techhub.social is one of the many independent Mastodon servers you can use to participate in the fediverse.
A hub primarily for passionate technologists, but everyone is welcome

Administered by:

Server stats:

4.7K
active users

#saml

1 post1 participant0 posts today
LemonLDAP::NG<p>🍋 LemonLDAP::NG 2.21.2 is out!</p><p>🔗 Read our release notes: <a href="https://projects.ow2.org/view/lemonldap-ng/lemonldap-ng-2-21-2-is-out/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">projects.ow2.org/view/lemonlda</span><span class="invisible">p-ng/lemonldap-ng-2-21-2-is-out/</span></a></p><p><span class="h-card" translate="no"><a href="https://fosstodon.org/@ow2" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>ow2</span></a></span> </p><p><a href="https://fosstodon.org/tags/IAM" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>IAM</span></a> <a href="https://fosstodon.org/tags/SSO" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>SSO</span></a> <a href="https://fosstodon.org/tags/CAS" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CAS</span></a> <a href="https://fosstodon.org/tags/SAML" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>SAML</span></a> <a href="https://fosstodon.org/tags/OpenIDConnect" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>OpenIDConnect</span></a> <a href="https://fosstodon.org/tags/OW2" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>OW2</span></a> <a href="https://fosstodon.org/tags/lemonldap" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>lemonldap</span></a> <a href="https://fosstodon.org/tags/lemonldapng" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>lemonldapng</span></a> <a href="https://fosstodon.org/tags/Passkeys" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Passkeys</span></a> <a href="https://fosstodon.org/tags/Passwordless" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Passwordless</span></a> <a href="https://fosstodon.org/tags/WebAuthn" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>WebAuthn</span></a> <a href="https://fosstodon.org/tags/FIDO2" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>FIDO2</span></a> <a href="https://fosstodon.org/tags/WebSSO" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>WebSSO</span></a> <a href="https://fosstodon.org/tags/OpenSource" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>OpenSource</span></a> <a href="https://fosstodon.org/tags/FreeSoftware" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>FreeSoftware</span></a> <a href="https://fosstodon.org/tags/LogicielLibre" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>LogicielLibre</span></a> <a href="https://fosstodon.org/tags/Perl" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Perl</span></a></p>
Silke Meyer<p>Für "Identity Broker"-Szenarien mit Keycloak finde ich die Doku von Red Hat empfehlenswert. Dort ist verhältnismäßig gut beschrieben, wie man das Durchreichen von Claims/Attributen von einem Identity Provider durch einen anderen zu einem Client konfiguriert.</p><p><a href="https://docs.redhat.com/en/documentation/red_hat_build_of_keycloak/26.0/html/server_administration_guide/identity_broker" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">docs.redhat.com/en/documentati</span><span class="invisible">on/red_hat_build_of_keycloak/26.0/html/server_administration_guide/identity_broker</span></a></p><p><a href="https://univention.social/tags/keycloak" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>keycloak</span></a> <a href="https://univention.social/tags/singlesignon" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>singlesignon</span></a> <a href="https://univention.social/tags/iam" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>iam</span></a> <a href="https://univention.social/tags/oidc" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>oidc</span></a> <a href="https://univention.social/tags/saml" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>saml</span></a></p>
Pyrzout :vm:<p>Troubleshooting SCIM Provisioning Issues: Your Complete Debug Guide – Source: securityboulevard.com <a href="https://ciso2ciso.com/troubleshooting-scim-provisioning-issues-your-complete-debug-guide-source-securityboulevard-com/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">ciso2ciso.com/troubleshooting-</span><span class="invisible">scim-provisioning-issues-your-complete-debug-guide-source-securityboulevard-com/</span></a> <a href="https://social.skynetcloud.site/tags/Identity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Identity</span></a>&amp;AccessManagement(IAM) <a href="https://social.skynetcloud.site/tags/rssfeedpostgeneratorecho" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>rssfeedpostgeneratorecho</span></a> <a href="https://social.skynetcloud.site/tags/SecurityBloggersNetwork" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>SecurityBloggersNetwork</span></a> <a href="https://social.skynetcloud.site/tags/enterprisesecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>enterprisesecurity</span></a> <a href="https://social.skynetcloud.site/tags/CyberSecurityNews" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CyberSecurityNews</span></a> <a href="https://social.skynetcloud.site/tags/SecurityBoulevard" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>SecurityBoulevard</span></a> <a href="https://social.skynetcloud.site/tags/Identity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Identity</span></a>&amp;Access <a href="https://social.skynetcloud.site/tags/authentication" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>authentication</span></a> <a href="https://social.skynetcloud.site/tags/EnterpriseSSO" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>EnterpriseSSO</span></a> <a href="https://social.skynetcloud.site/tags/singlesignon" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>singlesignon</span></a> <a href="https://social.skynetcloud.site/tags/Security" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Security</span></a> <a href="https://social.skynetcloud.site/tags/B2BSaaS" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>B2BSaaS</span></a> <a href="https://social.skynetcloud.site/tags/CIAM" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CIAM</span></a> <a href="https://social.skynetcloud.site/tags/SAML" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>SAML</span></a> <a href="https://social.skynetcloud.site/tags/SCIM" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>SCIM</span></a> <a href="https://social.skynetcloud.site/tags/b2b" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>b2b</span></a> <a href="https://social.skynetcloud.site/tags/SSO" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>SSO</span></a></p>
Pyrzout :vm:<p>SCIM Best Practices: Building Secure and Extensible User Provisioning – Source: securityboulevard.com <a href="https://ciso2ciso.com/scim-best-practices-building-secure-and-extensible-user-provisioning-source-securityboulevard-com/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">ciso2ciso.com/scim-best-practi</span><span class="invisible">ces-building-secure-and-extensible-user-provisioning-source-securityboulevard-com/</span></a> <a href="https://social.skynetcloud.site/tags/Identity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Identity</span></a>&amp;AccessManagement(IAM) <a href="https://social.skynetcloud.site/tags/rssfeedpostgeneratorecho" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>rssfeedpostgeneratorecho</span></a> <a href="https://social.skynetcloud.site/tags/SecurityBloggersNetwork" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>SecurityBloggersNetwork</span></a> <a href="https://social.skynetcloud.site/tags/enterprisesecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>enterprisesecurity</span></a> <a href="https://social.skynetcloud.site/tags/CyberSecurityNews" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CyberSecurityNews</span></a> <a href="https://social.skynetcloud.site/tags/SecurityBoulevard" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>SecurityBoulevard</span></a> <a href="https://social.skynetcloud.site/tags/Identity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Identity</span></a>&amp;Access <a href="https://social.skynetcloud.site/tags/authentication" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>authentication</span></a> <a href="https://social.skynetcloud.site/tags/EnterpriseSSO" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>EnterpriseSSO</span></a> <a href="https://social.skynetcloud.site/tags/singlesignon" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>singlesignon</span></a> <a href="https://social.skynetcloud.site/tags/enterprise" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>enterprise</span></a> <a href="https://social.skynetcloud.site/tags/Security" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Security</span></a> <a href="https://social.skynetcloud.site/tags/B2BSaaS" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>B2BSaaS</span></a> <a href="https://social.skynetcloud.site/tags/CIAM" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CIAM</span></a> <a href="https://social.skynetcloud.site/tags/SAML" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>SAML</span></a> <a href="https://social.skynetcloud.site/tags/SCIM" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>SCIM</span></a> <a href="https://social.skynetcloud.site/tags/b2b" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>b2b</span></a> <a href="https://social.skynetcloud.site/tags/SSO" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>SSO</span></a></p>
LemonLDAP::NG<p>🍋 LemonLDAP::NG 2.21 is out!</p><p>🔗 Read our release notes: <a href="https://projects.ow2.org/view/lemonldap-ng/lemonldap-ng-2-21-1-is-out/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">projects.ow2.org/view/lemonlda</span><span class="invisible">p-ng/lemonldap-ng-2-21-1-is-out/</span></a></p><p><span class="h-card" translate="no"><a href="https://fosstodon.org/@ow2" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>ow2</span></a></span> <span class="h-card" translate="no"><a href="https://mastodon.social/@worteks_com" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>worteks_com</span></a></span> </p><p><a href="https://fosstodon.org/tags/IAM" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>IAM</span></a><br><a href="https://fosstodon.org/tags/SSO" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>SSO</span></a><br><a href="https://fosstodon.org/tags/CAS" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CAS</span></a><br><a href="https://fosstodon.org/tags/SAML" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>SAML</span></a><br><a href="https://fosstodon.org/tags/OpenIDConnect" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>OpenIDConnect</span></a><br><a href="https://fosstodon.org/tags/OW2" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>OW2</span></a><br><a href="https://fosstodon.org/tags/lemonldap" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>lemonldap</span></a><br><a href="https://fosstodon.org/tags/lemonldapng" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>lemonldapng</span></a><br><a href="https://fosstodon.org/tags/Passkeys" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Passkeys</span></a><br><a href="https://fosstodon.org/tags/Passwordless" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Passwordless</span></a><br><a href="https://fosstodon.org/tags/WebAuthn" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>WebAuthn</span></a><br><a href="https://fosstodon.org/tags/FIDO2" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>FIDO2</span></a><br><a href="https://fosstodon.org/tags/Loki" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Loki</span></a><br><a href="https://fosstodon.org/tags/WebSSO" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>WebSSO</span></a><br><a href="https://fosstodon.org/tags/OpenSource" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>OpenSource</span></a><br><a href="https://fosstodon.org/tags/FreeSoftware" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>FreeSoftware</span></a><br><a href="https://fosstodon.org/tags/LogicielLibre" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>LogicielLibre</span></a><br><a href="https://fosstodon.org/tags/Perl" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Perl</span></a></p>
Derek Law<p>Transition your <a href="https://mastodon.world/tags/ArcGIS" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ArcGIS</span></a> accounts to organization-specific (<a href="https://mastodon.world/tags/SAML" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>SAML</span></a> or <a href="https://mastodon.world/tags/OpenID" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>OpenID</span></a> Connect) accounts <a href="https://tinyurl.com/mr25xhkf" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="">tinyurl.com/mr25xhkf</span><span class="invisible"></span></a> </p><p><a href="https://mastodon.world/tags/security" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>security</span></a> <a href="https://mastodon.world/tags/ArcGISAdmin" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ArcGISAdmin</span></a> <a href="https://mastodon.world/tags/ArcGISOnline" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ArcGISOnline</span></a> <a href="https://mastodon.world/tags/GIS" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>GIS</span></a> <a href="https://mastodon.world/tags/esri" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>esri</span></a> <a href="https://mastodon.world/tags/WebGIS" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>WebGIS</span></a> <a href="https://mastodon.world/tags/GISchat" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>GISchat</span></a> <a href="https://mastodon.world/tags/geospatial" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>geospatial</span></a> <a href="https://mastodon.world/tags/mapstodon" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>mapstodon</span></a> <span class="h-card" translate="no"><a href="https://bird.makeup/users/esri" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>esri</span></a></span> <span class="h-card" translate="no"><a href="https://bird.makeup/users/esrifederalgovt" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>esrifederalgovt</span></a></span> <span class="h-card" translate="no"><a href="https://bird.makeup/users/esrislgov" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>esrislgov</span></a></span> <span class="h-card" translate="no"><a href="https://bird.makeup/users/arcgisonline" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>arcgisonline</span></a></span> <span class="h-card" translate="no"><a href="https://bird.makeup/users/esritraining" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>esritraining</span></a></span></p>
IT Insights<p>🚨 SAML-lek ontdekt! Hackers kapen admin-accounts. Zorg dat je beveiliging op orde is met updates en MFA! Meer weten? [Link] <a href="https://mastodon.social/tags/CyberSecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CyberSecurity</span></a> <a href="https://mastodon.social/tags/SAML" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>SAML</span></a>&nbsp;<br><a href="https://itinsights.nl/cybersecurity/saml-lek-hackers-kapen-admin-accounts-2/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">itinsights.nl/cybersecurity/sa</span><span class="invisible">ml-lek-hackers-kapen-admin-accounts-2/</span></a></p>
Silke Meyer<p>Guten Morgen! Am 11. Juni findet wieder meine ganztägige Keycloak-Schulung statt und es gibt noch ein paar freie Plätze. Die Zielgruppe sind Admin*s, die den von <span class="h-card" translate="no"><a href="https://univention.social/@univention" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>univention</span></a></span> ausgelieferten Keycloak in Verbindung mit UCS einsetzen. SSO-Vorkenntnisse sind nicht nötig. Falls noch jemand teilnehmen möchte, sind hier die Details zur Anmeldung:</p><p><a href="https://www.univention.de/training/keycloak/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">univention.de/training/keycloa</span><span class="invisible">k/</span></a></p><p><a href="https://univention.social/tags/Keycloak" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Keycloak</span></a> <a href="https://univention.social/tags/singlesignon" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>singlesignon</span></a> <a href="https://univention.social/tags/oidc" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>oidc</span></a> <a href="https://univention.social/tags/saml" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>saml</span></a> <a href="https://univention.social/tags/univention" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>univention</span></a></p>
khlr<p>A few days ago, we released SAML-tracer v1.9 🚀</p><p>Besides some minor fixes, this version introduces a new feature:<br>You can now filter for protocol-related requests only – cutting out the noise from all those extra requests that get in the way during analysis.</p><p>Get it here:<br>Firefox: <a href="https://addons.mozilla.org/firefox/addon/saml-tracer/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">addons.mozilla.org/firefox/add</span><span class="invisible">on/saml-tracer/</span></a><br>Chrome: <a href="https://chromewebstore.google.com/detail/saml-tracer/mpdajninpobndbfcldcmbpnnbhibjmch" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">chromewebstore.google.com/deta</span><span class="invisible">il/saml-tracer/mpdajninpobndbfcldcmbpnnbhibjmch</span></a></p><p><a href="https://mastodon.social/tags/saml" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>saml</span></a> <a href="https://mastodon.social/tags/samltracer" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>samltracer</span></a> <a href="https://mastodon.social/tags/sso" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>sso</span></a> <a href="https://mastodon.social/tags/singlesignon" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>singlesignon</span></a></p>
postmodern<p>Anyone at <span class="h-card" translate="no"><a href="https://infosec.exchange/@github" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>github</span></a></span>'s GHSA team care to look into this PR that got closed? I believe I've found an <a href="https://rubygems.org/gems/omniauth-saml" rel="nofollow noopener" target="_blank">omniauth-saml</a> advisory that simply references three other GHSA advisories that affect one of it's dependencies, <a href="https://rubygems.org/gems/ruby-saml" rel="nofollow noopener" target="_blank">ruby-saml</a>. I see no evidence why a separate advisory needs to exist for omniauth-saml, when the security issues exist in ruby-saml, and can easily be upgraded independently of omniauth-saml (ex: <code>gem upgrade ruby-saml</code> / <code>bundle update ruby-saml</code>). This seems like a maintainer created yet another advisory simply to notify their users about other advisories affecting their dependencies, which seems like overkill and creates duplicate security advisory data. I think this GHSA advisory should be withdrawn/removed.<br><a href="https://github.com/github/advisory-database/pull/5625" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">github.com/github/advisory-dat</span><span class="invisible">abase/pull/5625</span></a></p><p><a href="https://infosec.exchange/tags/ghsa" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ghsa</span></a> <a href="https://infosec.exchange/tags/omniauth" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>omniauth</span></a> <a href="https://infosec.exchange/tags/saml" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>saml</span></a></p>
Matthew Slowe<p>I've submitted my slides for my <a href="https://infosec.exchange/tags/LightningTalk" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>LightningTalk</span></a> at <a href="https://infosec.exchange/tags/TNC25" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>TNC25</span></a></p><blockquote><p>Don't believe everything you read in a <a href="https://infosec.exchange/tags/SAML" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>SAML</span></a> assertion</p></blockquote><p>Quite excited for it now 😎</p>
jakob 🇦🇹 ✅<p>Kennt sich jemand mit <a href="https://soc.schuerz.at/search?tag=SAML" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>SAML</span></a> aus?</p><p>Ich hab das Problem, dass ich mich in <a href="https://soc.schuerz.at/search?tag=Friendica" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Friendica</span></a> mittels SAML auf keycloak authentifiziere.<br>Und ich muss mich oft bei jedem Blick auf die Webapp anmelden... 10, 15x am Tag.<br>Das nervt.</p><p>Mein Browser ist <a href="https://soc.schuerz.at/search?tag=Vanadium" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Vanadium</span></a> auf <a href="https://soc.schuerz.at/search?tag=GrapheneOS" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>GrapheneOS</span></a></p><p>Verwirft Vanadium das Saml-Ticket?<br>Muss ich in den Client-Settings auf Keycloak drehen?<br>Ist das normal bei Saml?</p><p>Die OIDC-Logins vom selben keycloak-Server (Peertube, Nextcloud, Mobilizon) bleiben über Wochen und Monate aufrecht...</p>
Pyrzout :vm:<p>Implementing a SCIM API for Your Application: A Comprehensive Guide – Source: securityboulevard.com <a href="https://ciso2ciso.com/implementing-a-scim-api-for-your-application-a-comprehensive-guide-source-securityboulevard-com/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">ciso2ciso.com/implementing-a-s</span><span class="invisible">cim-api-for-your-application-a-comprehensive-guide-source-securityboulevard-com/</span></a> <a href="https://social.skynetcloud.site/tags/rssfeedpostgeneratorecho" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>rssfeedpostgeneratorecho</span></a> <a href="https://social.skynetcloud.site/tags/SecurityBloggersNetwork" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>SecurityBloggersNetwork</span></a> <a href="https://social.skynetcloud.site/tags/CyberSecurityNews" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CyberSecurityNews</span></a> <a href="https://social.skynetcloud.site/tags/SecurityBoulevard" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>SecurityBoulevard</span></a> <a href="https://social.skynetcloud.site/tags/enterpriseready" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>enterpriseready</span></a> <a href="https://social.skynetcloud.site/tags/Identity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Identity</span></a>&amp;Access <a href="https://social.skynetcloud.site/tags/authentication" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>authentication</span></a> <a href="https://social.skynetcloud.site/tags/EnterpriseSSO" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>EnterpriseSSO</span></a> <a href="https://social.skynetcloud.site/tags/singlesignon" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>singlesignon</span></a> <a href="https://social.skynetcloud.site/tags/enterprise" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>enterprise</span></a> <a href="https://social.skynetcloud.site/tags/B2BSaaS" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>B2BSaaS</span></a> <a href="https://social.skynetcloud.site/tags/SAML" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>SAML</span></a> <a href="https://social.skynetcloud.site/tags/SCIM" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>SCIM</span></a> <a href="https://social.skynetcloud.site/tags/b2b" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>b2b</span></a> <a href="https://social.skynetcloud.site/tags/SSO" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>SSO</span></a></p>
Hydrian<p><span class="h-card" translate="no"><a href="https://hachyderm.io/@train" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>train</span></a></span> authentication matters, especially with a nosey trying to be computer savvy tween. I'm not locked into OIDC though. I am very familiar with <a href="https://twit.social/tags/ldap" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ldap</span></a> , <a href="https://twit.social/tags/radius" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>radius</span></a>, <a href="https://twit.social/tags/saml" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>saml</span></a>, transparent http proxy auth. I usually feel OIDC is a niceity. I hate when <a href="https://twit.social/tags/homelab" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>homelab</span></a> apps only have local authentication. I have craploads of apps 7 immediate family members possibly using that app. Your app isn't special and you don't get to have a special exception for me to death with passwords that aren't centrally located.</p>
Mark Stosberg<p>I became a maintainer of a popular <a href="https://urbanists.social/tags/SAML" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>SAML</span></a> library for Node.js, "node-saml", which in turn uses "xml-crypto", which in turn is based on XML signatures.</p><p>If you are still using SAML for <a href="https://urbanists.social/tags/SSO" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>SSO</span></a>, be aware there has been string of SAML vulnerabilities related to the fundamentals of how it works and there are likely to be more. You are advised to OIDC instead.</p><p>In this thread, I'll discuss some of weaknesses in SAML that have come up repeatedly. 🧵 </p><p><a href="https://urbanists.social/tags/infosec" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>infosec</span></a> <a href="https://urbanists.social/tags/security" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>security</span></a> <a href="https://urbanists.social/tags/coding" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>coding</span></a> <a href="https://urbanists.social/tags/programming" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>programming</span></a></p>
Max Maass :donor:<p>Long shot, but: As my project for <a href="https://infosec.exchange/tags/eh22" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>eh22</span></a> I was thinking about extending our <a href="https://infosec.exchange/tags/Keycloak" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Keycloak</span></a> configuration auditor with some checks for <a href="https://infosec.exchange/tags/SAML" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>SAML</span></a>-based authentication. However, I know next to nothing about SAML and am a bit lost, to be honest. If anyone is at <a href="https://infosec.exchange/tags/eh22" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>eh22</span></a> who has some knowledge about SAML security and common misconfigurations (on the server or client side), and wants to collaborate to create some checks for <a href="https://infosec.exchange/tags/kcwarden" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>kcwarden</span></a> (<a href="https://github.com/iteratec/kcwarden" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="">github.com/iteratec/kcwarden</span><span class="invisible"></span></a>), hit me up.</p>
Nate Allen<p>I'm sure there is a simple, totally obvious reason (no trusted central authority problem?) but it seems kind of strange to me that the <a href="https://pdx.social/tags/Fediverse" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Fediverse</span></a> doesn't allow me to truly use a single login across services via some kind of <a href="https://pdx.social/tags/FIDO" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>FIDO</span></a> compliant magic, considering that almost everyone is an <a href="https://pdx.social/tags/infosec" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>infosec</span></a> person and/or developer. Admittedly, I haven't thought about this too deeply. Also, where's passkey support? <a href="https://pdx.social/tags/saml" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>saml</span></a> <a href="https://pdx.social/tags/sso" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>sso</span></a></p>
LemonLDAP::NG<p>🍋 LemonLDAP::NG 2.21 is out!</p><p>📃 This new release includes improvements on OpenID Connect and CAS protocols, Loki logger, public notifications and much more.</p><p>🔗 Read our release notes: <a href="https://projects.ow2.org/view/lemonldap-ng/lemonldap-ng-2-21-0-is-out/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">projects.ow2.org/view/lemonlda</span><span class="invisible">p-ng/lemonldap-ng-2-21-0-is-out/</span></a></p><p><span class="h-card" translate="no"><a href="https://fosstodon.org/@ow2" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>ow2</span></a></span> @worteks_com</p><p><a href="https://fosstodon.org/tags/IAM" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>IAM</span></a> <a href="https://fosstodon.org/tags/SSO" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>SSO</span></a> <a href="https://fosstodon.org/tags/CAS" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CAS</span></a> <a href="https://fosstodon.org/tags/SAML" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>SAML</span></a> <a href="https://fosstodon.org/tags/OpenIDConnect" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>OpenIDConnect</span></a> <a href="https://fosstodon.org/tags/OW2" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>OW2</span></a> <a href="https://fosstodon.org/tags/lemonldap" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>lemonldap</span></a> <a href="https://fosstodon.org/tags/lemonldapng" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>lemonldapng</span></a> <a href="https://fosstodon.org/tags/Passkeys" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Passkeys</span></a> <a href="https://fosstodon.org/tags/Passwordless" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Passwordless</span></a> <a href="https://fosstodon.org/tags/WebAuthn" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>WebAuthn</span></a> <a href="https://fosstodon.org/tags/FIDO2" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>FIDO2</span></a> <a href="https://fosstodon.org/tags/Loki" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Loki</span></a> <a href="https://fosstodon.org/tags/WebSSO" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>WebSSO</span></a> <a href="https://fosstodon.org/tags/OpenSource" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>OpenSource</span></a> <a href="https://fosstodon.org/tags/FreeSoftware" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>FreeSoftware</span></a> <a href="https://fosstodon.org/tags/LogicielLibre" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>LogicielLibre</span></a> <a href="https://fosstodon.org/tags/Perl" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Perl</span></a></p>
Silke Meyer<p>Learnings am Wegesrand: Für die Signierung und Verschlüsselung von <a href="https://univention.social/tags/SAML" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>SAML</span></a>-Metadaten nutzt man wegen der häufigen Rotationen und fehlender Automatisierungsmöglichkeit bei Kommunikationspartnern ja meist keine Letsencrypt-Zertifikate. Gestern dachte ich, ach für diesen kurzen Test geht’s mal. Und dann habe ich lange nach dem Fehler gesucht und gemerkt, dass Letsencrypt inzwischen EC-Schlüssel statt RSA generiert,mit denen der <a href="https://univention.social/tags/Shibboleth" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Shibboleth</span></a> SP nicht signieren kann. <a href="https://univention.social/tags/til" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>til</span></a> <a href="https://univention.social/tags/sso" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>sso</span></a> <a href="https://univention.social/tags/singlesignon" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>singlesignon</span></a></p>
Chris Wysopal<p>These SAMLStorm vulnerabilities have been public for a couple weeks now. Anyone seeing exploitation in the wild? How’s patching going across vendors and infra? <a href="https://infosec.exchange/tags/infosec" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>infosec</span></a> <a href="https://infosec.exchange/tags/SAML" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>SAML</span></a> <a href="https://infosec.exchange/tags/NodeJS" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>NodeJS</span></a> <a href="https://infosec.exchange/tags/AppSec" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>AppSec</span></a></p>