Step 0 of my homelab rebuild is done. Identity Provider cleaned up so now my domain is doing SAML SSO with 365 and has a few bookmarks in the SSO user portal for my own needs. Planning to add Notion, Matrix, Doppler, Twingate, AWS, and Slack to the SAML SSO portal soon. I at least setup 365 and Avanan for now and bookmarked Tiktok and Twitch. #InfoSec#Cybersecurity#Zerotrust#Homelab#SSO
Wer mag, kann bei den Chemnitzer Linuxtagen was über Single Sign-on für Webanwendungen von mir hören. Ist aber für die, die sonntags morgens nicht verschlafen. 😉
Identity re-use, especially a mastodon account to login to a lemmy server
This would solve so many problems! There are parts of the fediverse where that works, but these are small parts today. Can we make them larger? Join Don and the community to discuss this at https://fediforum.org in March?
🔑 This release paves the way for integrating CryptPad instances with Single-Sign-On (#SSO) authentication. The 2nd piece of this feature is a plugin which we'll release in January 2024.
This release also adds the option to make #2FA mandatory for all users of an instance.
@boilingsteam Also, I have to use Facebook because of family and groups. Groups is a huge feature. The car groups I'm involved with have a huge presence and wealth of knowledge/manufacturing/designing in those respective Facebook groups. This used to be facilitated by email mailing lists or forums. There needs to be a good replacement for that, and really, there needs to be a DIY SSO solution for Fediverse platforms.
#Cybersecurity#SSO#Authentication#Okta#Hacking: "Okta, a company that provides identity tools like multi-factor authentication and single sign-on to thousands of businesses, has suffered a security breach involving a compromise of its customer support unit, KrebsOnSecurity has learned. Okta says the incident affected a “very small number” of customers, however it appears the hackers responsible had access to Okta’s support platform for at least two weeks before the company fully contained the intrusion.
In an advisory sent to an undisclosed number of customers on Oct. 19, Okta said it “has identified adversarial activity that leveraged access to a stolen credential to access Okta’s support case management system. The threat actor was able to view files uploaded by certain Okta customers as part of recent support cases.”
Okta explained that when it is troubleshooting issues with customers it will often ask for a recording of a Web browser session (a.k.a. an HTTP Archive or HAR file). These are sensitive files because in this case they include the customer’s cookies and session tokens, which intruders can then use to impersonate valid users."
I'm about to move a few parts of my network off-site. Anyone have any input for getting LDAP-based authentication to work across locations?
Like, LDAP+TLS with mutual certificate authentication is just fine, but I don't like the idea of exposing an LDAP port. Though a firewall rule to only allow the other side's IP to access it would probably be okay.
Given that this side still needs to access some internal services, it also makes sense just to #WireGuard it or something, that gives me everything in a manner that I believe is secure, I've yet to hear of any breaks on its encryption... just that if the remote host is compromised I have quite a wide open attack surface.
Here's a screencast demonstration of Single Sign-On facilitated by loosely-coupling #Identity and #Authentication, courtesy of the #IndieAuth protocol.
🌟 This is the official Mastodon account for LemonLDAP::NG, a Web Single Sign On free software compatible with many open standards like CAS, SAML and OpenID Connect.
ℹ️ We will publish here information about releases and new features. Please follow us!