What are we (NRENs deploying SAML) gonna do about libxml2? It is now sort of unmaintained and reading the announcement for it, I can totally understand why the maintainer wants to step away.
#SAML
🍋 LemonLDAP::NG 2.21 is out!
🔗 Read our release notes: https://projects.ow2.org/view/lemonldap-ng/lemonldap-ng-2-21-1-is-out/
#IAM #SSO #CAS #SAML #OpenIDConnect #OW2 #lemonldap #lemonldapng #Passkeys #Passwordless #WebAuthn #FIDO2 #WebSSO #OpenSource #FreeSoftware #LogicielLibre #Perl
Transition your #ArcGIS accounts to organization-specific (#SAML or #OpenID Connect) accounts https://tinyurl.com/mr25xhkf
#security #ArcGISAdmin #ArcGISOnline #GIS #esri #WebGIS #GISchat #geospatial #mapstodon @esri @esrifederalgovt @esrislgov @arcgisonline @esritraining
Нюансы работы с протоколом SAML 2.0
Привет, Хабр! На связи Дмитрий Грудинин. Современные корпоративные веб-приложения и облачные сервисы в обязательном порядке требуют безопасной аутентификации и авторизации пользователей. Как правило, для этого используются протоколы: SAML 2.0 или OpenID Connect (OIDC) на базе OAuth. Оба решают схожие задачи, связанные с делегированием ответственности за верификацию пользователя стороннему доверенному провайдеру. При этом оба протокола скрывают за собой обширный арсенал различных вариантов использования, к тому же OIDC постоянно расширяется. В данной статье мы рассмотрим сценарий использования протокола SAML так сказать «for dummies» . Идея статьи – без излишеств рассказать о том, что на самом деле нужно знать в SAML. И не рассказывать о том, без чего можно прекрасно обойтись.
https://habr.com/ru/companies/avanpost/articles/915566/
#saml_20 #avanpost #аутентификация_пользователей #service_provider #identity_provider #xml #base64 #saml
🚨 SAML-lek ontdekt! Hackers kapen admin-accounts. Zorg dat je beveiliging op orde is met updates en MFA! Meer weten? [Link] #CyberSecurity #SAML
https://itinsights.nl/cybersecurity/saml-lek-hackers-kapen-admin-accounts-2/
Guten Morgen! Am 11. Juni findet wieder meine ganztägige Keycloak-Schulung statt und es gibt noch ein paar freie Plätze. Die Zielgruppe sind Admin*s, die den von @univention ausgelieferten Keycloak in Verbindung mit UCS einsetzen. SSO-Vorkenntnisse sind nicht nötig. Falls noch jemand teilnehmen möchte, sind hier die Details zur Anmeldung:
A few days ago, we released SAML-tracer v1.9 🚀
Besides some minor fixes, this version introduces a new feature:
You can now filter for protocol-related requests only – cutting out the noise from all those extra requests that get in the way during analysis.
Get it here:
Firefox: https://addons.mozilla.org/firefox/addon/saml-tracer/
Chrome: https://chromewebstore.google.com/detail/saml-tracer/mpdajninpobndbfcldcmbpnnbhibjmch
Anyone at @github's GHSA team care to look into this PR that got closed? I believe I've found an omniauth-saml advisory that simply references three other GHSA advisories that affect one of it's dependencies, ruby-saml. I see no evidence why a separate advisory needs to exist for omniauth-saml, when the security issues exist in ruby-saml, and can easily be upgraded independently of omniauth-saml (ex: gem upgrade ruby-saml / bundle update ruby-saml). This seems like a maintainer created yet another advisory simply to notify their users about other advisories affecting their dependencies, which seems like overkill and creates duplicate security advisory data. I think this GHSA advisory should be withdrawn/removed.
https://github.com/github/advisory-database/pull/5625
I've submitted my slides for my #LightningTalk at #TNC25
Don't believe everything you read in a #SAML assertion
Quite excited for it now 😎
Kennt sich jemand mit #SAML aus?
Ich hab das Problem, dass ich mich in #Friendica mittels SAML auf keycloak authentifiziere.
Und ich muss mich oft bei jedem Blick auf die Webapp anmelden... 10, 15x am Tag.
Das nervt.
Mein Browser ist #Vanadium auf #GrapheneOS
Verwirft Vanadium das Saml-Ticket?
Muss ich in den Client-Settings auf Keycloak drehen?
Ist das normal bei Saml?
Die OIDC-Logins vom selben keycloak-Server (Peertube, Nextcloud, Mobilizon) bleiben über Wochen und Monate aufrecht...
@train authentication matters, especially with a nosey trying to be computer savvy tween. I'm not locked into OIDC though. I am very familiar with #ldap , #radius, #saml, transparent http proxy auth. I usually feel OIDC is a niceity. I hate when #homelab apps only have local authentication. I have craploads of apps 7 immediate family members possibly using that app. Your app isn't special and you don't get to have a special exception for me to death with passwords that aren't centrally located.
Single Sign-On плагин для Sonatype Nexus Repository
Хочу рассказать о своём проекте - Single Sign-On плагин для Sonatype Nexus Repository . Плагин реализует аутентификацию через SSO и пользовательские токены для Nexus редакции "Community Edition". Если вам интересна эта тема, то добро пожаловать под кат.
https://habr.com/ru/articles/904766/
#сезон_open_source #sonatype_nexus_repository_oss #sso #saml #java #osgi #хранение_данных
I became a maintainer of a popular #SAML library for Node.js, "node-saml", which in turn uses "xml-crypto", which in turn is based on XML signatures.
If you are still using SAML for #SSO, be aware there has been string of SAML vulnerabilities related to the fundamentals of how it works and there are likely to be more. You are advised to OIDC instead.
In this thread, I'll discuss some of weaknesses in SAML that have come up repeatedly. 🧵
Long shot, but: As my project for #eh22 I was thinking about extending our #Keycloak configuration auditor with some checks for #SAML-based authentication. However, I know next to nothing about SAML and am a bit lost, to be honest. If anyone is at #eh22 who has some knowledge about SAML security and common misconfigurations (on the server or client side), and wants to collaborate to create some checks for #kcwarden (https://github.com/iteratec/kcwarden), hit me up.
I'm sure there is a simple, totally obvious reason (no trusted central authority problem?) but it seems kind of strange to me that the #Fediverse doesn't allow me to truly use a single login across services via some kind of #FIDO compliant magic, considering that almost everyone is an #infosec person and/or developer. Admittedly, I haven't thought about this too deeply. Also, where's passkey support? #saml #sso
🍋 LemonLDAP::NG 2.21 is out!
📃 This new release includes improvements on OpenID Connect and CAS protocols, Loki logger, public notifications and much more.
🔗 Read our release notes: https://projects.ow2.org/view/lemonldap-ng/lemonldap-ng-2-21-0-is-out/
#IAM #SSO #CAS #SAML #OpenIDConnect #OW2 #lemonldap #lemonldapng #Passkeys #Passwordless #WebAuthn #FIDO2 #Loki #WebSSO #OpenSource #FreeSoftware #LogicielLibre #Perl
Learnings am Wegesrand: Für die Signierung und Verschlüsselung von #SAML-Metadaten nutzt man wegen der häufigen Rotationen und fehlender Automatisierungsmöglichkeit bei Kommunikationspartnern ja meist keine Letsencrypt-Zertifikate. Gestern dachte ich, ach für diesen kurzen Test geht’s mal. Und dann habe ich lange nach dem Fehler gesucht und gemerkt, dass Letsencrypt inzwischen EC-Schlüssel statt RSA generiert,mit denen der #Shibboleth SP nicht signieren kann. #til #sso #singlesignon
Client Info
Server: https://mastodon.social
Version: 2025.04
Repository: https://github.com/cyevgeniy/lmst