Finally got Forgejo running on Kubernetes with single-sign-on based on Kanidm!

Took me one day of work, which I'm not sure if it's a good or a bad thing…

#Forgejo #Kubernetes #Kanidm

20250205 3369 firefox pin by Firstyear · Pull Request #3403 · kanidm/kanidm Improve error message when passkey is missing PIN Firefox still doesn't support setting a PIN on new devices. Because of this we need a way to return a better error message for devices that do...

kanidm seems to be a cool project

managed to deploy it pretty quickly and without any issues

(and also found out that i never set a pin on my yubikey in the process for _firefox reasons_)

#kanidm

Over the last few weeks, I've spent some time on and off researching a good way to do Authn and Authz, and struggled quite a bit with the number of options available. Not completely understanding what I'm doing/how to search for my requirements, I've first started trying Logto (but that an UI clicking contest to set up), then going for kanidm without realizing this doesn't have support for a public sign in form, which is something I need. And just now when I'm relatively sure that Better Auth fits my needs quite well, I've discovered Stack Auth via this nice website: https://www.auth0alternatives.com/ Man, if I only would've found this 4 weeks earlier.

Auth

#Auth #BetterAuth #ZITADEL #StackAuth #Logto #kanidm

#Kanidm #webadmin #vibecoding in progress

Migration from #LLDAP to #Kanidm didn't go as planned. Seems Kanidm is a rather shitty LDAP server, and being read-only is not the issue. You're able to query using 'cn', but cn is not among the results, as well as givenName, uid, or mail (there is actually a workaround to get that one).
1/2

2nd day #vibecoding - looking good. #kanidm #openai #codex

Kanidm Web UI - the more dumb the prompt you put in, the better results you get. But there is progress .. #OpenAI #Codex #Kanidm

Why don't all authentication services / tools not check one-time passwords (OTPs) before the password, like #kanidm does? it makes so much more sense. #infosec

OpenPubkey SSH (OPKSSH) with Kanidm as Identity Provider Setting up OpenPubkey SSH with Kanidm as the Identity Provider.

#Cloudflare released OpenPubkey SSH #opkssh less than a month ago and the project already hit 1k ⭐ on GitHub!
Since I wrote about #kanidm the other day, I thought it be fun to see how easy it is to run OPKSSH with your own #IdP, actually pretty easy: blog.kammel.dev/post/opkssh/

Kubernetes Home Lab in 2025: Part 6 - Identity & Access Management A good Identity and Access Management (IAM) system is often overlooked in smaller environments and homelabs. Why is that?

This week we will explore how to secure your #Kubernetes cluster using #passkeys and #OIDC for a secure and user-friendly (because we actually like UX) log-in flow. We deploy our own identity provider using #kanidm for a truely self-hosted #homelab experience!

blog.kammel.dev/post/k8s_hom...