RE: https://geno.social/@hostsharing/115705439013887971

Ich kann @hostsharing sehr empfehlen!

Meine Organisation @propeace ist Genossenschaftsmitglied und hat mit Hostsharing dieses Jahr unsere IT-Infrastruktur modernisiert:

- Wir nutzen nun organisationsweit #Element #Matrix und hosten einen #Synapse-Server
- Wir haben #SSO bei vielen unserer Dienste mittels #Keycloak implementiert
- Wir haben endlich einen eigenen Mailserver
- Unsere Mailinglisten synchronisieren sich mit unserem AD

Wir sind jetzt noch ein gutes Stück technisch souveräner!

#Fortinet warns of critical #FortiCloud #SSO login auth bypass flaws

https://www.bleepingcomputer.com/news/security/fortinet-warns-of-critical-forticloud-sso-login-auth-bypass-flaws/

#cybersecurity

Am 12. Januar 2026 geht es weiter mit unserer Web-Seminar-Reihe, zu der alle Organisationen der Sozialen und Solidarischen Ökonomie herzlich eingeladen sind:
Fit für Solawi

(Im Bild hat sich ein Fehler beim Datum eingeschlichen.)

Infos zu den Terminen und Anmeldung
👉 https://www.solidarische-landwirtschaft.org/solawis-kurse/fit-fuer-solawi/?mtm_campaign=fedi

#webinar #solawi #SSÖ #SocialEconomy

Dùng Authelia khó hiểu? Người dùng Reddit chia sẻ kinh nghiệm cấu hình YAML phức tạp, so sánh với Keycloak có giao diện trực quan. Bạn chọn giải pháp đơn giản hay linh hoạt? #selfhosted #Authelia #Keycloak #SSO #🔐TechVn #🔐ĐặtCấuHình

https://www.reddit.com/r/selfhosted/comments/1pibf2n/why_do_people_recommend_authelia/

"Thuế SSO" không nên chỉ dừng ở việc cung cấp SSO, mà cần "thực thi nghiêm ngặt SSO" để nâng cao bảo mật. Các công ty hiện đang thu phí SSO nhưng vẫn cho phép đăng nhập bằng tên/mật khẩu, gây lỗ hổng an ninh. Bài viết từ /u/ericchiang cảnh báo về cách tiếp cận sai lầm này và kêu gọi quy chuẩn hóa SSO trong hệ thống. #SSO #AnToànMạng #Cybersecurity #SaaS #TăngTối #ĐăngNhậpĐơn #ThựcHànhDev

https://www.reddit.com/r/programming/comments/1pht71g/the_sso_tax_shouldnt_be_about_having_sso_it/

Xây dựng nền tảng phục vụ tự động mở nguồn (open-source) tích hợp xác thực (approvals) & đăng nhập một lần (SSO) chỉ với 1 file binary. Đơn giản, hiệu quả cho #DevOps.
#opensource #selfservice #singlebinary #technology #đầucầumởnguồn #devops #sso

https://www.reddit.com/r/opensource/comments/1ph2e5x/built_an_opensource_selfservice_platform_with/

With SSO

But which one?

#zitadel #authentic #kanidm #sso

Has anyone done some kind of SSO / SAML auth thing which supports "N of M" type authentication?

Like, I want to log into a shared Fedi account to post something; I log into my SSO provider as usual, and another member of the same group needs to "approve" before I get a login ticket for the target account.

The intended market for this would be organisations who don't want to share a password for an account, or who want some oversight on how it's used.

#SSO #SAML #Authentication

Don’t let MFA lull you into complacency. Advanced phishing kits can still slip through.

Before the Thanksgiving holiday, one of our customers alerted us to an Evilginx MITM phishing campaign targeting university students and SSO portals. At least 18 American institutions were targeted.

We tested several approaches for large-scale detection, including analyzing web server fingerprints and HTTP artifacts. However, this proved challenging because Evilginx operates as a proxy between the victim’s browser and the legitimate login page, making its behavior and content nearly indistinguishable from the real site. In the end, we mostly relied on DNS for confirmation and classification.

Here is a short blog about the campaign and actor, including involved domains and IPs.

https://blogs.infoblox.com/threat-intelligence/dns-uncovers-infrastructure-used-in-sso-attacks/

#InfobloxThreatIntel #dns #evilginx #threatintel #threatintelligence #infosec #cybersecurity #cybercrime #infoblox #phishing #mitm #aitm #sso #mfa #university #students #proxy #login

Единый вход для ML-стека на примере Keycloak

Привет! Я Саша Абакумов, DevOps-инженер в KTS . Нашей команде часто приходится поднимать инфраструктуру под ML-проекты. Со временем число ML-инженеров и разработчиков на таких проектах росло, и логиниться в каждый по отдельности становилось все больнее. Чтобы упростить коллегам жизнь, мы интегрировали Single Sign-On (SSO) в стек одного из наших проектов, состоящий из JupyterHub, Airflow и MLflow. SSO позволяет единообразно аутентифицироваться во всех инструментах под одной учетной записью. Помимо очевидного удобства, нам это также дало возможность централизованно управлять доступом и внедрить RBAC — сопоставление ролей в инструментах с группами или ролями в IdP. В качестве инструмента для реализации SSO я использовал OIDC-провайдер Keycloak, наверняка многим хорошо знакомый. Ниже я расскажу о том, как с его помощью настроить SSO для JupyterHub, MLflow и Airflow (все компоненты разворачиваются с помощью Helm-чартов).

https://habr.com/ru/companies/kts/articles/971982/

#ml #mlflow #sso #sso_аутентификация #jupyterhub #airflow #keycloak

I wrote a new blog post about PassBeyond, a lightweight SAML SP + reverse proxy to add SSO to self-hosted apps that don’t support modern authentication. It handles SAML, creates JWT sessions, and forwards identity via headers - no code changes needed.

🔗 https://blog.bella.network/securing-web-applications-with-passbeyond/

#SAML #SSO #SelfHosted #Security #Sysadmim #DevOps #Golang

Meine Oma (85) sitzt am Küchentisch und sortiert Bilder in ihre digitalen Alben am #ipad ein, nachdem sie sich souverän in meiner #nextcloud eingeloggt hat, um sie runterzuladen. Mit #sso Login per #passkey sogar ganz ohne Hilfe. Ein Segen, dass #apple endlich ein Drag and Drop Feature gebracht hat.

Das macht einen irgendwie anders stolz! 🥲

Tried using #portainer for my #docker services but I got overwhelmed with all the pay for this stuff and went to #yacht,... But yacht seems a bit underwhelming.. Any other options?

I also need to migrate from systemd #caddy for my reverse proxy to a docker version. And also figure out how to make containers wait for the postgres container then figure out backups and scaling to a second machine.... Why did I go on this docker journey again? Oh, right #SSO for the new #SmallBusiness I #sysadmin.

@Sascha Ich meine, konsistente #UI & #UX ist wichtig...

• Und in einem größeren Organisationskontext sind #WebApps und #WebClients eine gute Option, weil damit #SSO & #Datensicherheit einfacher umsetzbar ist und anders als #ThinkClients mit #RemoteDesktop weniger #Traffic und weniger Ressourcenbedarf auf IT-Seite notwendig ist.

Jedenfalls deutlich besser und eine gute Alternative zu #Office365 für alle die #DSGVO & #BDSG einhalten wollen!

#Datenschutz #InfoSec #OpSec #ITsec #ComSec

🌟 LemonLDAP::NG 2.22.1 released!

ℹ️ Some regressions were fixed, plan your upgrades!

➡️ https://projects.ow2.org/view/lemonldap-ng/lemonldap-ng-2-22-1-is-out/

@ow2 @PerlRakuFoundation

#IAM #SSO #CAS #SAML #OpenIDConnect #OpenSource #LogicielLibre #Perl

Use the #AWS #S3 (#Microsoft #Entra) connection profile to connect to S3 with temporary credentials from Microsoft Entra #OIDC #SSO https://docs.cyberduck.io/tutorials/s3_microsoft_entra_oidc/

Monday, November 24, 2025

https://activitypub.writeworks.uk/2025/11/monday-november-24-2025/

Worked on a good longread: simplify your identity mess!

Learn how a Federation Gateway orchestrates all your IdPs (Entra ID, Google, SAML). Must-read architecture deep dive!

https://duende.link/8aefizq #IdentityOrchestration #SSO #Security #dotnet

@leanderlindahl

This is called "#OpenIdConnect or #oidc or other #SingleSignOn #SSO Method

But... this is a thing, worth to think about.

How do you think does this work?

You register an account on a sso-provider and then you can login to mastodon.fuckheads.org and pixelfed.letmeall.one and next.cloud and friendica.noidiots.here and wordpress.stupid.things and vaultwarden.my.secrets

Each service run by another admin or organization...

Then you have a cental fediverse login. And the central login provider knows wo is who in the fediverse. And each service-admin has to configure his service to use the central login.
And each admin has no planning-capacity how many users will come and resources are needed. No control about his users.

Or you have multiple sso-providers. So each admin has to configure his service for each other serviceprovider too... the you have to choose on the login-page out of 27 or 150 login-providers... not so "handy"

Or... and this is still realized:
You've a service provider, which serves mastodon, pixelfed, peertube, nextcloud and so on, and has configured a sso-service for all services he provides. The you login at your serviceproviders first service snd you are logged in on all other services he provides.

Adminforge.de is such a service-provider and tchncs.de another one.
Then your fediverse accounts ALL stand and fall with that one person or organization.

What you want is "google without google, not realizing what this means in real live"