AzureCerulean<p>### <a href="https://4bear.com/tags/Cloudflare" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Cloudflare</span></a> open sources <a href="https://4bear.com/tags/OPKSSH" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>OPKSSH</span></a> to bring Single Sign-On <a href="https://4bear.com/tags/SSO" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>SSO</span></a> to <a href="https://4bear.com/tags/SSH" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>SSH</span></a></p><p>This week, it was officially open-sourced under the umbrella of the <a href="https://4bear.com/tags/OpenPubkey" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>OpenPubkey</span></a> project, itself became a <a href="https://4bear.com/tags/Linux" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Linux</span></a> Foundation open-source initiative in 2023, OPKSSH remained closed-source until now. Making it easy to <a href="https://4bear.com/tags/authenticate" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>authenticate</span></a> to <a href="https://4bear.com/tags/servers" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>servers</span></a> over SSH using <a href="https://4bear.com/tags/OpenID" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>OpenID</span></a> Connect (<a href="https://4bear.com/tags/OIDC" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>OIDC</span></a>), allowing developers to ditch manually configured SSH keys in favor of identity provider-based access.</p><p><a href="https://www.helpnetsecurity.com/2025/03/28/opkssh-sso-ssh/" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">helpnetsecurity.com/2025/03/28</span><span class="invisible">/opkssh-sso-ssh/</span></a></p>
Recent searches
No recent searches
Search options
Only available when logged in.
mstdn.social is one of the many independent Mastodon servers you can use to participate in the fediverse.
A general-purpose Mastodon server with a 500 character limit. All languages are welcome.
Administered by:
Server stats:
16Kactive users
mstdn.social: About · Status · Profiles directory · Privacy policy
Mastodon: About · Get the app · Keyboard shortcuts · View source code · v4.3.4
#oidc
9 posts · 9 participants · 0 posts today
Seth Grover<p><u>This has been a busy month for Malcolm! I pushed hard to get <a href="https://github.com/cisagov/Malcolm/releases/tag/v25.03.0" rel="nofollow noopener noreferrer" target="_blank">v25.03.0</a> out earlier this month, as it contained pretty much just the Keycloak integration one of our partners (and major funding sources) was waiting for. Rather than wait until April for the other stuff that would have gone into the regular end-of-the-month release, I decided to pull those items into this smaller release just a week and a half after the last one.</u></p><p><a href="https://github.com/cisagov/Malcolm/releases/tag/v25.03.0" rel="nofollow noopener noreferrer" target="_blank">Malcolm v25.03.1</a> contains a few enhancements, bug fixes, and several component version updates, including one that addresses a CVE that may affect Hedgehog Linux Kiosk mode and Malcolm's API container.</p><p><strong>NOTE:</strong> If you have not already upgraded to v25.03.0, read the notes for <a href="https://github.com/cisagov/Malcolm/releases/tag/v25.02.0" rel="nofollow noopener noreferrer" target="_blank">v25.02.0</a> and <a href="https://github.com/cisagov/Malcolm/releases/tag/v25.03.0" rel="nofollow noopener noreferrer" target="_blank">v25.03.0</a> and follow the <strong>Read Before Upgrading</strong> instructions on those releases.</p><p><a href="https://github.com/cisagov/Malcolm/compare/v25.03.0...v25.03.1" rel="nofollow noopener noreferrer" target="_blank">Changes in this release</a></p><ul><li>✨ Features and enhancements<ul><li>Incorporate new S7comm device identification log, <code>s7comm_known_devices.log</code> (<a href="https://github.com/cisagov/malcolm/issues/622" rel="nofollow noopener noreferrer" target="_blank">#622</a>)</li><li>Display current PCAP, Zeek, and Suricata capture results in Hedgehog Linux <a href="https://malcolm.fyi/docs/hedgehog-boot.html#HedgehogKioskMode" rel="nofollow noopener noreferrer" target="_blank">Kiosk mode</a> (<a href="https://github.com/cisagov/malcolm/issues/566" rel="nofollow noopener noreferrer" target="_blank">#566</a>)</li><li>Keycloak authentication: configurable group or role membership restrictions for login (<a href="https://github.com/cisagov/malcolm/issues/633" rel="nofollow noopener noreferrer" target="_blank">#633</a>) (see <a href="https://malcolm.fyi/docs/authsetup.html#AuthKeycloakGroupsAndRoles" rel="nofollow noopener noreferrer" target="_blank"><strong>Requiring user groups and realm roles</strong></a>)</li><li>Mark newly-discovered and uninventoried devices in logs during NetBox enrichment (<a href="https://github.com/cisagov/malcolm/issues/573" rel="nofollow noopener noreferrer" target="_blank">#573</a>)</li><li>Added "Apply recommended system tweaks automatically without asking for confirmation?" question to <code>install.py</code> to allow the user to accept changes to <code>sysctl.conf</code>, grub kernel parameters, etc., without having to answer "yes" to each one.</li></ul></li><li>✅ Component version updates<ul><li>Arkime to <a href="https://github.com/arkime/arkime/blob/8c014b0e4e5c9a4dca05780b172def120a50bf30/CHANGELOG#L37-L52" rel="nofollow noopener noreferrer" target="_blank">v5.6.2</a></li><li>evtx to <a href="https://github.com/omerbenamram/evtx/releases/tag/v0.9.0" rel="nofollow noopener noreferrer" target="_blank">v0.9.0</a></li><li>Fluent Bit to <a href="https://github.com/fluent/fluent-bit/releases/tag/v3.2.10" rel="nofollow noopener noreferrer" target="_blank">v3.2.10</a></li><li>gunicorn to <a href="https://github.com/benoitc/gunicorn/releases/tag/23.0.0" rel="nofollow noopener noreferrer" target="_blank">v23.0.0</a> to address <a href="https://github.com/advisories/GHSA-hc5x-x2vx-497g" rel="nofollow noopener noreferrer" target="_blank">CVE-2024-6827</a>, "Gunicorn HTTP Request/Response Smuggling vulnerability"</li><li>Zeek to <a href="https://github.com/zeek/zeek/releases/tag/v7.1.1" rel="nofollow noopener noreferrer" target="_blank">v7.1.1</a></li></ul></li><li>🐛 Bug fixes<ul><li>Fix <code>install.py</code> error when answering yes to "Pull Malcolm images?" with podman (<a href="https://github.com/cisagov/malcolm/issues/604" rel="nofollow noopener noreferrer" target="_blank">#604</a>)</li><li>Order of user-provided tags from PCAP upload interface not preserved (<a href="https://github.com/cisagov/malcolm/issues/624" rel="nofollow noopener noreferrer" target="_blank">#624</a>)</li></ul></li><li>📄 Configuration changes (in <a href="https://malcolm.fyi/docs/malcolm-config.html#MalcolmConfigEnvVars" rel="nofollow noopener noreferrer" target="_blank">environment variables</a> in <a href="https://github.com/cisagov/Malcolm/blob/main/config" rel="nofollow noopener noreferrer" target="_blank"><code>./config/</code></a>) for Malcolm and in <a href="https://github.com/cisagov/Malcolm/blob/main/hedgehog-iso/interface/sensor_ctl/control_vars.conf" rel="nofollow noopener noreferrer" target="_blank"><code>control_vars.conf</code></a> for Hedgehog Linux<ul><li>added <code>NGINX_REQUIRE_GROUP</code> and <code>NGINX_REQUIRE_ROLE</code> to <a href="https://github.com/cisagov/Malcolm/blob/main/config/auth-common.env.example" rel="nofollow noopener noreferrer" target="_blank"><code>auth-common.env</code></a> to support <a href="https://malcolm.fyi/docs/authsetup.html#AuthKeycloakGroupsAndRoles" rel="nofollow noopener noreferrer" target="_blank"><strong>Requiring user groups and realm roles</strong></a> for Keycloak authentication</li></ul></li><li>🧹 Code and project maintenance<ul><li>Ensure Malcolm's NetBox configuration Python scripts are baked into the image in addition to bind-mounting them in <code>docker-compose.yml</code> at runtime.</li></ul></li></ul><p><a href="https://malcolm.fyi/" rel="nofollow noopener noreferrer" target="_blank">Malcolm</a> is a powerful, easily deployable network 🖧 traffic analysis tool suite for network security monitoring 🕵🏻♀️.</p><p>Malcolm operates as a cluster of containers 📦, isolated sandboxes which each serve a dedicated function of the system. This makes Malcolm deployable with frameworks like Docker 🐋, <a href="https://malcolm.fyi/docs/quickstart.html#DockerVPodman" rel="nofollow noopener noreferrer" target="_blank">Podman</a> 🦭, and <a href="https://malcolm.fyi/docs/kubernetes.html#Kubernetes" rel="nofollow noopener noreferrer" target="_blank">Kubernetes</a> ⎈. Check out the <a href="https://malcolm.fyi/docs/quickstart.html" rel="nofollow noopener noreferrer" target="_blank">Quick Start</a> guide for examples on how to get up and running.</p><p>Alternatively, dedicated official <a href="https://malcolm.fyi/docs/malcolm-hedgehog-e2e-iso-install.html#InstallationExample" rel="nofollow noopener noreferrer" target="_blank">ISO installer images</a> 💿 for Malcolm and Hedgehog Linux 🦔 can be downloaded from Malcolm's <a href="https://github.com/cisagov/Malcolm/releases" rel="nofollow noopener noreferrer" target="_blank">releases page</a> on GitHub. Due to limits on individual files in GitHub releases, these ISO files have been split 🪓 into 2GB chunks and can be reassembled with scripts provided for both Bash 🐧 (<a href="https://github.com/cisagov/Malcolm/blob/main/scripts/release_cleaver.sh" rel="nofollow noopener noreferrer" target="_blank"><code>release_cleaver.sh</code></a>) and PowerShell 🪟 (<a href="https://github.com/cisagov/Malcolm/blob/main/scripts/release_cleaver.ps1" rel="nofollow noopener noreferrer" target="_blank"><code>release_cleaver.ps1</code></a>). See <a href="https://malcolm.fyi/docs/download.html#DownloadISOs" rel="nofollow noopener noreferrer" target="_blank"><strong>Downloading Malcolm - Installer ISOs</strong></a> for instructions.</p><p>As always, join us on the <a href="https://github.com/cisagov/Malcolm/discussions" rel="nofollow noopener noreferrer" target="_blank">Malcolm discussions board</a> 💬 to engage with the community, or pop some corn 🍿 and <a href="https://www.youtube.com/@malcolmnetworktrafficanalysis/playlists" rel="nofollow noopener noreferrer" target="_blank">watch a video</a> 📼.</p><p><a href="https://infosec.exchange/tags/Malcolm" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Malcolm</span></a> <a href="https://infosec.exchange/tags/HedgehogLinux" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>HedgehogLinux</span></a> <a href="https://infosec.exchange/tags/Zeek" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Zeek</span></a> <a href="https://infosec.exchange/tags/Arkime" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Arkime</span></a> <a href="https://infosec.exchange/tags/NetBox" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>NetBox</span></a> <a href="https://infosec.exchange/tags/OpenSearch" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>OpenSearch</span></a> <a href="https://infosec.exchange/tags/Elasticsearch" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Elasticsearch</span></a> <a href="https://infosec.exchange/tags/Suricata" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Suricata</span></a> <a href="https://infosec.exchange/tags/SSO" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>SSO</span></a> <a href="https://infosec.exchange/tags/OIDC" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>OIDC</span></a> <a href="https://infosec.exchange/tags/Keycloak" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Keycloak</span></a> <a href="https://infosec.exchange/tags/PCAP" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>PCAP</span></a> <a href="https://infosec.exchange/tags/NetworkTrafficAnalysis" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>NetworkTrafficAnalysis</span></a> <a href="https://infosec.exchange/tags/networksecuritymonitoring" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>networksecuritymonitoring</span></a> <a href="https://infosec.exchange/tags/OT" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>OT</span></a> <a href="https://infosec.exchange/tags/ICS" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>ICS</span></a> <a href="https://infosec.exchange/tags/icssecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>icssecurity</span></a> <a href="https://infosec.exchange/tags/CyberSecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>CyberSecurity</span></a> <a href="https://infosec.exchange/tags/Cyber" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Cyber</span></a> <a href="https://infosec.exchange/tags/Infosec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Infosec</span></a> <a href="https://infosec.exchange/tags/INL" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>INL</span></a> <a href="https://infosec.exchange/tags/DHS" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>DHS</span></a> <a href="https://infosec.exchange/tags/CISA" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>CISA</span></a> <a href="https://infosec.exchange/tags/CISAgov" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>CISAgov</span></a></p>
st1nger :unverified: 🏴☠️ :linux: :freebsd:<p><a href="https://infosec.exchange/tags/Cloudflare" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Cloudflare</span></a> open-sourcing <a href="https://infosec.exchange/tags/OpenPubkey" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>OpenPubkey</span></a> <a href="https://infosec.exchange/tags/SSH" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>SSH</span></a> (OPKSSH): integrating single sign-on with SSH <a href="https://infosec.exchange/tags/OpenID" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>OpenID</span></a> <a href="https://infosec.exchange/tags/OIDC" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>OIDC</span></a> <a href="https://blog.cloudflare.com/open-sourcing-openpubkey-ssh-opkssh-integrating-single-sign-on-with-ssh/" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">blog.cloudflare.com/open-sourc</span><span class="invisible">ing-openpubkey-ssh-opkssh-integrating-single-sign-on-with-ssh/</span></a></p>
damienbod<p>Blogged: ASP.NET Core delegated Microsoft OBO access token management (Entra only)</p><p><a href="https://damienbod.com/2025/03/25/asp-net-core-delegated-microsoft-obo-access-token-management-entra-only/" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">damienbod.com/2025/03/25/asp-n</span><span class="invisible">et-core-delegated-microsoft-obo-access-token-management-entra-only/</span></a></p><p><a href="https://mastodon.social/tags/aspnetcore" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>aspnetcore</span></a> <a href="https://mastodon.social/tags/dotnet" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>dotnet</span></a> <a href="https://mastodon.social/tags/micrsoftidentity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>micrsoftidentity</span></a> <a href="https://mastodon.social/tags/entra" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>entra</span></a> <a href="https://mastodon.social/tags/entraid" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>entraid</span></a> <a href="https://mastodon.social/tags/openidconnect" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>openidconnect</span></a> <a href="https://mastodon.social/tags/oidc" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>oidc</span></a> <a href="https://mastodon.social/tags/oauth" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>oauth</span></a></p>
Alexander Schwartz<p>Arrived at <a href="https://fosstodon.org/tags/VoxxedDays" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>VoxxedDays</span></a> Zurich <a href="https://fosstodon.org/tags/vdz25" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>vdz25</span></a> to talk about <a href="https://fosstodon.org/tags/authentication" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>authentication</span></a>, <a href="https://fosstodon.org/tags/oidc" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>oidc</span></a> and <a href="https://fosstodon.org/tags/keycloak" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>keycloak</span></a>. Looking forward to see you at my talk at 15:55 in room 7!</p>
Jörn Franke<p>Check your programming frameworks. For example, this is currently only planned in the upcoming major Version of the Spring framework <a href="https://github.com/spring-projects/spring-security/issues/16391" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">github.com/spring-projects/spr</span><span class="invisible">ing-security/issues/16391</span></a></p><p>At least for the Rust crate openidconnect-rs this is included in the default example: <a href="https://docs.rs/openidconnect/latest/openidconnect/" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">docs.rs/openidconnect/latest/o</span><span class="invisible">penidconnect/</span></a></p><p><a href="https://mastodon.online/tags/oauth" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>oauth</span></a> <a href="https://mastodon.online/tags/oauth2_1" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>oauth2_1</span></a> <a href="https://mastodon.online/tags/spring" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>spring</span></a> <a href="https://mastodon.online/tags/rust" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>rust</span></a> <a href="https://mastodon.online/tags/oidc" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>oidc</span></a> <a href="https://mastodon.online/tags/pkce" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>pkce</span></a></p>
Neal Gompa (ニール・ゴンパ) :fedora:<p>I wish OpenID Connect (<a href="https://fosstodon.org/tags/OIDC" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>OIDC</span></a>) didn't have the OpenID name in it. It doesn't function like <a href="https://fosstodon.org/tags/OpenID" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>OpenID</span></a> at all. 😦</p>
Lucas Janin 🇨🇦🇫🇷<p>Proxmox + Pocket-ID + Bitwarden + Passkey = ❤️ <br>I love this seamless login experience! The future is passwordless authentication. Pocket-ID only supports passkey authentication, so you don't need a password.</p><p><a href="https://pocket-id.org" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="">pocket-id.org</span><span class="invisible"></span></a></p><p><a href="https://mastodon.social/tags/OIDC" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>OIDC</span></a> <a href="https://mastodon.social/tags/PocketID" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>PocketID</span></a> <a href="https://mastodon.social/tags/Bitwarden" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Bitwarden</span></a> <a href="https://mastodon.social/tags/Vaultwarden" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Vaultwarden</span></a> <a href="https://mastodon.social/tags/passkey" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>passkey</span></a> <a href="https://mastodon.social/tags/Proxmox" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Proxmox</span></a> <a href="https://mastodon.social/tags/selfhosted" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>selfhosted</span></a> <a href="https://mastodon.social/tags/selfhosting" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>selfhosting</span></a> <a href="https://mastodon.social/tags/homelab" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>homelab</span></a> <a href="https://mastodon.social/tags/security" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>security</span></a> <a href="https://mastodon.social/tags/authentication" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>authentication</span></a></p>
Meysam<p>Cloud-Native Secret Management: OIDC in K8s Explained</p><p><a href="https://developer-friendly.blog/blog/2025/03/24/cloud-native-secret-management-oidc-in-k8s-explained/" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">developer-friendly.blog/blog/2</span><span class="invisible">025/03/24/cloud-native-secret-management-oidc-in-k8s-explained/</span></a></p><p><a href="https://mastodon.social/tags/sre" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>sre</span></a><br><a href="https://mastodon.social/tags/kubernetes" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>kubernetes</span></a><br><a href="https://mastodon.social/tags/openidconnect" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>openidconnect</span></a><br><a href="https://mastodon.social/tags/oidc" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>oidc</span></a><br><a href="https://mastodon.social/tags/security" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>security</span></a></p>
Michael H<p>Hi <span class="h-card" translate="no"><a href="https://theatl.social/@ssatagop" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>ssatagop</span></a></span> !</p><p>Great question. First, you should be able to log into <a href="https://members.theatl.social" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="">members.theatl.social</span><span class="invisible"></span></a> with your theATL.social mastodon creds. If you can't, please send me a DM so we can sort that out.</p><p>Regarding unified login - that would be <a href="https://theatl.social/tags/OIDC" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>OIDC</span></a> (<a href="https://en.wikipedia.org/wiki/OpenID" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="">en.wikipedia.org/wiki/OpenID</span><span class="invisible"></span></a>) support. Mastodon does support it, and looks like <a href="https://theatl.social/tags/Lemmy" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Lemmy</span></a> too. And, I could support OIDC on the members site too. (And <a href="https://theatl.social/tags/bluesky" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>bluesky</span></a> seems to be moving in the direction of OIDC too.)</p><p>The vision is to also have deeper integration between the various services too.</p><p>As with most things, it comes down to time and money as I'd need to either purchase the SaaS services of an OIDC provider - or, to set up a OIDC server myself (probably using Keycloak.)</p><p>With some more financial contributions, an OIDC server could be feasible, but that's yet possible in the moment.</p><p>I am, however, optimistic that folks will find value with the members site, and will be eager join/continue their contributions, to make that possible. (And I have some additional benefits/features in the pipeline for the members site too.)</p>
Markus Eisele<p>Sender-constraining access tokens with Quarkus OIDC <br><a href="https://quarkus.io/blog/sender-constraining-tokens/" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">quarkus.io/blog/sender-constra</span><span class="invisible">ining-tokens/</span></a><br><a href="https://mastodon.online/tags/Java" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Java</span></a> <a href="https://mastodon.online/tags/Quarkus" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Quarkus</span></a> <a href="https://mastodon.online/tags/OIDC" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>OIDC</span></a> <a href="https://mastodon.online/tags/Security" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Security</span></a></p>
Seth Grover<p><a href="https://github.com/cisagov/Malcolm/releases/tag/v25.03.0" rel="nofollow noopener noreferrer" target="_blank">Malcolm v25.03.0</a> adds 🔐 <a href="https://malcolm.fyi/docs/authsetup.html#AuthKeycloak" rel="nofollow noopener noreferrer" target="_blank">authentication via Keycloak</a> and all that entails: single sign-on (SSO), identity providers, federation of LDAP/Kerberos servers, and more! Malcolm can connect to an <a href="https://malcolm.fyi/docs/authsetup.html#AuthKeycloakRemote" rel="nofollow noopener noreferrer" target="_blank">existing Keycloak server</a> or it can use its own <a href="https://malcolm.fyi/docs/authsetup.html#AuthKeycloakEmbedded" rel="nofollow noopener noreferrer" target="_blank">embedded Keycloak instance</a>. This release also includes a few component version updates.</p><p>Please read the <a href="https://github.com/cisagov/Malcolm/releases" rel="nofollow noopener noreferrer" target="_blank">release notes</a> from this release <strong>and</strong> from v25.02.0 for some things to check prior to updating.</p><p><a href="https://malcolm.fyi/" rel="nofollow noopener noreferrer" target="_blank">Malcolm</a> is a powerful, easily deployable network 🖧 traffic analysis tool suite for network security monitoring 🕵🏻♀️. Check out the <a href="https://malcolm.fyi/docs/quickstart.html" rel="nofollow noopener noreferrer" target="_blank">Quick Start</a> guide for examples on how to get up and running.</p><p>As always, join us on the <a href="https://github.com/cisagov/Malcolm/discussions" rel="nofollow noopener noreferrer" target="_blank">Malcolm discussions board</a> 💬 to engage with the community, or pop some corn 🍿 and <a href="https://www.youtube.com/@malcolmnetworktrafficanalysis/playlists" rel="nofollow noopener noreferrer" target="_blank">watch a video</a> 📼.</p><p><a href="https://infosec.exchange/tags/Malcolm" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Malcolm</span></a> <a href="https://infosec.exchange/tags/HedgehogLinux" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>HedgehogLinux</span></a> <a href="https://infosec.exchange/tags/Zeek" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Zeek</span></a> <a href="https://infosec.exchange/tags/Arkime" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Arkime</span></a> <a href="https://infosec.exchange/tags/NetBox" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>NetBox</span></a> <a href="https://infosec.exchange/tags/OpenSearch" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>OpenSearch</span></a> <a href="https://infosec.exchange/tags/Elasticsearch" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Elasticsearch</span></a> <a href="https://infosec.exchange/tags/Suricata" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Suricata</span></a> <a href="https://infosec.exchange/tags/SSO" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>SSO</span></a> <a href="https://infosec.exchange/tags/OIDC" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>OIDC</span></a> <a href="https://infosec.exchange/tags/Keycloak" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Keycloak</span></a> <a href="https://infosec.exchange/tags/PCAP" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>PCAP</span></a> <a href="https://infosec.exchange/tags/NetworkTrafficAnalysis" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>NetworkTrafficAnalysis</span></a> <a href="https://infosec.exchange/tags/networksecuritymonitoring" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>networksecuritymonitoring</span></a> <a href="https://infosec.exchange/tags/OT" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>OT</span></a> <a href="https://infosec.exchange/tags/ICS" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>ICS</span></a> <a href="https://infosec.exchange/tags/icssecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>icssecurity</span></a> <a href="https://infosec.exchange/tags/CyberSecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>CyberSecurity</span></a> <a href="https://infosec.exchange/tags/Cyber" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Cyber</span></a> <a href="https://infosec.exchange/tags/Infosec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Infosec</span></a> <a href="https://infosec.exchange/tags/INL" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>INL</span></a> <a href="https://infosec.exchange/tags/DHS" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>DHS</span></a> <a href="https://infosec.exchange/tags/CISA" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>CISA</span></a> <a href="https://infosec.exchange/tags/CISAgov" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>CISAgov</span></a></p>
Alejandro Baez<p>I been a fan of <a href="https://fosstodon.org/tags/passkey" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>passkey</span></a> for a while. But getting all things to it has been a game of either I implement or good luck. 🫠</p><p>Enter <a href="https://fosstodon.org/tags/pocketid" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>pocketid</span></a>. <a href="https://fosstodon.org/tags/OIDC" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>OIDC</span></a> using passkey all the way. Definitely have a few local things to convert now to it. 😎</p><p><a href="https://github.com/pocket-id/pocket-id" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="">github.com/pocket-id/pocket-id</span><span class="invisible"></span></a></p>
Example web application with Rust using Rocket and as a frontend SvelteKit. Authentication/Authorization is done via OIDC:
Codeberg.orgrust-rocket-svelte-exampleA modern Rust rocket web application with Svelte as a frontend
We are getting ready for KubeCon London! Meet Takashi Norimatsu, Ryan Emerson, Martin Bartoš and other community members in April to share the latest about #Keycloak, #OIDC and #Observability.
https://www.keycloak.org/2025/03/keycloak-kubecon25-eu-announce
KeycloakMeet Keycloak at KubeCon EU, London in April 2025We will be hosting a Kiosk in the Project Pavilion, as well as presenting a talk about Evolving OpenID Connect and Keycloak Observability. We are eager to meet Keycloak enthusiasts, users and newcomers alike.
How to configure #Matrix #Synapse on #FreeBSD with #OIDC via Microsoft Azure AD / Entra.
https://gyptazy.com/howto-matrix-synapse-server-on-freebsd-with-sso-via-microsoft-azure-ad-by-oidc/
Ich glaube, ich kann mittlerweile nicht mehr guten Gewissens zu Webdiensten raten, die kein OpenID Connect unterstützen.
Ich bin ein Freund spezialisierter Software: Mach ein Ding, mach es ordentlich, sei interoperabel. Mängel einer Software können dann durch Stärken einer anderen ausgeglichen werden. Aber wenn ein bunter Strauß verschiedener Webdienste im Einsatz sind, möchte man sich so einfach wie möglich anmelden, was derzeit wohl noch immer Social Logins auf Basis von OAuth 2 oder OpenID Connect sind.
Mein #Mattermost hat deswegen enorm an Reiz für mich verloren, weil es nur Anmeldung via Gitlab erlaubt. #Vernissage oder #Pixelfed sind für mich uninteressant, solange ich dort kein #OIDC konfigurieren kann.
Und ja, für mich gilt das aus Benutzersicht wie auch aus Perspektive des Admins, der die Dienste selbst betreibt.
Although there are a couple more days in the month, today is a wrap for me on #Fedibruary .
To round out the month I installed #GoToSocial (#mastodon alternative #ActivityPub service) in a test environment and played around.
I'm pretty happy with it! the install was simple (barring a confusing error message or two), #pachli worked with it (once I changed from port 8080 to 443) and it has a nice little admin portal to manage the deployments website.
There are a bunch of settings related to #SMTP and #OIDC which make it attractive as a medium term deployment project when I want to run my own server for reals.
arc) I'm confused how a static site can do OIDC.
Isn't there supposed to be a client/application ID-secret pair that are used to exchange the auth token for the actual access token that /does/ stuff?
How do you store that secret when it's all static files and client-side JS calls?
Secure Grafana Authentication with Zitadel OIDC
I recently integrated Zitadel as an OIDC provider for Grafana and i wanted do document what i did. Since there isn’t much documentation on this, I wrote a step-by-step guide. ^^
https://schoenwald.aero/posts/2025-02-12_integrating_zitadel_as_an_oidc_provider_in_grafana/
Spotted an issue or have suggestions? I'm happy to extend and improve this article based on your feedback!
Also, this isn’t an ad — unless my enthusiasm and advocacy for cool stuff count as advertising. 
#Grafana #Zitadel #OIDC #Authentication
schoenwald.aeroIntegrating Zitadel as an OIDC Provider in Grafana | 0hlov3s Blog
ExploreLive feeds
Mastodon is the best way to keep up with what's happening.
Follow anyone across the fediverse and see it all in chronological order. No algorithms, ads, or clickbait in sight.
Create accountLoginDrag & drop to upload