Recent searches

No recent searches

Search options

Only available when logged in.
toad.social is one of the many independent Mastodon servers you can use to participate in the fediverse.
Mastodon server operated by David Troy, a tech pioneer and investigative journalist addressing threats to democracy. Thoughtful participation and discussion welcome.

Administered by:

Server stats:

274
active users

toad.social: AboutProfiles directoryPrivacy policy

Mastodon: AboutGet the appKeyboard shortcutsView source codev4.4.1

#sso

1 post1 participant0 posts today
Štěpán Škorpil<p>Just moved al my <a href="https://mastodon.skorpil.cz/tags/git" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>git</span></a> repos from <a href="https://mastodon.skorpil.cz/tags/GitHub" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>GitHub</span></a> to my own <a href="https://mastodon.skorpil.cz/tags/Forgejo" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Forgejo</span></a> instance.<br>I did complete setup with <a href="https://mastodon.skorpil.cz/tags/sso" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>sso</span></a> (single sign on) using <a href="https://mastodon.skorpil.cz/tags/KeyCloak" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>KeyCloak</span></a> and with in-docker runner.</p><p>Up until today's morning I was going to install gitlab, but I was persuaded by being presented as lightweight, fully selfhostable, 100% open and with federating features on the way.</p><p>Looking forward to try some federation stuff.<br><a href="https://git.skorpil.cz/explore/repos" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="">git.skorpil.cz/explore/repos</span><span class="invisible"></span></a></p>
Redish Lab<p>A couple of questions for <a href="https://neuromatch.social/tags/unix" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>unix</span></a> gurus. </p><p>With the Windows 10 EOL crisis, we are likely going to be switching most of our lab computers over to unix. We have been testing <a href="https://neuromatch.social/tags/Ubuntu" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Ubuntu</span></a> 24.04 LTS. It seems to meet most of our requirements nicely, but I have two needs I have not solved yet:</p><p>1. I am looking for some sort of <a href="https://neuromatch.social/tags/SSO" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>SSO</span></a> system where I can control all of the logins and group permissions centrally for the lab. I don't want people to have to maintain passwords across two dozen computers. I do not need the whole complexity of centralized group policies and the like. I just need SSO.</p><p>2. I am looking for a reliable <a href="https://neuromatch.social/tags/AntiVirus" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>AntiVirus</span></a> system. I know that people say unix doesn't need it, but I just don't believe that.</p><p>Important keys are (1) most of my personnel are not computer-savvy unix-gurus, and (2) I do not have the time to be a full-time sysadmin for two dozen computers, so the "we can hack this together with enough effort" solutions that I used when I was a (unix-savvy) graduate student myself is not acceptable here. I need a more business-friendly system.</p><p>Cost matters, but I'm willing to pay for the right thing. So am interested in both freeware and paid solutions.</p><p>thanks for any suggestions.</p><p>PS. PLEASE do not respond to this with a rants about freeware vs corporate, or the qualities of unix vs Windows. Those are debates for another time and another place. thx</p>
Wladimir Mufty<p>Setting up a sector-wide <a href="https://social.edu.nl/tags/PeerTube" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>PeerTube</span></a> pilot instance on behalf of Dutch higher ed &amp; research using <a href="https://social.edu.nl/tags/SSO" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>SSO</span></a> via <a href="https://social.edu.nl/tags/SAML" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>SAML</span></a>, so no local usernames/passwords…</p><p>Anyone with experience uploading videos using the <a href="https://social.edu.nl/tags/REST" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>REST</span></a> <a href="https://social.edu.nl/tags/API" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>API</span></a> for system integration purposes? No classic <a href="https://social.edu.nl/tags/OAuth" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>OAuth</span></a> flow here… or is it possible?!</p><p>💚➡️ <a href="https://social.edu.nl/tags/Framasoft" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Framasoft</span></a> <a href="https://social.edu.nl/tags/Fediverse" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Fediverse</span></a> <a href="https://social.edu.nl/tags/OpenSource" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>OpenSource</span></a> <a href="https://social.edu.nl/tags/Education" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Education</span></a> <a href="https://social.edu.nl/tags/Science" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Science</span></a> <a href="https://social.edu.nl/tags/askfedi" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>askfedi</span></a></p><p>👩🏽‍🎓 <a href="https://video.edu.nl/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="">video.edu.nl/</span><span class="invisible"></span></a></p>
Jörg Hafer<p><span class="h-card" translate="no"><a href="https://bildung.social/@TorbenMau" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>TorbenMau</span></a></span> <span class="h-card" translate="no"><a href="https://reporter.social/@pikarl" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>pikarl</span></a></span> <span class="h-card" translate="no"><a href="https://academiccloud.social/@gwdg" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>gwdg</span></a></span> <span class="h-card" translate="no"><a href="https://mastodon.social/@zesspress" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>zesspress</span></a></span> </p><p>"Ein Hinweis: Meines Wissens nach stellt die <span class="h-card" translate="no"><a href="https://academiccloud.social/@gwdg" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>gwdg</span></a></span> allen Mitarbeitenden UND Studierenden aller nds. Hochschulen ein Mastodon-Account per <a href="https://higher-edu.social/tags/SSO" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>SSO</span></a> zur Verfügung."<br>👍 👍 👍 👍</p>
Torben Mau<p>Empfehlenswerter Artikel und Thread-Zusammenfassung von <span class="h-card" translate="no"><a href="https://reporter.social/@pikarl" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>pikarl</span></a></span> zum Thema Unis im <a href="https://bildung.social/tags/Fediverse" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Fediverse</span></a> und insbesondere <a href="https://bildung.social/tags/mastodon" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>mastodon</span></a> <a href="https://bildung.social/tags/FediLZ" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>FediLZ</span></a> <a href="https://bildung.social/tags/FediCampus" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>FediCampus</span></a> Ein Hinweis: Meines Wissens nach stellt die <span class="h-card" translate="no"><a href="https://academiccloud.social/@gwdg" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>gwdg</span></a></span> allen Mitarbeitenden UND Studierenden aller nds. Hochschulen ein Mastodon-Account per <a href="https://bildung.social/tags/SSO" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>SSO</span></a> zur Verfügung . da ist also viel Potential vorhanden für <a href="https://bildung.social/tags/NDSedu" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>NDSedu</span></a> ! in Kooperation mit <span class="h-card" translate="no"><a href="https://mastodon.social/@zesspress" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>zesspress</span></a></span> will ich daher Studierenden im kommenden Semester das Fediverse näher zu bringen. <a href="https://reporter.social/@pikarl/114895547755049953" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">reporter.social/@pikarl/114895</span><span class="invisible">547755049953</span></a></p>
Štěpán Škorpil<p>On weekend I managed to connect all my selfhosted services that support it to the <a href="https://mastodon.skorpil.cz/tags/Keycloak" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Keycloak</span></a> <a href="https://mastodon.skorpil.cz/tags/SSO" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>SSO</span></a> (single sign on).<br>Namely <a href="https://mastodon.skorpil.cz/tags/Mastodon" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Mastodon</span></a> <a href="https://mastodon.skorpil.cz/tags/Peertube" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Peertube</span></a> <a href="https://mastodon.skorpil.cz/tags/NextCloud" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>NextCloud</span></a> <a href="https://mastodon.skorpil.cz/tags/FreshRSS" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>FreshRSS</span></a> <a href="https://mastodon.skorpil.cz/tags/Matomo" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Matomo</span></a> and <a href="https://mastodon.skorpil.cz/tags/grafana" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>grafana</span></a> </p><p>Why to bother with such complication for apps serving only a couple of users?<br>First it's quite easy nowadays.<br>And second, because I want to get rid of passwords and just use <a href="https://mastodon.skorpil.cz/tags/passkeys" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>passkeys</span></a> .</p><p>This is one of many examples showing that good apps should just focus on one task and just use standards to cooperate with other apps focusing on other tasks.</p><p>Peertube for example focuses on videos, not user management. I am very OK that they don't support passkeys, because they implemented OpenId Connect standard to allow me use Keycloak for better login options.</p><p>On the other hand, I am quite sad that SSO is often the one feature, that is proprietary and reserved only for paying customers. SSO is not for huge corporations anymore. It's also usefull for us, selfhosters with couple of users.</p><p>❤️ :opensource: :keycloak:</p>
Nagaram<p>I am job hunting if anyone is looking for an <a href="https://hachyderm.io/tags/IT" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>IT</span></a> <a href="https://hachyderm.io/tags/engineer" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>engineer</span></a></p><p>I currently work in Mergers and Acquisitions as an IT specialist in the embroidery field, but I have experience with <a href="https://hachyderm.io/tags/Cisco" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Cisco</span></a> <a href="https://hachyderm.io/tags/networking" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>networking</span></a> including their Firepower ASA and their switches. I am also an <a href="https://hachyderm.io/tags/MDM" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>MDM</span></a> engineer and I am the team lead for SOP writing and development. <a href="https://hachyderm.io/tags/SSO" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>SSO</span></a> experience with Okta. Admin experience with <a href="https://hachyderm.io/tags/Threatlocker" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Threatlocker</span></a>.</p><p>I have operated in a variety of compliance frameworks including <a href="https://hachyderm.io/tags/CMMC" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CMMC</span></a> <a href="https://hachyderm.io/tags/PCI" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>PCI</span></a> and <a href="https://hachyderm.io/tags/FEDRAMP" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>FEDRAMP</span></a> for the last 2 years. I've spent 3 years working medical field so I'm <a href="https://hachyderm.io/tags/HIPAA" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>HIPAA</span></a> aware as well.</p><p>I would like to get back into a <a href="https://hachyderm.io/tags/datacenter" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>datacenter</span></a> job. I am comfortable with <a href="https://hachyderm.io/tags/travel" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>travel</span></a> and I'm comfortable with <a href="https://hachyderm.io/tags/parttime" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>parttime</span></a> and <a href="https://hachyderm.io/tags/contract" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>contract</span></a> work if you have any recommendations.</p><p>I won't do defence companies though.</p><p><a href="https://hachyderm.io/tags/FediHire" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>FediHire</span></a> <a href="https://hachyderm.io/tags/getfedihired" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>getfedihired</span></a> <a href="https://hachyderm.io/tags/jobhunting" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>jobhunting</span></a> <a href="https://hachyderm.io/tags/infrastructure" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>infrastructure</span></a></p>
Karl Fredrik 🦊 | 🔜 WHY ☎️ QFOX<p>Is there a term for the class of "credential storage confusion" <a href="https://chaos.social/tags/security" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>security</span></a> issues, where the user accidentally saves a password or passkey in a vault they don't actively use (browser, <a href="https://chaos.social/tags/SSO" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>SSO</span></a> IdP, <a href="https://chaos.social/tags/passwordManager" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>passwordManager</span></a>, OS)?</p><p>One thing that made me think of this is having to go through a separate step (like "use a different device") on Android to avoid enrolling the phone as passkey.</p><p>I can see how users spread active credentials across multiple services which seems like a massive <a href="https://chaos.social/tags/infosec" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>infosec</span></a> issue to me...</p>
Chris Lemoine

Went to our first concert of "classical" #music since February 2020. In Benaroya Hall in #Seattle, Ludovic #Morlot conducted a few pieces by #Ravel and premiered a beautiful new composition by Allison Loggins-Hall, "Rhapsody on a Theme by Joni for Solo Flute and Orchestra." Demarre McGill did a fabulous job in the solo part. In the picture, Morlot is standing away from the podium, directing audience applause away from himself and toward the percussionists. #SSO #SeattleSymphony #classicalmusic

Silke Meyer

Inzwischen hatte ich übrigens Zeit, mit dem Keycloak Auditor kcwarden von @hacksilon und seinem Kollegen herumzuspielen. Ein super Tool, um zu prüfen, wo man die oft sehr laxen Standardeinstellungen nachjustieren sollte!

Repo: github.com/iteratec/kcwarden

Vortrag: youtube.com/watch?v=PRvHLx5oCj

(Und hinterher bitte testen, ob alles noch geht, besonders bei den RedirectURIs. 😉)

GitHubGitHub - iteratec/kcwarden: Keycloak Configuration AuditorKeycloak Configuration Auditor. Contribute to iteratec/kcwarden development by creating an account on GitHub.
#keycloak#itsecurity#sso
Continued thread
Karl Fredrik 🦊 | 🔜 WHY ☎️ QFOX

True story,
- Log into browser with IdP
- Get logged out of IdP
- Log back into IdP
- Click something in the browser's popover and now your browser has a passkey to the IdP
- Get logged out of browser and IdP
- Get locked out because you need to log into the browser to log into the IdP to log into the browser to log into the IdP to...

How can this failure mode exist?

Where do we even start to communicate this to users in a good way?

/rant

#infosec#passkeys#ux
*
Lucas Janin 🇨🇦🇫🇷

I love #PocketID, a light weight #selfhosted #OIDC using only #Passkey.

After using it for several months with an LXC installation using Proxmox Helper Scripts, I noticed that the service runs as root. I also learned that a VM installation is more secure than an LXC. This article will guide you through installing Pocket-ID as a non-root service on Debian. Additionally, there's an upgrade script included.

#Proxmox #debian #selfhosting #homelab #openID #passkeys #SSO

lucasjanin.com/2025/06/02/pock

*
Lucas Janin 🇨🇦🇫🇷

Après avoir utilisé #PocketID pendant plusieurs mois avec une installation LXC via les Proxmox Helper Scripts, j'ai remarqué que le service s'exécute en tant que root. J'ai également appris qu'une VM est plus sécurisée qu'un LXC. Cet article vous guidera dans l'installation de PocketID en tant que service non root sur Debian. De plus, un script de mise à niveau est inclus.

#Proxmox #debian #selfhosted #selfhosting #homelab #OIDC #openID #passkey #passkeys #SSO

lucasjanin.com/2025/06/02/pock

scops

Es ist zum Haare raufen. Vor kurzem wurde TikTok u.a. deswegen verknackt, weil sie auf Servern auf hosten, auf die sie von China aus Zugriff haben; Weil das Datenschutzniveau nicht dem der EU entspricht und das auch nicht vertraglich ("Standardvertragsklauseln") auf sichere Beine gestellt werden kann.
Nun habe ich das wieder zum Anlass genommen meine Vorgesetzten darauf hinzuweisen, dass es vielleicht bei der Situation zw. #EU und den #USA keine gute Idee ist mit unserem #SSO und #IAM (für uns und Kunden) auf #AWS #Cloud zu setzen und wir doch vielleicht wenigstens z.b. bei #Hetzner einen Backupplan entwickeln sollten.
Man hofft, dass schon alles gut gehen wird und setzt, weil die Unternehmensgruppe drauf setzt und man viel investiert hat, weiter auschließlich auf AWS.
🤮

#rant#privacy
Kevin Veen-Birkenbach

Spannende Diskussion auf der #RP25 "Zurück in die Zukunft: Warum das Fediverse das neue, soziale und demokratische Netz für Europa (und die Welt) werden sollte" - re-publica.com/de/session/zuru

mit @ulrichkelber @melaniebartos @gavinkarlmeier @bjoernsta

FYI: Wenn man #FediverseInstanzen wie @Discourse, #Mastodon, @peertube , #Pixelfeed aber auch Bildungslösungen mit einheitlichem #SSO nutzen will bietet sich #CyMaIS an.

Schnell installiert und alles aus einer Hand:

github.com/kevinveenbirkenbach

republicaZurück in die Zukunft: Warum das Fediverse das neue, soziale und demokratische Netz für Europa (und die Welt) werden sollte | re:publica
Matthias Klein 🇪🇺|🇩🇪

🎉 Big shout-out to the Pocket ID devs – version 1.0 just dropped!
🛂 My go-to solution for self-hosted Single Sign-On is now officially out of beta.
⚠️ Planning to upgrade? Don’t skip the migration guide – it’s important:

📘 pocket-id.org/docs/setup/migra

pocket-id.orgMigrating to v1.0 | Pocket IDv1.0 is a major release that includes breaking changes. Please read this migration guide carefully before upgrading.
#pocketid#homelab#selfhosting
TrendingLive feeds
About