Silke Meyer<p>Guten Morgen! Am 11. Juni findet wieder meine ganztägige Keycloak-Schulung statt und es gibt noch ein paar freie Plätze. Die Zielgruppe sind Admin*s, die den von <span class="h-card" translate="no"><a href="https://univention.social/@univention" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>univention</span></a></span> ausgelieferten Keycloak in Verbindung mit UCS einsetzen. SSO-Vorkenntnisse sind nicht nötig. Falls noch jemand teilnehmen möchte, sind hier die Details zur Anmeldung:</p><p><a href="https://www.univention.de/training/keycloak/" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">univention.de/training/keycloa</span><span class="invisible">k/</span></a></p><p><a href="https://univention.social/tags/Keycloak" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Keycloak</span></a> <a href="https://univention.social/tags/singlesignon" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>singlesignon</span></a> <a href="https://univention.social/tags/oidc" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>oidc</span></a> <a href="https://univention.social/tags/saml" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>saml</span></a> <a href="https://univention.social/tags/univention" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>univention</span></a></p>
Recent searches
No recent searches
Search options
Only available when logged in.
shakedown.social is one of the many independent Mastodon servers you can use to participate in the fediverse.
A community for live music fans with roots in the jam scene. Shakedown Social is run by a team of volunteers (led by @clifff and @sethadam1) and funded by donations.
Administered by:
Server stats:
243active users
shakedown.social: About · Status · Profiles directory · Privacy policy
Mastodon: About · Get the app · Keyboard shortcuts · View source code · v4.3.7
#singlesignon
0 posts · 0 participants · 0 posts today
Silke Meyer<p>Ein kurzer Werbe-Einschub, wenn Ihr gestattet: Hab gerade gesehen, dass in "meiner" Keycloak-Schulung am 25.3. noch ein einziger Platz frei ist. Die ganztägige Schulung richtet sich an Admin*s, die den von <span class="h-card" translate="no"><a href="https://univention.social/@univention" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>univention</span></a></span> ausgelieferten Keycloak in Verbindung mit UCS einsetzen. Falls noch jemand mag, sind hier die Details: <a href="https://www.univention.de/training/keycloak/" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">univention.de/training/keycloa</span><span class="invisible">k/</span></a></p><p><a href="https://univention.social/tags/Keycloak" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Keycloak</span></a> <a href="https://univention.social/tags/singlesignon" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>singlesignon</span></a> <a href="https://univention.social/tags/training" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>training</span></a> <a href="https://univention.social/tags/schulung" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>schulung</span></a> <a href="https://univention.social/tags/univention" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>univention</span></a></p>
Jupiter Rowland@<a href="https://io.waxandleather.com/@alisynthesis" rel="nofollow noopener noreferrer" target="_blank">Alison Wilder</a> Because if you want full-blown user rights and all the same features as a local user on <em>all</em> over 30,000 Fediverse instances, you need a local user account on each one of them.<br><br>This means two things:<br><ul><li>If you come over to the Fediverse for the first time, and you register your first account on Mastodon, you automatically also register an account on 30,000+ more instances.</li><li>If you decide to host your own instance of whatever, and you spin it up for the first time, your instance immediately creates tens of millions of user accounts. One for everyone who has ever joined the Fediverse. Because anyone may decide to come over to your instance and use it, just like so.</li></ul><br>For one, this is utter overkill.<br><br>Besides, this is technologically impossible. This would require <em>all Fediverse instances</em> to know <em>all other Fediverse instances</em>. With no exceptions. Like, if I start up my own (streams) instance for the first time, and half a second later, someone on the other side of the globe starts up a Gancio instance, they would immediately have to know each other. And all the other instances in the Fediverse.<br><br>And, of course, it would require a newly-launched instance to know <em>all Fediverse users</em>. Again, with no exception.<br><br>How and from which source are they supposed to know?<br><br>That said, there is a single sign-on system for the Fediverse. It's called <a href="https://magicsignon.org/page/openwebauth/home" rel="nofollow noopener noreferrer" target="_blank">OpenWebAuth</a>. It was created by @<a class="" href="https://fediversity.site/channel/mikedev" rel="nofollow noopener noreferrer" target="_blank">Mike Macgirvin 🖥️</a> (creator of Friendica and all its descendants) in the late 2010s already for now-defunct <a href="https://joinfediverse.wiki/The_Zotlabs_projects#Zap" rel="nofollow noopener noreferrer" target="_blank">Zap</a>, a fork (of a fork?) of <a href="https://joinfediverse.wiki/Hubzilla" rel="nofollow noopener noreferrer" target="_blank">Hubzilla</a> which, in turn, is a fork of the currently hyped Facebook alternative <a href="https://joinfediverse.wiki/Friendica" rel="nofollow noopener noreferrer" target="_blank">Friendica</a>. It was backported to Hubzilla in 2020. Everything that came after Zap, including the still existing <a href="https://joinfediverse.wiki/(streams)" rel="nofollow noopener noreferrer" target="_blank">streams repository</a>, got it, too.<br><br>However, first of all, OpenWebAuth is only fully implemented on Hubzilla, (streams) and Forte. Plus, it has client-side support on Friendica. This means that Hubzilla, (streams) and Forte recognise logins on all four, but Friendica doesn't recognise logins from anywhere.<br><br>As for Mastodon, OpenWebAuth implementation was actually developed to the point of an official merge request in Mastodon's GitHub repository. As far as I know, it was rejected. Mastodon won't implement OpenWebAuth, full stop.<br><br>Besides, it doesn't give you all the same power as a local user. You can't log into Friendica, go to a Hubzilla hub and create a wiki or a webpage or a CalDAV calendar, just like so.<br><br>OpenWebAuth is only for guest permissions. Because on Hubzilla, (streams) and Forte, permissions are everything.<br><br>For example, let's assume you have an account and a channel on (streams). Let's also assume that your (streams) channel and this Hubzilla channel of mine here are connected. Furthermore, let's assume that I've decided to only allow my own full connections to see my profile.<br><br>If you're logged out, and you go to my profile page, you see nothing.<br><br>But then you log in. And you come back to my profile page (provided your browser is configured so that the Hubzilla hub that I call home is allowed to create cookies). My home hub recognises your login on (streams). It identifies you as you, as one of my contacts. Thus, it identifies you as someone who is permitted to see my profile.<br><br>And all of a sudden, you see my profile.<br><br>That, for example, is what OpenWebAuth is for.<br><br>#<a class="" href="https://hub.netzgemeinde.eu/search?tag=Long" rel="nofollow noopener noreferrer" target="_blank">Long</a> #<a class="" href="https://hub.netzgemeinde.eu/search?tag=LongPost" rel="nofollow noopener noreferrer" target="_blank">LongPost</a> #<a class="" href="https://hub.netzgemeinde.eu/search?tag=CWLong" rel="nofollow noopener noreferrer" target="_blank">CWLong</a> #<a class="" href="https://hub.netzgemeinde.eu/search?tag=CWLongPost" rel="nofollow noopener noreferrer" target="_blank">CWLongPost</a> #<a class="" href="https://hub.netzgemeinde.eu/search?tag=FediMeta" rel="nofollow noopener noreferrer" target="_blank">FediMeta</a> #<a class="" href="https://hub.netzgemeinde.eu/search?tag=FediverseMeta" rel="nofollow noopener noreferrer" target="_blank">FediverseMeta</a> #<a class="" href="https://hub.netzgemeinde.eu/search?tag=CWFediMeta" rel="nofollow noopener noreferrer" target="_blank">CWFediMeta</a> #<a class="" href="https://hub.netzgemeinde.eu/search?tag=CWFediverseMeta" rel="nofollow noopener noreferrer" target="_blank">CWFediverseMeta</a> #<a class="" href="https://hub.netzgemeinde.eu/search?tag=Fediverse" rel="nofollow noopener noreferrer" target="_blank">Fediverse</a> #<a class="" href="https://hub.netzgemeinde.eu/search?tag=Friendica" rel="nofollow noopener noreferrer" target="_blank">Friendica</a> #<a class="" href="https://hub.netzgemeinde.eu/search?tag=Hubzilla" rel="nofollow noopener noreferrer" target="_blank">Hubzilla</a> #<a class="" href="https://hub.netzgemeinde.eu/search?tag=Zap" rel="nofollow noopener noreferrer" target="_blank">Zap</a> #<a class="" href="https://hub.netzgemeinde.eu/search?tag=Streams" rel="nofollow noopener noreferrer" target="_blank">Streams</a> #<a class="" href="https://hub.netzgemeinde.eu/search?tag=%28streams%29" rel="nofollow noopener noreferrer" target="_blank">(streams)</a> #<a class="" href="https://hub.netzgemeinde.eu/search?tag=Forte" rel="nofollow noopener noreferrer" target="_blank">Forte</a> #<a class="" href="https://hub.netzgemeinde.eu/search?tag=SingleSignOn" rel="nofollow noopener noreferrer" target="_blank">SingleSignOn</a> #<a class="" href="https://hub.netzgemeinde.eu/search?tag=OpenWebAuth" rel="nofollow noopener noreferrer" target="_blank">OpenWebAuth</a>
Kevin Karhan :verified:<p><span class="h-card" translate="no"><a href="https://anarres.family/@alex" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>alex</span></a></span> <span class="h-card" translate="no"><a href="https://kind.social/@EverBeyondReach" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>EverBeyondReach</span></a></span> <a href="https://infosec.space/tags/SSO" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>SSO</span></a> before <a href="https://infosec.space/tags/SingleSignOn" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>SingleSignOn</span></a> was even envisioned! </p><p><a href="https://infosec.space/tags/Multipass" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Multipass</span></a> <a href="https://infosec.space/tags/FifthElement" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>FifthElement</span></a> <a href="https://infosec.space/tags/Meme" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Meme</span></a> <a href="https://infosec.space/tags/LeeloDallas" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>LeeloDallas</span></a> <a href="https://infosec.space/tags/Leelo" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Leelo</span></a> <a href="https://infosec.space/tags/Movie" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Movie</span></a></p>
Alan Martello<p><span class="h-card"><a href="https://vancity.social/@jon" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>jon</span></a></span> <span class="h-card"><a href="https://venera.social/profile/fediversenews" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>fediversenews</span></a></span> <span class="h-card"><a href="https://hub.netzgemeinde.eu/channel/jupiter_rowland" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>jupiter_rowland</span></a></span> I’m slightly more optimistic. </p><p>I think people are getting fed up with having all the apps: Twitter, FB, Tik-Tok, Instagram and the friction going between them all and not being able to find a friend on a given app.</p><p>If the Fediverse provides less friction - through new apps that evolve to support multiple services simultaneously along with <a href="https://hachyderm.io/tags/NomadicIdentity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>NomadicIdentity</span></a> or <a href="https://hachyderm.io/tags/SingleSignOn" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>SingleSignOn</span></a> - then I think folks will migrate.</p>
Paranoid Factoid<p>1.</p><p>The first is <a href="https://mastodon.social/tags/SingleSignOn" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>SingleSignOn</span></a>. BUT, most of the ActivityPub services actually have SSO as an option. At the very least, Mastodon, PixelFed, PeerTube, and I think Lemmy, have an option for OpenID-Connect. And HubZilla has it's own SSO approach (which I think is also OpenID based). </p><p>So it is POSSIBLE right now (or in the near term) to integrate authentication. Certainly, on the same server hosting multiple services.</p><p>Account creation complexity is an impediment to adoption.</p>
ExploreLive feeds
Mastodon is the best way to keep up with what's happening.
Follow anyone across the fediverse and see it all in chronological order. No algorithms, ads, or clickbait in sight.
Create accountLoginDrag & drop to upload