be a cool project

    managed to deploy it pretty quickly and without any issues

    (and also found out that i never set a pin on my yubikey in the process for firefox reasons)

    #kanidm

  40. kanidm seems to be a cool project

    managed to deploy it pretty quickly and without any issues

    (and also found out that i never set a pin on my yubikey in the process for firefox reasons)

    #kanidm

  41. kanidm seems to be a cool project

    managed to deploy it pretty quickly and without any issues

    (and also found out that i never set a pin on my yubikey in the process for firefox reasons)

    #kanidm

  42. commands for kanidm + bookstack

    kanidm create group bookstack_admin

    kanidm system oauth2 create-claim-map bookstack bookstack_roles bookstack_admin admin

    kanidm system oauth2 update-scope-map bookstack bookstack_users email groups openid profile bookstack_roles

    kanidm group add-members bookstack_admin stelb

    Environment for bookstack:
    OIDC_USER_TO_GROUPS=true
    OIDC_GROUPS_CLAIM=bookstack_roles
    OIDC_REMOVE_FROM_GROUPS=true

    #iam #idm #oauth2 #roles #claim-map #kanidm

  43. commands for kanidm + bookstack

    kanidm create group bookstack_admin

    kanidm system oauth2 create-claim-map bookstack bookstack_roles bookstack_admin admin

    kanidm system oauth2 update-scope-map bookstack bookstack_users email groups openid profile bookstack_roles

    kanidm group add-members bookstack_admin stelb

    Environment for bookstack:
    OIDC_USER_TO_GROUPS=true
    OIDC_GROUPS_CLAIM=bookstack_roles
    OIDC_REMOVE_FROM_GROUPS=true

    #iam #idm #oauth2 #roles #claim-map #kanidm

  44. commands for kanidm + bookstack

    kanidm create group bookstack_admin

    kanidm system oauth2 create-claim-map bookstack bookstack_roles bookstack_admin admin

    kanidm system oauth2 update-scope-map bookstack bookstack_users email groups openid profile bookstack_roles

    kanidm group add-members bookstack_admin stelb

    Environment for bookstack:
    OIDC_USER_TO_GROUPS=true
    OIDC_GROUPS_CLAIM=bookstack_roles
    OIDC_REMOVE_FROM_GROUPS=true

    #iam #idm #oauth2 #roles #claim-map #kanidm

  45. I did this for bookstack with kanidm
    Given the oauth2 app is 'bookstack':
    map claims (roles in bookstack, say admin)
    to scopes and groups in IAM, e.g. bookstack_roles and bookstack_admin

    add the scope to the oauth2 application

    assign users to these groups as needed.

    configure app which scope to use for roles

    #iam #idm #oauth2 #roles #claim-map #kanidm

  46. I did this for bookstack with kanidm
    Given the oauth2 app is 'bookstack':
    map claims (roles in bookstack, say admin)
    to scopes and groups in IAM, e.g. bookstack_roles and bookstack_admin

    add the scope to the oauth2 application

    assign users to these groups as needed.

    configure app which scope to use for roles

    #iam #idm #oauth2 #roles #claim-map #kanidm

  47. I did this for bookstack with kanidm
    Given the oauth2 app is 'bookstack':
    map claims (roles in bookstack, say admin)
    to scopes and groups in IAM, e.g. bookstack_roles and bookstack_admin

    add the scope to the oauth2 application

    assign users to these groups as needed.

    configure app which scope to use for roles

    #iam #idm #oauth2 #roles #claim-map #kanidm

  48. Ok, first time I tried to use a custom scope to map oauth2 users to application specific roles.
    Followed some sample and I just replaced names.
    Working with one role.. adding another. Both roles not working anymore.
    Reading more theory about scopes and claims did help to understand (oh well 🙈)
    It's actually not that complicated 🤓
    Both roles working now. Writing up some docs and adding another 2 roles is planned for tomorrow.
    #oauth2 #idm #kanidm

  49. Ok, first time I tried to use a custom scope to map oauth2 users to application specific roles.
    Followed some sample and I just replaced names.
    Working with one role.. adding another. Both roles not working anymore.
    Reading more theory about scopes and claims did help to understand (oh well 🙈)
    It's actually not that complicated 🤓
    Both roles working now. Writing up some docs and adding another 2 roles is planned for tomorrow.
    #oauth2 #idm #kanidm

  50. Ok, first time I tried to use a custom scope to map oauth2 users to application specific roles.
    Followed some sample and I just replaced names.
    Working with one role.. adding another. Both roles not working anymore.
    Reading more theory about scopes and claims did help to understand (oh well 🙈)
    It's actually not that complicated 🤓
    Both roles working now. Writing up some docs and adding another 2 roles is planned for tomorrow.
    #oauth2 #idm #kanidm