Questions tagged [openid]
OpenID is an open standard that allows users to be authenticated by co-operating sites
54
questions
27
votes
8
answers
2k
views
Is there a danger in fake OpenID providers?
I've been wondering. Since anybody can start an OpenID provider, and since there is no central authority that approves OpenID providers, why won't fake OpenID providers become a problem?
For example, ...
23
votes
24
answers
2k
views
Is Open ID better than the usual LogIn system? [closed]
We are developing a web system and considering using the Open Id feature. Do you think it is any better than the usual way of loggin users in? If we use the Open Id feature that means the users will ...
18
votes
6
answers
3k
views
Is OpenID this easy to hack or am I missing something?
For those Relying Parties (RP) that allow the user to specify the OpenID Provider (OP), it seems to me than anyone that knows or guesses your OpenID could
Enter their own OP address.
Have it validate ...
9
votes
5
answers
705
views
Is open id secure?
Is open ID secure, for example can you use it to log into bank accounts?
7
votes
4
answers
19k
views
How do accept multiple authentication options in Apache?
I want to protect a path in my VirtualHost but allow users a variety of authentication options (e.g. mod-auth-cas, mod-auth-openid and mod-auth-digest.) How do I set up the virtual host definition to ...
5
votes
5
answers
344
views
Alleviating the Password Explosion Problem
Don't you just hate it when your password explodes, letting the magic smoke out of your server, and setting lp0 ablaze?
In all seriousness, the number of places a person needs a username and password ...
4
votes
1
answer
4k
views
How To Use Amazon Cognito As An SSO OpenID Identity Provider
We currently use Google as an OpenID identity provider to our web platform. We need to move away from it. I discovered Amazon Cognito (we already use EC2/S3 and the rest).
I discovered the ...
3
votes
1
answer
2k
views
Intermittent OpenID Connect login error in ADFS 4.0
We have a Windows 2016 ADFS 4.0 farm (WID database, not SQL Server) hosted in Azure.
We are working with a new OpenID Connect application, and want to use ADFS to authenticate and populate user ...
2
votes
3
answers
1k
views
How to configure simpleid to claim my ID?
I am trying to configure Apache as an OpenID provider using simpleid.
I have followed the instructions to the letter till I got to the part about "Claim your identifier".
Now, this is where I am ...
2
votes
2
answers
351
views
Is there an OpenID demo server out there? [closed]
I'm doing some experiements with adding OpenID to something I'm working on, and I'd like to test out a few providers.
Is there a server out there that will go through the OpenID login process (same ...
2
votes
1
answer
2k
views
Single Sign-on for Intranet WordPress using OpenID (or OAuth), IIS, Integrated Windows Authentication, Active Directory?
Is it possible to have single sign-on for intranet WordPress sites by using OpenID (or OAuth), IIS, Integrated Windows Authentication, Active Directory?
I'd like to have Active Directory users ...
2
votes
1
answer
93
views
PhpMyID and mobile browsers
I have PhpMyID running on my server. When I use my own provider to log in with any desktop browser, it works just fine.
But when I try to log in with my handheld device which is running Android 2.2, ...
2
votes
2
answers
1k
views
OpenID server with PHP
We have an existing user database (in our SMF forum) and we want to setup an OpenID server so that our users can use their account to login also on other sites.
The user database can be accessed via ...
2
votes
0
answers
872
views
Subversion Server with Azure AD SSO
There is a running CollabNet Subversion Edge Server in the current version 5.2.4.
It is currently connected with LDAP for authentication.
Now there is a challenge to grant permission to b2b guests of ...
2
votes
1
answer
6k
views
Keycloak x.509 certificate authentication
I'm trying to set up the following architecture but I'm struggling:
Keycloak container with this image jboss/keycloak:7.0.0
Apache with mod_auth_openidc
The apache has a protected directory
Apache ...
2
votes
0
answers
1k
views
SAML/OpenID authentication on Docker/Core OS
I have a set of servers running Core OS/Docker/Docker Swarm.
I have my users in a SAML/OpenID SSO server. I want these users to be able to
run Docker containers on my Core OS cluster.
How do I ...
2
votes
0
answers
383
views
Do I need my own oauth and/or openid connect provider [closed]
Sorry .... I want to completely rephrase this question:, and I've asked the same question on Information Security now
The system I'm working on will have a mobile application, a web portal and an ...
1
vote
1
answer
2k
views
Set up Jenkins to use Crowd's OpenID for SSO?
Been trying to get Jenkins to work with Crowd's OpenID server so we can use single sign-on like with our Atlassian stuff (the Jenkins Crowd plugin can't do SSO). Can't seem to find the proper OpenID ...
1
vote
1
answer
2k
views
Setting up OIDC with ADFS - Invalid UserInfo Request
Background
So I've been pulling my hair out the past few weeks trying to get OIDC authentication working based on ADFS in various applications, specifically Proxmox VE as well as Gitea. The reason why ...
1
vote
1
answer
906
views
Using Apache HTTP user in Tomcat?
I need users to authenticate in Apache HTTP for some static resources (using mod_auth_openid. I also have a Tomcat application running. How can I accept the HTTP user as the Tomcat user, so the users ...
1
vote
1
answer
803
views
How can I set up an authentication system with single instance storage of credentials and several authentication methods/interfaces?
Background: I have a collection of Linux-based servers (let's say a few dozen) that are hosted in different locations. Some servers are lone satellites while others are hosted together in the same ...
1
vote
1
answer
712
views
openID delegation - no endpoint found
I posted this query on staackoverflow main but it was suggested I should ask here. Sorry for the non-openID login, but as you can see, I'm having some issues.
In short:
A couple weeks ago I noticed ...
1
vote
2
answers
746
views
DNS trouble - think it might be caused by two NS records
About a week ago, I updated my DNS, adding:
HOST, TYPE, VALUE, TTL
*.soup-team.com CNAME www.myopenid.com 3600
mail.soup-team.com CNAME ghs.google.com 3600
HOST, TYPE, VALUE, MX, TTL
soup-team.com ...
1
vote
2
answers
942
views
OpenID provider using Apache SSL/FakeBasicAuth?
I'd like to set up an OpenID provider for our group, which we can use to log in to internal and external OpenID-aware services (e.g. stackoverflow.com).
Our users all have X.509 certificates issued ...
1
vote
1
answer
90
views
Single Sign-On for Azure Virual Desktop
I have the following scenario:
A web applications has OIDC authentication/authorization. Using a token from an authenticated user of this application I want to start a RDP session on an Azure Virtual ...
1
vote
0
answers
1k
views
Not able to receive jwt token request from apache2 server
I am using OPENIDC for protecting a URL. mod_authopenidc is installed in my apache server.After authenticating the user i have an approve button which is when clicked sends a response with ...
1
vote
0
answers
131
views
Getting a list of OpenID Connect subjects for a G-Suite domain
I'm setting up an application that supports OpenID Connect authentication, using my G-Suite domain to support single sign-on. To set up per-user permissions, I need to map the OIDC subject to the app'...
1
vote
1
answer
129
views
Can you recommend a robust OpenAPI 2.0 provider?
Help me find a robust OpenID 2.0 provider!
We're looking at various SSO solutions for our organization, and I would like to suggest OpenID as a viable option, since (a) there is good consumer support ...
0
votes
1
answer
1k
views
Windows Authentication with OpenID Connect (OIDC) with Active Directory (AD FS)?
This is NOT about Azure, but about an on-premises offline Microsoft Active Directory system, based on Windows 2016/2019.
Our website uses OpenID with Microsoft Active Directory, but we want the user ...
0
votes
2
answers
1k
views
How to edit Kubernetes cluster values for OIDC?
We are plannig to implement OpenID authentication to Kubernetes, Im finding a way to add oidc-issue-url to Kubernetes cluster as descibe here Kubernetes OpenID
But im unable to find cluster ...
0
votes
2
answers
218
views
Distributed User Authentication
I have an heterogeneous system in my office with different OS and they change rapidly.
I was looking for a solution to get authentication in a distributed way like OpenID so I can login machine_A ...
0
votes
0
answers
53
views
How to rotate secrets in an untrusted Kubernetes environment
I'm automating the provisioning of Kubernetes environments for developer users. I'd like to regularly rotate the resources of kind 'secret' that are inside these environments. Furthermore, I'd only ...
0
votes
0
answers
55
views
Migrate OAuth2/OpenID configuration back from Azure to onsite ADFS 4 (windows server 2022 / 2019 / 2016)
Desperate noob here... my question is somewhat related to "Migrating from Azure AD SSO authentication to ADFS" and "Installing ADFS in Azure for Internal-Only access" though these ...
0
votes
0
answers
129
views
How can I configure gitlab and nginx as a reverse proxy with SSL authenticating to Azure AD?
I've been pushing on this for days, I'm really hoping some kind soul can help.
Nginx is sitting on an Ubuntu machine in Azure. On that same machine, Docker engine is running a Gitlab container (which ...
0
votes
0
answers
111
views
Control sudoers using oidc user data
I am implementing a Linux host login using the OpenID Connect PAM module. I use Keycloak as OIDC Identity Provider. Googling, I didn't find a solution to control the sudoers file using OIDC data (like ...
0
votes
0
answers
84
views
Can Keycloak/ADFS/RedHat work as an OpenID (not ~ Connect) identity provider?
For a long time I've been wanting to deploy an OpenID IdP of the ones that didn't caught on that you entered and address, i.e; an OpenID, and the service would take you to your IdP SAML-style where ...
0
votes
0
answers
280
views
Azure AD app registration - possible to modify or transform email claim provided by OIDC SSO?
We have two instances of a SaaS app from a vendor that have SSO capabilities using OIDC. Our app users are differentiated based on the provided email address when logging in using the login page ...
0
votes
1
answer
316
views
IAP with Google Identity Platform throws "Failed to fetch the discovery document from issuer"
I have activated Identity Aware Proxy on a GCP Load Balancer and configured it to authenticate the users against my OIDC Identity Provider (Auth0) through Google Identity Platform with a default login ...
0
votes
0
answers
402
views
cross domain cookie with openid connect
my app allows users to login with openid connect on a openid provider site in www.domain1.com/login, when the user(me in this case) directly calls that url i can see that the browser sees a ...
0
votes
0
answers
61
views
AzureAD OpenID Connect JWT "platf" claim value
I am setting up an application that will use AzureAD as an OpenID Connect IDP for authentication. I want to know if the authenticating device is an AzureAD "managed" or "compliant" device at the ...
0
votes
1
answer
1k
views
Apache "require valid-user" is valid across multiple auth types
Our Apache uses both mod_shib_24 (SAML-SP) and mod_auth_openidc (OIDC-RP), which both are connected to a Shibboleth IdP (acts as both SAML-IDP and OIDC-OP).
Furthermore we have 2 protected locations, ...
0
votes
1
answer
116
views
Is there an SSO mechanism supported as widely as LDAP?
LDAP is pretty amazing. It lets you set up a bunch of web services that all share a common user database (or rather, directory), so you can have a WordPress installation, a NextCloud, a MediaWiki etc, ...
0
votes
1
answer
2k
views
Protecting Apache uri with keycloak auth
I'm trying to configure Apache and Keyloak to grant access to users according to their roles.
I'm trying to start with a simple configuration. so I created directory called demo1 in /var/www/ and ...
0
votes
1
answer
204
views
GitLab OpenID Connect Provider - User info missing email claim
I have asked this question on the GitLab forum as well: https://forum.gitlab.com/t/openid-connect-user-info-missing-email-claim/21902
I’m not familiar with OAuth or OpenID Connect.
I’m having ...
0
votes
1
answer
355
views
Server denied check_authentication after migration of Drupal
I just moved a drupal website from one server to another.
On the original server the site was set up directly in apache.
On the new server, i have a docker layer in between:
The machine runs a debian ...
0
votes
1
answer
62
views
Lotus Domino as Amazon IAM Identity Provider
I am looking for the way to configure our corporate Lotus Domino server as an Idenity Provider of Amazon IAM service. Amazon supports SAML and OpenID Provider Types. Can I configure Domino server that ...
0
votes
1
answer
462
views
SimpleSAMLphp OpenID Consumer
I'm using SimpleSAMLphp as an OpenID Consumer and no openID provider I tried seems to work.
I always get the following error:
Exception during login: SimpleSAML_Error_BadRequest: BADREQUEST('%REASON%'...
0
votes
1
answer
48
views
Have simpleid also provide the identifier
I have a running simpleid installation, and I use my own homepage as the identifier. Now I want to add a user to simpleid who does not have a homepage or similar.
Does simpleid provide an identifier ...
0
votes
1
answer
321
views
Single sign-on with Chef
I'm getting my personal infrastructure set up (Gitlab, Jenkins, etc.) and I'm planning on using OpenID for single sign-on. I understand that SSO works for Gitlab and Jenkins.
Would I be able to ...
0
votes
1
answer
73
views
how can you use openID to authenticate different kind of users?
How can you have users authenticate on a web site with different permissions.
I would like to have administrator, superuser, collaborators and normal users.
In particular, I would like to restrict ...