Questions tagged [openid]
OpenID is an open standard that allows users to be authenticated by co-operating sites
53 questions
0
votes
0
answers
289
views
OpenStack - Keycloak SSO oidc mapping
I'm trying to set up SSO for OpenStack, through Keycloak, via OpenID.
If I use the example mapping from the OpenStack documentation, it works fine. However, I want to have a different setup, and would ...
0
votes
0
answers
149
views
HashiCorp Nomad OIDC authentication with nested ListClaimMappings
I've setup a HashiCorp Nomad server and I want to add an OIDC authentication method.
I've made all preparations on the OIDC provider, added config to Nomad server but I cannot seem to get in ...
0
votes
0
answers
220
views
Openstack Keystone as a Service Provider, 401 - Unauthorized Exception for SSO
We're currently working on implementing SSO for our university's OpenStack environment using OpenStack Ansible (Yoga version). Our goal is to allow students to log in with their university credentials ...
0
votes
0
answers
97
views
How to rotate secrets in an untrusted Kubernetes environment
I'm automating the provisioning of Kubernetes environments for developer users. I'd like to regularly rotate the resources of kind 'secret' that are inside these environments. Furthermore, I'd only ...
-1
votes
1
answer
2k
views
Keycloak 16 - can it log OIDC access tokens for Open-ID Connect identity providers?
How can I make Keycloak 16 log the access token, when using an Open-ID Connect identity provider? I need to see what claims the OIDC provider sends to Keycloak.
1
vote
1
answer
4k
views
Setting up OIDC with ADFS - Invalid UserInfo Request
Background
So I've been pulling my hair out the past few weeks trying to get OIDC authentication working based on ADFS in various applications, specifically Proxmox VE as well as Gitea. The reason why ...
0
votes
1
answer
2k
views
Windows Authentication with OpenID Connect (OIDC) with Active Directory (AD FS)?
This is NOT about Azure, but about an on-premises offline Microsoft Active Directory system, based on Windows 2016/2019.
Our website uses OpenID with Microsoft Active Directory, but we want the user ...
0
votes
1
answer
622
views
Azure AD app registration - possible to modify or transform email claim provided by OIDC SSO?
We have two instances of a SaaS app from a vendor that have SSO capabilities using OIDC. Our app users are differentiated based on the provided email address when logging in using the login page ...
0
votes
1
answer
429
views
IAP with Google Identity Platform throws "Failed to fetch the discovery document from issuer"
I have activated Identity Aware Proxy on a GCP Load Balancer and configured it to authenticate the users against my OIDC Identity Provider (Auth0) through Google Identity Platform with a default login ...
1
vote
1
answer
113
views
Single Sign-On for Azure Virual Desktop
I have the following scenario:
A web applications has OIDC authentication/authorization. Using a token from an authenticated user of this application I want to start a RDP session on an Azure Virtual ...
3
votes
0
answers
1k
views
Subversion Server with Azure AD SSO
There is a running CollabNet Subversion Edge Server in the current version 5.2.4.
It is currently connected with LDAP for authentication.
Now there is a challenge to grant permission to b2b guests of ...
1
vote
0
answers
1k
views
Not able to receive jwt token request from apache2 server
I am using OPENIDC for protecting a URL. mod_authopenidc is installed in my apache server.After authenticating the user i have an approve button which is when clicked sends a response with ...
0
votes
0
answers
496
views
cross domain cookie with openid connect
my app allows users to login with openid connect on a openid provider site in www.domain1.com/login, when the user(me in this case) directly calls that url i can see that the browser sees a ...
0
votes
0
answers
73
views
AzureAD OpenID Connect JWT "platf" claim value
I am setting up an application that will use AzureAD as an OpenID Connect IDP for authentication. I want to know if the authenticating device is an AzureAD "managed" or "compliant" device at the ...
0
votes
2
answers
1k
views
How to edit Kubernetes cluster values for OIDC?
We are plannig to implement OpenID authentication to Kubernetes, Im finding a way to add oidc-issue-url to Kubernetes cluster as descibe here Kubernetes OpenID
But im unable to find cluster ...
3
votes
1
answer
2k
views
Intermittent OpenID Connect login error in ADFS 4.0
We have a Windows 2016 ADFS 4.0 farm (WID database, not SQL Server) hosted in Azure.
We are working with a new OpenID Connect application, and want to use ADFS to authenticate and populate user ...
0
votes
1
answer
2k
views
Apache "require valid-user" is valid across multiple auth types
Our Apache uses both mod_shib_24 (SAML-SP) and mod_auth_openidc (OIDC-RP), which both are connected to a Shibboleth IdP (acts as both SAML-IDP and OIDC-OP).
Furthermore we have 2 protected locations, ...
2
votes
1
answer
7k
views
Keycloak x.509 certificate authentication
I'm trying to set up the following architecture but I'm struggling:
Keycloak container with this image jboss/keycloak:7.0.0
Apache with mod_auth_openidc
The apache has a protected directory
Apache ...
0
votes
1
answer
130
views
Is there an SSO mechanism supported as widely as LDAP?
LDAP is pretty amazing. It lets you set up a bunch of web services that all share a common user database (or rather, directory), so you can have a WordPress installation, a NextCloud, a MediaWiki etc, ...
0
votes
1
answer
2k
views
Protecting Apache uri with keycloak auth
I'm trying to configure Apache and Keyloak to grant access to users according to their roles.
I'm trying to start with a simple configuration. so I created directory called demo1 in /var/www/ and ...
1
vote
0
answers
155
views
Getting a list of OpenID Connect subjects for a G-Suite domain
I'm setting up an application that supports OpenID Connect authentication, using my G-Suite domain to support single sign-on. To set up per-user permissions, I need to map the OIDC subject to the app'...
0
votes
1
answer
233
views
GitLab OpenID Connect Provider - User info missing email claim
I have asked this question on the GitLab forum as well: https://forum.gitlab.com/t/openid-connect-user-info-missing-email-claim/21902
I’m not familiar with OAuth or OpenID Connect.
I’m having ...
4
votes
1
answer
4k
views
How To Use Amazon Cognito As An SSO OpenID Identity Provider
We currently use Google as an OpenID identity provider to our web platform. We need to move away from it. I discovered Amazon Cognito (we already use EC2/S3 and the rest).
I discovered the ...
2
votes
0
answers
1k
views
SAML/OpenID authentication on Docker/Core OS
I have a set of servers running Core OS/Docker/Docker Swarm.
I have my users in a SAML/OpenID SSO server. I want these users to be able to
run Docker containers on my Core OS cluster.
How do I ...
2
votes
0
answers
395
views
Do I need my own oauth and/or openid connect provider [closed]
Sorry .... I want to completely rephrase this question:, and I've asked the same question on Information Security now
The system I'm working on will have a mobile application, a web portal and an ...
0
votes
1
answer
366
views
Server denied check_authentication after migration of Drupal
I just moved a drupal website from one server to another.
On the original server the site was set up directly in apache.
On the new server, i have a docker layer in between:
The machine runs a debian ...
0
votes
1
answer
65
views
Lotus Domino as Amazon IAM Identity Provider
I am looking for the way to configure our corporate Lotus Domino server as an Idenity Provider of Amazon IAM service. Amazon supports SAML and OpenID Provider Types. Can I configure Domino server that ...
0
votes
1
answer
468
views
SimpleSAMLphp OpenID Consumer
I'm using SimpleSAMLphp as an OpenID Consumer and no openID provider I tried seems to work.
I always get the following error:
Exception during login: SimpleSAML_Error_BadRequest: BADREQUEST('%REASON%'...
0
votes
1
answer
53
views
Have simpleid also provide the identifier
I have a running simpleid installation, and I use my own homepage as the identifier. Now I want to add a user to simpleid who does not have a homepage or similar.
Does simpleid provide an identifier ...
0
votes
1
answer
325
views
Single sign-on with Chef
I'm getting my personal infrastructure set up (Gitlab, Jenkins, etc.) and I'm planning on using OpenID for single sign-on. I understand that SSO works for Gitlab and Jenkins.
Would I be able to ...
0
votes
1
answer
76
views
how can you use openID to authenticate different kind of users?
How can you have users authenticate on a web site with different permissions.
I would like to have administrator, superuser, collaborators and normal users.
In particular, I would like to restrict ...
2
votes
3
answers
1k
views
How to configure simpleid to claim my ID?
I am trying to configure Apache as an OpenID provider using simpleid.
I have followed the instructions to the letter till I got to the part about "Claim your identifier".
Now, this is where I am ...
1
vote
1
answer
940
views
Using Apache HTTP user in Tomcat?
I need users to authenticate in Apache HTTP for some static resources (using mod_auth_openid. I also have a Tomcat application running. How can I accept the HTTP user as the Tomcat user, so the users ...
1
vote
1
answer
807
views
How can I set up an authentication system with single instance storage of credentials and several authentication methods/interfaces?
Background: I have a collection of Linux-based servers (let's say a few dozen) that are hosted in different locations. Some servers are lone satellites while others are hosted together in the same ...
-1
votes
1
answer
674
views
Any Windows based OpenID servers out there? [closed]
I've been looking to setup an OpenID server for a special project, but haven't found any workable OpenID server software packages. Originally was looking for a *nix solution, and found several, but ...
2
votes
1
answer
2k
views
Single Sign-on for Intranet WordPress using OpenID (or OAuth), IIS, Integrated Windows Authentication, Active Directory?
Is it possible to have single sign-on for intranet WordPress sites by using OpenID (or OAuth), IIS, Integrated Windows Authentication, Active Directory?
I'd like to have Active Directory users ...
2
votes
1
answer
95
views
PhpMyID and mobile browsers
I have PhpMyID running on my server. When I use my own provider to log in with any desktop browser, it works just fine.
But when I try to log in with my handheld device which is running Android 2.2, ...
1
vote
1
answer
2k
views
Set up Jenkins to use Crowd's OpenID for SSO?
Been trying to get Jenkins to work with Crowd's OpenID server so we can use single sign-on like with our Atlassian stuff (the Jenkins Crowd plugin can't do SSO). Can't seem to find the proper OpenID ...
-1
votes
2
answers
145
views
OpenID client is failing due to content negotiation on Apache representing OpenID server [closed]
This is a question about configuring Apache and accept headers.
I am trying to login to Superuser with OpenID, and it generates a request like this:
telnet phor.net 80
GET /professional HTTP/1.0
...
1
vote
1
answer
718
views
openID delegation - no endpoint found
I posted this query on staackoverflow main but it was suggested I should ask here. Sorry for the non-openID login, but as you can see, I'm having some issues.
In short:
A couple weeks ago I noticed ...
2
votes
2
answers
1k
views
OpenID server with PHP
We have an existing user database (in our SMF forum) and we want to setup an OpenID server so that our users can use their account to login also on other sites.
The user database can be accessed via ...
2
votes
2
answers
366
views
Is there an OpenID demo server out there? [closed]
I'm doing some experiements with adding OpenID to something I'm working on, and I'd like to test out a few providers.
Is there a server out there that will go through the OpenID login process (same ...
17
votes
7
answers
3k
views
Is OpenID this easy to hack or am I missing something?
For those Relying Parties (RP) that allow the user to specify the OpenID Provider (OP), it seems to me than anyone that knows or guesses your OpenID could
Enter their own OP address.
Have it validate ...
9
votes
5
answers
710
views
Is open id secure?
Is open ID secure, for example can you use it to log into bank accounts?
0
votes
1
answer
350
views
Apache fails when I pass an URL as an argument
Hey everybody, Im really confused about this problem. Ill try to describe it:
The problem is:
http://mydomain.com/somedir/somephp.php?arg1=value&arg2=http://otherdomain.com&arg3=http://...
2
votes
2
answers
751
views
DNS trouble - think it might be caused by two NS records
About a week ago, I updated my DNS, adding:
HOST, TYPE, VALUE, TTL
*.soup-team.com CNAME www.myopenid.com 3600
mail.soup-team.com CNAME ghs.google.com 3600
HOST, TYPE, VALUE, MX, TTL
soup-team.com ...
1
vote
1
answer
130
views
Can you recommend a robust OpenAPI 2.0 provider?
Help me find a robust OpenID 2.0 provider!
We're looking at various SSO solutions for our organization, and I would like to suggest OpenID as a viable option, since (a) there is good consumer support ...
7
votes
4
answers
19k
views
How do accept multiple authentication options in Apache?
I want to protect a path in my VirtualHost but allow users a variety of authentication options (e.g. mod-auth-cas, mod-auth-openid and mod-auth-digest.) How do I set up the virtual host definition to ...
1
vote
2
answers
968
views
OpenID provider using Apache SSL/FakeBasicAuth?
I'd like to set up an OpenID provider for our group, which we can use to log in to internal and external OpenID-aware services (e.g. stackoverflow.com).
Our users all have X.509 certificates issued ...
23
votes
24
answers
2k
views
Is Open ID better than the usual LogIn system? [closed]
We are developing a web system and considering using the Open Id feature. Do you think it is any better than the usual way of loggin users in? If we use the Open Id feature that means the users will ...