Create accountLogin

Recent searches

No recent searches

Search options

Only available when logged in.
social.tchncs.de is one of the many independent Mastodon servers you can use to participate in the fediverse.
A friendly server from Germany – which tends to attract techy people, but welcomes everybody. This is one of the oldest Mastodon instances.

Administered by:

Server stats:

3.7K
active users

social.tchncs.de: AboutProfiles directoryPrivacy policy

Mastodon: AboutGet the appKeyboard shortcutsView source codev4.3.7

#singlesignon

0 posts0 participants0 posts today
Public *
Alexander Schwartz

🚢 #Keycloak shipped release 26.2 today (Friday afternoon)! 🚢

Pimp your #SingleSignOn with a lot of new features. And it became even simpler to host it yourself!

* Least-privileged delegated access without service desk tickets.
* Enhanced token-exchange for accurate and narrowly scoped tokens for #zerotrust architectures.
* Pre-defined #Grafana dashboard to monitor service level indicators.
* Simplified update and configuration to increase availability.

keycloak.org/2025/04/keycloak-

KeycloakKeycloak 26.2.0 releasedSupported Standard Token Exchange * Fine-grained admin permissions supported * Guides for metrics and Grafana dashboards * Zero-configuration secure cluster communication
Public
Silke Meyer

Learnings am Wegesrand: Für die Signierung und Verschlüsselung von #SAML-Metadaten nutzt man wegen der häufigen Rotationen und fehlender Automatisierungsmöglichkeit bei Kommunikationspartnern ja meist keine Letsencrypt-Zertifikate. Gestern dachte ich, ach für diesen kurzen Test geht’s mal. Und dann habe ich lange nach dem Fehler gesucht und gemerkt, dass Letsencrypt inzwischen EC-Schlüssel statt RSA generiert,mit denen der #Shibboleth SP nicht signieren kann. #til #sso #singlesignon

Public
Silke Meyer

Ein kurzer Werbe-Einschub, wenn Ihr gestattet: Hab gerade gesehen, dass in "meiner" Keycloak-Schulung am 25.3. noch ein einziger Platz frei ist. Die ganztägige Schulung richtet sich an Admin*s, die den von @univention ausgelieferten Keycloak in Verbindung mit UCS einsetzen. Falls noch jemand mag, sind hier die Details: univention.de/training/keycloa

UniventionKeycloak Technikschulung | UniventionDie Schulung richtet sich an UCS-Nutzer mit Linux-Grundkenntnissen und fokussiert sich auf die praktische Anwendung von Keycloak.
#Keycloak#singlesignon#training
Public
Silke Meyer

Haha, no pressure… 😉

Aber es stimmt: Ich habe für die #clt2025 was vorbereitet zu #Keycloak. 👉 22.3., also Samstag, um 14 Uhr. Freue mich auf Euch!

#freesoftware #singlesignon #digitalsovereignty univention.social/@univention/

Mastodon:univention: Univention (@univention@univention.social)Attached: 1 image Die Antwort auf (fast) alle Fragen zu Keycloak gibt es auf den 𝗖𝗵𝗲𝗺𝗻𝗶𝘁𝘇𝗲𝗿 𝗟𝗶𝗻𝘂𝘅-𝗧𝗮𝗴𝗲𝗻 𝟮𝟬𝟮𝟱! Ein zentrales Login klingt effizient, aber was, wenn genau diese Stelle ausfällt? Wer auf Single Sign-on (#SSO) setzt, sollte sich mit Hochverfügbarkeit und Absicherung beschäftigen. @smeyer beantwortet in ihrem Vortrag die meistgestellten Fragen zu #Keycloak, #MFA und Ausfallsicherheit. 📅 22. März, 14:00 Uhr 📍 Raum V6 Klingt interessant? Dann sehen wir uns in Chemnitz!
Replied in thread
Public
Jupiter Rowland
Genial wäre jetzt noch, wenn Friendica auch serverseitige Unterstützung für OpenWebAuth einbauen würde.

Und wenn Mastodon endlich den schon seit Ewigkeiten auf GitHub schimmelnden Pull Request für OpenWebAuth-Unterstützung akzeptieren würde (wobei ich glaube, der ist auch nur clientseitig).

#FediMeta #FediverseMeta #CWFediMeta #CWFediverseMeta #OpenWebAuth #SingleSignOn
hub.netzgemeinde.euNetzgemeinde/Hubzilla
#singlesignon
Public
Pyrzout :vm:

The Evolution of Single Sign-On for Autonomous AI Agents: Securing Non-Human Identities in the Age of Agentic Automation – Source: securityboulevard.com ciso2ciso.com/the-evolution-of #AI(ArtificialIntelligence) #rssfeedpostgeneratorecho #SecurityBloggersNetwork #AutonomousIdentities #CyberSecurityNews #SecurityBoulevard #singlesignon #0CISO2CISO #agentic

CISO2CISO.COM & CYBER SECURITY GROUP · The Evolution of Single Sign-On for Autonomous AI Agents: Securing Non-Human Identities in the Age of Agentic Automation – Source: securityboulevard.comSource: securityboulevard.com - Author: Deepak Gupta - Tech Entrepreneur, Cybersecurity Author The integration of autonomous AI agents into enterprise
Replied in thread
Public
Jupiter Rowland
@Alison Wilder Because if you want full-blown user rights and all the same features as a local user on all over 30,000 Fediverse instances, you need a local user account on each one of them.

This means two things:
  • If you come over to the Fediverse for the first time, and you register your first account on Mastodon, you automatically also register an account on 30,000+ more instances.
  • If you decide to host your own instance of whatever, and you spin it up for the first time, your instance immediately creates tens of millions of user accounts. One for everyone who has ever joined the Fediverse. Because anyone may decide to come over to your instance and use it, just like so.

For one, this is utter overkill.

Besides, this is technologically impossible. This would require all Fediverse instances to know all other Fediverse instances. With no exceptions. Like, if I start up my own (streams) instance for the first time, and half a second later, someone on the other side of the globe starts up a Gancio instance, they would immediately have to know each other. And all the other instances in the Fediverse.

And, of course, it would require a newly-launched instance to know all Fediverse users. Again, with no exception.

How and from which source are they supposed to know?

That said, there is a single sign-on system for the Fediverse. It's called OpenWebAuth. It was created by @Mike Macgirvin 🖥️ (creator of Friendica and all its descendants) in the late 2010s already for now-defunct Zap, a fork (of a fork?) of Hubzilla which, in turn, is a fork of the currently hyped Facebook alternative Friendica. It was backported to Hubzilla in 2020. Everything that came after Zap, including the still existing streams repository, got it, too.

However, first of all, OpenWebAuth is only fully implemented on Hubzilla, (streams) and Forte. Plus, it has client-side support on Friendica. This means that Hubzilla, (streams) and Forte recognise logins on all four, but Friendica doesn't recognise logins from anywhere.

As for Mastodon, OpenWebAuth implementation was actually developed to the point of an official merge request in Mastodon's GitHub repository. As far as I know, it was rejected. Mastodon won't implement OpenWebAuth, full stop.

Besides, it doesn't give you all the same power as a local user. You can't log into Friendica, go to a Hubzilla hub and create a wiki or a webpage or a CalDAV calendar, just like so.

OpenWebAuth is only for guest permissions. Because on Hubzilla, (streams) and Forte, permissions are everything.

For example, let's assume you have an account and a channel on (streams). Let's also assume that your (streams) channel and this Hubzilla channel of mine here are connected. Furthermore, let's assume that I've decided to only allow my own full connections to see my profile.

If you're logged out, and you go to my profile page, you see nothing.

But then you log in. And you come back to my profile page (provided your browser is configured so that the Hubzilla hub that I call home is allowed to create cookies). My home hub recognises your login on (streams). It identifies you as you, as one of my contacts. Thus, it identifies you as someone who is permitted to see my profile.

And all of a sudden, you see my profile.

That, for example, is what OpenWebAuth is for.

#Long #LongPost #CWLong #CWLongPost #FediMeta #FediverseMeta #CWFediMeta #CWFediverseMeta #Fediverse #Friendica #Hubzilla #Zap #Streams #(streams) #Forte #SingleSignOn #OpenWebAuth
magicsignon.orgMagic Signon \ OpenWebAuth (OWA)
#openwebauth
Replied in thread
Public
Jupiter Rowland
@David Nason Pixelfed is wholly separate software from Mastodon on wholly separate servers with wholly separate owners. So yes, you need a separate Pixelfed account. It's a bit easier on Pixelfed if you're already on Mastodon: Pixelfed lets you automatically create a new user account by "logging in" with your Mastodon login credentials. But only Pixelfed has this as far as I know.

Loops is wholly separate again, but there's only one instance so far because it's too unfinished to even be open-source. So you'll need a Loops account next to your Mastodon account and your Pixelfed account.

Also, you'll have different followers on Mastodon, on Pixelfed and on Loops. But what you could do if you want your followers on Mastodon to see your Pixelfed posts is: Follow your own Pixelfed account from Mastodon. And then, whenever you post something interesting on Pixelfed, wait for it to arrive on your Mastodon timeline, and then boost it.

@Mark Stosberg There's one thing that exists already now: OpenWebAuth magic single sign-on. But it's only available on Hubzilla, (streams) and Forte and partially on Friendica.

What it does is recognise your login on another instance, even on an instance of another server application. Hubzilla, (streams) and Forte recognise logins from Friendica, Hubzilla, (streams) and Forte, but Friendica can't recognise logins.

However, this is only used by the permissions system. For example, someone whom I'm connected to could have made their profile only visible to a certain subset of their connections, including myself. If you visit their profile, you won't see anything. If I visit their profile, their home instance recognises my Hubzilla login, and I can see the profile.

What it does not do is give you the same full-blown rights as a user with a local account. I can't just, like, go to some (streams) instance and post away as, what, jupiter_rowland@rumbly.net or go to a Hubzilla hub where I don't have an account and create a webpage or a wiki or a CalDAV calendar right away without logging in. That's not how it works.

By the way, client-side OpenWebAuth support (= your login is recognised on Hubzilla, (streams) and Forte) was proposed and actually developed to the point of a pull request for Mastodon. As far as I know, it was rejected. OpenWebAuth won't come to Mastodon.

CC: @FoolishOwl @Oblomov

#Long #LongPost #CWLong #CWLongPost #FediMeta #FediverseMeta #CWFediMeta #CWFediverseMeta #Fediverse #Mastodon #Pixelfed #Loops #Friendica #Hubzilla #Streams #(streams) #Forte #OpenWebAuth #SingleSignOn
hub.netzgemeinde.euNetzgemeinde/Hubzilla
#singlesignon
Public
Silke Meyer

Alles Gute für das neue Jahr! 🎉 Bei uns steht im Januar der @univention Summit im Mittelpunkt. Das Programm wird wieder toll! Auch mein Lieblingsthema Keycloak steht auf dem Plan: Ich bereite Euch einen Input vor zu den häufig gestellten Fragen rund um MFA, Kerberos-Integration und High Availability des IdP. Ihr kommt doch alle? univention-summit.de/

Univention SummitReady for Digital Sovereignty?Seien Sie im Januar 2025 dabei, wenn wir die Tore zum Univention Summit öffnen. Details zur Buchung folgen in Kürze
#univention#univentionsummit#keycloak
ExploreLive feeds
About