digitalcourage.social is one of the many independent Mastodon servers you can use to participate in the fediverse.
Diese Instanz wird betrieben von Digitalcourage e.V. für die Allgemeinheit. Damit wir das nachhaltig tun können, erheben wir einen jährlichen Vorausbeitrag von 1€/Monat per SEPA-Lastschrifteinzug.

Server stats:

820
active users

#authentik

0 posts0 participants0 posts today
Paco Hope #resist<p>So I was messing with <a href="https://infosec.exchange/tags/drupal" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>drupal</span></a> in the <a href="https://infosec.exchange/tags/homelab" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>homelab</span></a> and I wanted to turn on <a href="https://infosec.exchange/tags/SSO" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>SSO</span></a> with <a href="https://infosec.exchange/tags/authentik" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>authentik</span></a>.</p><p>Somehow I didn’t find the official drupal OIDC module, I found this other one. I installed it, got it configured, and the first time I tried to login, it said “whoops, you have to purchase this module to use it.” Fine. I like supporting software, what does it cost?</p><p>$250/year!? To LOG IN? F that. </p><p>One of its key selling points is how easy it is to configure. If I was configuring it often, maybe I could see that. But OIDC and SAML are the kinds of things you set up once per lifetime. Make it as hard as you want (many apps do!) I only have to get through it once.</p><p>I mean $10? Even as much as maybe $50 I might have paid once. But I refuse to pay annually for the ability to login. <br><a href="https://infosec.exchange/tags/selfhosted" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>selfhosted</span></a></p>
Chad :vbike:<p>Anyone else out there running authentik in their home network? I’m starting to roll it out on my public-facing apps, but I’m nervous about adding another layer to the cake.</p><p><a href="https://vault37.xyz/tags/authentik" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>authentik</span></a> <a href="https://vault37.xyz/tags/HomeLab" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>HomeLab</span></a> <a href="https://vault37.xyz/tags/selfhosting" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>selfhosting</span></a> <a href="https://vault37.xyz/tags/selfhosted" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>selfhosted</span></a> <a href="https://vault37.xyz/tags/selfhost" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>selfhost</span></a></p>
viq<p>Running <a href="https://social.hackerspace.pl/tags/Authentik" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Authentik</span></a> with `latest` tag was convenient for <a href="https://social.hackerspace.pl/tags/homelab" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>homelab</span></a>, but they're moving away from making it possible (edit: from having :latest tag available, nothing else changes). What are the alternatives? Is there maybe something like "<a href="https://social.hackerspace.pl/tags/dependabot" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>dependabot</span></a> but for <a href="https://social.hackerspace.pl/tags/kubernetes" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>kubernetes</span></a> images"? (I'm currently running on <a href="https://social.hackerspace.pl/tags/podman" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>podman</span></a> on nixos, but I'm considering finally playing with <a href="https://social.hackerspace.pl/tags/k8s" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>k8s</span></a>, and regardless, this should be able to make it so I have proper image on nixos as well, I think)</p>
The Uberduck<p>I'm looking at setting up a bunch of self hosted services to replace our (self, family, friends) dependence on corporate cloud stuff. Email (custom, since none of the Just Add Server offerings do everything I need for free), shared drive (likely nextcloud, ugh), docs (likely collabora), jitsi for video, discourse for group forums, and so on. </p><p>I'd like to make all of this SSO, to the extent that it reasonably can be. </p><p>I'm probably going to use FreeIPA as the identity source of truth, but I'm finding that there are enough new things I need to learn about centralized authentication that I'm having a hard time finding a starting point that doesn't require a bunch of other context. So I'm asking for help. </p><p>Does anyone know of a good guide to these sorts of concepts, preferably available online? I'm familiar with most of the other Linux sysadmin concepts and have plenty of hardware and bandwidth at my disposal.</p><p>If you don't have an answer but have followers who might, boosts would be appreciated.</p><p><a href="https://hachyderm.io/tags/selfhosted" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>selfhosted</span></a> <a href="https://hachyderm.io/tags/selfhosting" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>selfhosting</span></a> <a href="https://hachyderm.io/tags/SelfHostedApps" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>SelfHostedApps</span></a> <a href="https://hachyderm.io/tags/freeipa" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>freeipa</span></a> <a href="https://hachyderm.io/tags/ldap" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>ldap</span></a> <a href="https://hachyderm.io/tags/authentication" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>authentication</span></a> <a href="https://hachyderm.io/tags/keycloak" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>keycloak</span></a> <a href="https://hachyderm.io/tags/authentik" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>authentik</span></a> <a href="https://hachyderm.io/tags/authelia" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>authelia</span></a> <a href="https://hachyderm.io/tags/kerberos" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>kerberos</span></a> <a href="https://hachyderm.io/tags/sysadmin" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>sysadmin</span></a> <a href="https://hachyderm.io/tags/linux" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>linux</span></a></p>
cos<p>Anyone good with Authentik? We are providing Matrix, Mastodon and Mobilizon for Finnish users and using Authentik for SSO. </p><p>Problem is that when users verify their e-mail using the link, it sends them to login page. When they try to login, they see this error and think account creation failed. Is there some way to display a custom page after e-mail has been verified?</p><p><a href="https://fosstodon.org/tags/authentik" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>authentik</span></a> <a href="https://fosstodon.org/tags/sso" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>sso</span></a></p>
Paco Hope #resist<p>For about 30 years I have <a href="https://infosec.exchange/tags/selfhosted" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>selfhosted</span></a> my <a href="https://infosec.exchange/tags/email" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>email</span></a>. Just family and friends on there. About 7-8 people. About 6 months ago I converted the <a href="https://infosec.exchange/tags/homelab" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>homelab</span></a> to using <a href="https://infosec.exchange/tags/authentik" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>authentik</span></a> for single sign on. For the first time in those 30 years, my users can change their own passwords and recover them if they lose them. 🤷‍♂️</p><p>Interestingly, the “I forgot my password” workflow is not built and turned on by default in authentik. It’s easy to add and the steps are clear, but you have to turn that on.</p>
4F6C69766572 :europe:<p><span class="h-card" translate="no"><a href="https://social.tchncs.de/@teufelswerk" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>teufelswerk</span></a></span> Eine gute Ergänzug zum Thema <a href="https://social.pifferi.io/tags/SSO" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>SSO</span></a> ist auch <a href="https://social.pifferi.io/tags/authentik" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>authentik</span></a> - <a href="https://goauthentik.io" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="">goauthentik.io</span><span class="invisible"></span></a>!</p><p>Definitiv charmanter einzurichten als Keycloak und meiner Meinung nach nicht minder leistungsfähig! ☺️</p>
La Contre-Voie<p>À La Contre-Voie, ces deux dernières années, nous avons testé plus d’une dizaine d’outils d’authentification centralisée (<a href="https://toot.aquilenet.fr/tags/SSO" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>SSO</span></a>)… On vous livre les conclusions de nos recherches&nbsp;!<br><a href="https://lacontrevoie.fr/blog/2024/comparatif-de-onze-solutions-de-sso-libres/" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">lacontrevoie.fr/blog/2024/comp</span><span class="invisible">aratif-de-onze-solutions-de-sso-libres/</span></a></p><p>La semaine prochaine, nous vous présenterons notre troisième et dernier article sur la partie technique de notre association, avec un coup de projecteur sur nos «&nbsp;fermes à services&nbsp;»&nbsp;:)</p><p><a href="https://toot.aquilenet.fr/tags/authelia" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>authelia</span></a> <a href="https://toot.aquilenet.fr/tags/authentik" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>authentik</span></a> <a href="https://toot.aquilenet.fr/tags/keycloak" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>keycloak</span></a> <a href="https://toot.aquilenet.fr/tags/ory" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>ory</span></a> <a href="https://toot.aquilenet.fr/tags/canaille" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>canaille</span></a> <a href="https://toot.aquilenet.fr/tags/zitadel" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>zitadel</span></a></p>
Felix<p>It would be super helpful, if <a href="https://social.linux.pizza/tags/authentik" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>authentik</span></a> would keep their patch-updates free from breaking changes;<br>just updated from 2024.10.1 -&gt; 2024.10.4 and now the oauth-proxy-outpost is no longer working.<br>This makes people afraid of updates and we don't want people to not update their security-applications.</p><p><a href="https://social.linux.pizza/tags/linux" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>linux</span></a> <a href="https://social.linux.pizza/tags/security" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>security</span></a></p>
Paco Hope #resist<p>Spending a little time on my <a href="https://infosec.exchange/tags/selfhosted" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>selfhosted</span></a> <a href="https://infosec.exchange/tags/nextcloud" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>nextcloud</span></a> this morning. Want to switch over to SSO with <a href="https://infosec.exchange/tags/authentik" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>authentik</span></a>. But first, lemme check and see if it needs updating... Oh. I'm on Nextcloud 27 that went EOL in June 2023.... well. lemme just go update that first. 😃</p>
Marcel<p>Ihr wollt <a href="https://fedifriends.social/tags/Mastodon" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Mastodon</span></a> auch mit (zusätzlichem) <a href="https://fedifriends.social/tags/SSO" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>SSO</span></a> betreiben? Eure bisherigen Nutzer sollen dabei erhalten bleiben?</p><p>Ich hab da was zusammen gesucht aus der Dokumentation und verschiedenen Issues auf Github. Hier eine funktionierende Konfiguration. Ich verwende sie selbst in Verbindung mit <a href="https://fedifriends.social/tags/authentik" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>authentik</span></a> </p><p><a href="https://crypt.storagemte.eu/code/#/2/code/view/BSTU+Rg5Wfxl-nRt0ATUrHr86IeqYwhD5kOyMmJfYFQ/" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">crypt.storagemte.eu/code/#/2/c</span><span class="invisible">ode/view/BSTU+Rg5Wfxl-nRt0ATUrHr86IeqYwhD5kOyMmJfYFQ/</span></a></p><p>Bitte beachtet, das ihr bei Mastodon dieselbe E-Mailadresse wie in eurem Identitätsprovider haben müsst!</p><p><a href="https://fedifriends.social/tags/foss" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>foss</span></a> <a href="https://fedifriends.social/tags/MastoAdmin" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>MastoAdmin</span></a> <a href="https://fedifriends.social/tags/oidc" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>oidc</span></a></p>
1977er<p>Kann es sein, dass <a href="https://23.social/tags/authentik" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>authentik</span></a> früher auf /health/live/ immer mit einer 204 und jetzt mit einer 200 antwortet?</p>
yaggadagga<p>I hear really good things about <a href="https://fosstodon.org/tags/authentik" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>authentik</span></a> and from what I can tell from reviews and the documentation, it is very flexible and can do a lot. </p><p>But man, if it’s not confusing. <a href="https://fosstodon.org/tags/Authelia" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Authelia</span></a> has worked so well for the last few years, but development has slowed and I haven’t had the time to dig into the code base. </p><p>We’ll see how far I get, but it hasn’t been a good start. I can’t setup my <a href="https://fosstodon.org/tags/ldap" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>ldap</span></a> outpost because my <a href="https://fosstodon.org/tags/ldap" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>ldap</span></a> application doesn’t show up as an available app. 🤷🏼 <a href="https://fosstodon.org/tags/SelfHosting" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>SelfHosting</span></a> <a href="https://fosstodon.org/tags/authentication" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>authentication</span></a></p>
1977er<p>Erster Outpost, erste ForwardAuth mit <a href="https://23.social/tags/authentik" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>authentik</span></a>. \o/ <a href="https://23.social/tags/erstekleineSchritte" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>erstekleineSchritte</span></a></p>
Tealk<p>To the <a href="https://rollenspiel.social/tags/Fedimin" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Fedimin</span></a>'s or <a href="https://rollenspiel.social/tags/Writefreely" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Writefreely</span></a> instance operators, how do you keep the <a href="https://rollenspiel.social/tags/spam" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>spam</span></a> away?<br>I have to delete at least one spam user almost every day, even though I only process the registration via our SSO service <a href="https://rollenspiel.social/tags/Authentik" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Authentik</span></a>.</p>
Carsten<p>Had trouble with failed <a href="https://chaos.social/tags/cors" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>cors</span></a> headers in my <a href="https://chaos.social/tags/authentik" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>authentik</span></a> forward-auth setup for *months*<br>Turns out it was, of course, a caching issue in the browser 🤦🏻‍♂️<br>Why is it always caching!? 😡😭</p><p><a href="https://chaos.social/tags/selfhosted" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>selfhosted</span></a> <a href="https://chaos.social/tags/linux" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>linux</span></a> <a href="https://chaos.social/tags/server" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>server</span></a></p>
Andrew Williams<p>I had a vauge failure message when trying to login to <a href="https://mastodon.incognitus.net/tags/tailscale" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>tailscale</span></a> with my OIDC provider via <a href="https://mastodon.incognitus.net/tags/authentik" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>authentik</span></a> </p><p>After a some yak shaving fixing my kubeconfig to get into my cluster, fix the broken webfinger implementation to work correctly again, and it turns out that the signing certificate used for the provider in Authentik had expired and needed replacing with a new RSA based cert.</p><p>Why is nothing ever a simple fix in <a href="https://mastodon.incognitus.net/tags/selfhosting" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>selfhosting</span></a> land...</p>
Nicolas Fränkel 🇺🇦🇬🇪<p><a href="https://mastodon.top/tags/authentik" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>authentik</span></a> is an <a href="https://mastodon.top/tags/IdP" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>IdP</span></a> (Identity Provider) and <a href="https://mastodon.top/tags/SSO" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>SSO</span></a> (single sign on) that is built with <a href="https://mastodon.top/tags/security" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>security</span></a> at the forefront of every piece of code, every feature, with an emphasis on flexibility and versatility.</p><p><a href="https://goauthentik.io/" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="">goauthentik.io/</span><span class="invisible"></span></a></p>
Dave Lane :flag_tino: 🇳🇿<p><span class="h-card" translate="no"><a href="https://hackers.town/@yojimbo" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>yojimbo</span></a></span> <span class="h-card" translate="no"><a href="https://cloudisland.nz/@aurynn" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>aurynn</span></a></span> Following quite a lot of experimentation and frustration, I've gone with <a href="https://mastodon.nzoss.nz/tags/Authentik" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Authentik</span></a> - see <a href="https://tech.oeru.org/installing-authentik-authentication-and-single-sign" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">tech.oeru.org/installing-authe</span><span class="invisible">ntik-authentication-and-single-sign</span></a> for how I'm doing it.</p>
xyhhx 🔻 (plz hire me)<p>i'm gonna try kanidm instead of authentik. they dont have any kubernetes examples but i think i can figure it out</p><p><a href="https://nso.group/tags/kanidm" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>kanidm</span></a> <a href="https://nso.group/tags/authentik" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>authentik</span></a> <a href="https://nso.group/tags/kubernetes" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>kubernetes</span></a></p>