Skip to main content

Questions tagged [openid]

OpenID is an open standard that allows users to be authenticated by co-operating sites

Filter by
Sorted by
Tagged with
0 votes
0 answers
289 views

OpenStack - Keycloak SSO oidc mapping

I'm trying to set up SSO for OpenStack, through Keycloak, via OpenID. If I use the example mapping from the OpenStack documentation, it works fine. However, I want to have a different setup, and would ...
AlexP's user avatar
  • 1
0 votes
0 answers
149 views

HashiCorp Nomad OIDC authentication with nested ListClaimMappings

I've setup a HashiCorp Nomad server and I want to add an OIDC authentication method. I've made all preparations on the OIDC provider, added config to Nomad server but I cannot seem to get in ...
Mihai Iorga's user avatar
0 votes
0 answers
220 views

Openstack Keystone as a Service Provider, 401 - Unauthorized Exception for SSO

We're currently working on implementing SSO for our university's OpenStack environment using OpenStack Ansible (Yoga version). Our goal is to allow students to log in with their university credentials ...
Joel 35's user avatar
0 votes
0 answers
97 views

How to rotate secrets in an untrusted Kubernetes environment

I'm automating the provisioning of Kubernetes environments for developer users. I'd like to regularly rotate the resources of kind 'secret' that are inside these environments. Furthermore, I'd only ...
Dave Welling's user avatar
-1 votes
1 answer
2k views

Keycloak 16 - can it log OIDC access tokens for Open-ID Connect identity providers?

How can I make Keycloak 16 log the access token, when using an Open-ID Connect identity provider? I need to see what claims the OIDC provider sends to Keycloak.
Lars D's user avatar
  • 272
1 vote
1 answer
4k views

Setting up OIDC with ADFS - Invalid UserInfo Request

Background So I've been pulling my hair out the past few weeks trying to get OIDC authentication working based on ADFS in various applications, specifically Proxmox VE as well as Gitea. The reason why ...
awillinger-work's user avatar
0 votes
1 answer
2k views

Windows Authentication with OpenID Connect (OIDC) with Active Directory (AD FS)?

This is NOT about Azure, but about an on-premises offline Microsoft Active Directory system, based on Windows 2016/2019. Our website uses OpenID with Microsoft Active Directory, but we want the user ...
Lars D's user avatar
  • 272
0 votes
1 answer
622 views

Azure AD app registration - possible to modify or transform email claim provided by OIDC SSO?

We have two instances of a SaaS app from a vendor that have SSO capabilities using OIDC. Our app users are differentiated based on the provided email address when logging in using the login page ...
Micah Yeager's user avatar
0 votes
1 answer
429 views

IAP with Google Identity Platform throws "Failed to fetch the discovery document from issuer"

I have activated Identity Aware Proxy on a GCP Load Balancer and configured it to authenticate the users against my OIDC Identity Provider (Auth0) through Google Identity Platform with a default login ...
MariusPontmercy's user avatar
1 vote
1 answer
113 views

Single Sign-On for Azure Virual Desktop

I have the following scenario: A web applications has OIDC authentication/authorization. Using a token from an authenticated user of this application I want to start a RDP session on an Azure Virtual ...
DVA's user avatar
  • 11
3 votes
0 answers
1k views

Subversion Server with Azure AD SSO

There is a running CollabNet Subversion Edge Server in the current version 5.2.4. It is currently connected with LDAP for authentication. Now there is a challenge to grant permission to b2b guests of ...
Wyphorn's user avatar
  • 55
1 vote
0 answers
1k views

Not able to receive jwt token request from apache2 server

I am using OPENIDC for protecting a URL. mod_authopenidc is installed in my apache server.After authenticating the user i have an approve button which is when clicked sends a response with ...
user615363's user avatar
0 votes
0 answers
496 views

cross domain cookie with openid connect

my app allows users to login with openid connect on a openid provider site in www.domain1.com/login, when the user(me in this case) directly calls that url i can see that the browser sees a ...
James Baker's user avatar
0 votes
0 answers
73 views

AzureAD OpenID Connect JWT "platf" claim value

I am setting up an application that will use AzureAD as an OpenID Connect IDP for authentication. I want to know if the authenticating device is an AzureAD "managed" or "compliant" device at the ...
user571191's user avatar
0 votes
2 answers
1k views

How to edit Kubernetes cluster values for OIDC?

We are plannig to implement OpenID authentication to Kubernetes, Im finding a way to add oidc-issue-url to Kubernetes cluster as descibe here Kubernetes OpenID But im unable to find cluster ...
James Arems's user avatar
3 votes
1 answer
2k views

Intermittent OpenID Connect login error in ADFS 4.0

We have a Windows 2016 ADFS 4.0 farm (WID database, not SQL Server) hosted in Azure. We are working with a new OpenID Connect application, and want to use ADFS to authenticate and populate user ...
RyanM's user avatar
  • 41
0 votes
1 answer
2k views

Apache "require valid-user" is valid across multiple auth types

Our Apache uses both mod_shib_24 (SAML-SP) and mod_auth_openidc (OIDC-RP), which both are connected to a Shibboleth IdP (acts as both SAML-IDP and OIDC-OP). Furthermore we have 2 protected locations, ...
brzler's user avatar
  • 1
2 votes
1 answer
7k views

Keycloak x.509 certificate authentication

I'm trying to set up the following architecture but I'm struggling: Keycloak container with this image jboss/keycloak:7.0.0 Apache with mod_auth_openidc The apache has a protected directory Apache ...
No name's user avatar
  • 121
0 votes
1 answer
130 views

Is there an SSO mechanism supported as widely as LDAP?

LDAP is pretty amazing. It lets you set up a bunch of web services that all share a common user database (or rather, directory), so you can have a WordPress installation, a NextCloud, a MediaWiki etc, ...
TaylanKammer's user avatar
0 votes
1 answer
2k views

Protecting Apache uri with keycloak auth

I'm trying to configure Apache and Keyloak to grant access to users according to their roles. I'm trying to start with a simple configuration. so I created directory called demo1 in /var/www/ and ...
No name's user avatar
  • 121
1 vote
0 answers
155 views

Getting a list of OpenID Connect subjects for a G-Suite domain

I'm setting up an application that supports OpenID Connect authentication, using my G-Suite domain to support single sign-on. To set up per-user permissions, I need to map the OIDC subject to the app'...
Steven Grimm's user avatar
0 votes
1 answer
233 views

GitLab OpenID Connect Provider - User info missing email claim

I have asked this question on the GitLab forum as well: https://forum.gitlab.com/t/openid-connect-user-info-missing-email-claim/21902 I’m not familiar with OAuth or OpenID Connect. I’m having ...
Daniel Cheung's user avatar
4 votes
1 answer
4k views

How To Use Amazon Cognito As An SSO OpenID Identity Provider

We currently use Google as an OpenID identity provider to our web platform. We need to move away from it. I discovered Amazon Cognito (we already use EC2/S3 and the rest). I discovered the ...
jn1kk's user avatar
  • 171
2 votes
0 answers
1k views

SAML/OpenID authentication on Docker/Core OS

I have a set of servers running Core OS/Docker/Docker Swarm. I have my users in a SAML/OpenID SSO server. I want these users to be able to run Docker containers on my Core OS cluster. How do I ...
Konstantin Kladko's user avatar
2 votes
0 answers
395 views

Do I need my own oauth and/or openid connect provider [closed]

Sorry .... I want to completely rephrase this question:, and I've asked the same question on Information Security now The system I'm working on will have a mobile application, a web portal and an ...
Johan's user avatar
  • 447
0 votes
1 answer
366 views

Server denied check_authentication after migration of Drupal

I just moved a drupal website from one server to another. On the original server the site was set up directly in apache. On the new server, i have a docker layer in between: The machine runs a debian ...
Stephan Richter's user avatar
0 votes
1 answer
65 views

Lotus Domino as Amazon IAM Identity Provider

I am looking for the way to configure our corporate Lotus Domino server as an Idenity Provider of Amazon IAM service. Amazon supports SAML and OpenID Provider Types. Can I configure Domino server that ...
Moisei's user avatar
  • 101
0 votes
1 answer
468 views

SimpleSAMLphp OpenID Consumer

I'm using SimpleSAMLphp as an OpenID Consumer and no openID provider I tried seems to work. I always get the following error: Exception during login: SimpleSAML_Error_BadRequest: BADREQUEST('%REASON%'...
Marcel's user avatar
  • 1
0 votes
1 answer
53 views

Have simpleid also provide the identifier

I have a running simpleid installation, and I use my own homepage as the identifier. Now I want to add a user to simpleid who does not have a homepage or similar. Does simpleid provide an identifier ...
Joachim Breitner's user avatar
0 votes
1 answer
325 views

Single sign-on with Chef

I'm getting my personal infrastructure set up (Gitlab, Jenkins, etc.) and I'm planning on using OpenID for single sign-on. I understand that SSO works for Gitlab and Jenkins. Would I be able to ...
Ryan Kennedy's user avatar
0 votes
1 answer
76 views

how can you use openID to authenticate different kind of users?

How can you have users authenticate on a web site with different permissions. I would like to have administrator, superuser, collaborators and normal users. In particular, I would like to restrict ...
azzurroverde's user avatar
2 votes
3 answers
1k views

How to configure simpleid to claim my ID?

I am trying to configure Apache as an OpenID provider using simpleid. I have followed the instructions to the letter till I got to the part about "Claim your identifier". Now, this is where I am ...
Umar Farooq Khawaja's user avatar
1 vote
1 answer
940 views

Using Apache HTTP user in Tomcat?

I need users to authenticate in Apache HTTP for some static resources (using mod_auth_openid. I also have a Tomcat application running. How can I accept the HTTP user as the Tomcat user, so the users ...
stwissel's user avatar
  • 680
1 vote
1 answer
807 views

How can I set up an authentication system with single instance storage of credentials and several authentication methods/interfaces?

Background: I have a collection of Linux-based servers (let's say a few dozen) that are hosted in different locations. Some servers are lone satellites while others are hosted together in the same ...
Fabian Fagerholm's user avatar
-1 votes
1 answer
674 views

Any Windows based OpenID servers out there? [closed]

I've been looking to setup an OpenID server for a special project, but haven't found any workable OpenID server software packages. Originally was looking for a *nix solution, and found several, but ...
Brian Knoblauch's user avatar
2 votes
1 answer
2k views

Single Sign-on for Intranet WordPress using OpenID (or OAuth), IIS, Integrated Windows Authentication, Active Directory?

Is it possible to have single sign-on for intranet WordPress sites by using OpenID (or OAuth), IIS, Integrated Windows Authentication, Active Directory? I'd like to have Active Directory users ...
user24932's user avatar
  • 145
2 votes
1 answer
95 views

PhpMyID and mobile browsers

I have PhpMyID running on my server. When I use my own provider to log in with any desktop browser, it works just fine. But when I try to log in with my handheld device which is running Android 2.2, ...
Roman Grazhdan's user avatar
1 vote
1 answer
2k views

Set up Jenkins to use Crowd's OpenID for SSO?

Been trying to get Jenkins to work with Crowd's OpenID server so we can use single sign-on like with our Atlassian stuff (the Jenkins Crowd plugin can't do SSO). Can't seem to find the proper OpenID ...
acp's user avatar
  • 11
-1 votes
2 answers
145 views

OpenID client is failing due to content negotiation on Apache representing OpenID server [closed]

This is a question about configuring Apache and accept headers. I am trying to login to Superuser with OpenID, and it generates a request like this: telnet phor.net 80 GET /professional HTTP/1.0 ...
William Entriken's user avatar
1 vote
1 answer
718 views

openID delegation - no endpoint found

I posted this query on staackoverflow main but it was suggested I should ask here. Sorry for the non-openID login, but as you can see, I'm having some issues. In short: A couple weeks ago I noticed ...
Phae's user avatar
  • 13
2 votes
2 answers
1k views

OpenID server with PHP

We have an existing user database (in our SMF forum) and we want to setup an OpenID server so that our users can use their account to login also on other sites. The user database can be accessed via ...
Albert's user avatar
  • 362
2 votes
2 answers
366 views

Is there an OpenID demo server out there? [closed]

I'm doing some experiements with adding OpenID to something I'm working on, and I'd like to test out a few providers. Is there a server out there that will go through the OpenID login process (same ...
billpg's user avatar
  • 585
17 votes
7 answers
3k views

Is OpenID this easy to hack or am I missing something?

For those Relying Parties (RP) that allow the user to specify the OpenID Provider (OP), it seems to me than anyone that knows or guesses your OpenID could Enter their own OP address. Have it validate ...
David's user avatar
  • 171
9 votes
5 answers
710 views

Is open id secure?

Is open ID secure, for example can you use it to log into bank accounts?
Daniel's user avatar
  • 3,811
0 votes
1 answer
350 views

Apache fails when I pass an URL as an argument

Hey everybody, Im really confused about this problem. Ill try to describe it: The problem is: http://mydomain.com/somedir/somephp.php?arg1=value&arg2=http://otherdomain.com&arg3=http://...
user avatar
2 votes
2 answers
751 views

DNS trouble - think it might be caused by two NS records

About a week ago, I updated my DNS, adding: HOST, TYPE, VALUE, TTL *.soup-team.com CNAME www.myopenid.com 3600 mail.soup-team.com CNAME ghs.google.com 3600 HOST, TYPE, VALUE, MX, TTL soup-team.com ...
method139's user avatar
1 vote
1 answer
130 views

Can you recommend a robust OpenAPI 2.0 provider?

Help me find a robust OpenID 2.0 provider! We're looking at various SSO solutions for our organization, and I would like to suggest OpenID as a viable option, since (a) there is good consumer support ...
larsks's user avatar
  • 46.8k
7 votes
4 answers
19k views

How do accept multiple authentication options in Apache?

I want to protect a path in my VirtualHost but allow users a variety of authentication options (e.g. mod-auth-cas, mod-auth-openid and mod-auth-digest.) How do I set up the virtual host definition to ...
James A. Rosen's user avatar
1 vote
2 answers
968 views

OpenID provider using Apache SSL/FakeBasicAuth?

I'd like to set up an OpenID provider for our group, which we can use to log in to internal and external OpenID-aware services (e.g. stackoverflow.com). Our users all have X.509 certificates issued ...
user5746's user avatar
  • 131
23 votes
24 answers
2k views

Is Open ID better than the usual LogIn system? [closed]

We are developing a web system and considering using the Open Id feature. Do you think it is any better than the usual way of loggin users in? If we use the Open Id feature that means the users will ...
Saj's user avatar
  • 613