Login

Recent searches

No recent searches

Search options

Only available when logged in.
social.coop is one of the many independent Mastodon servers you can use to participate in the fediverse.
A Fediverse instance for people interested in cooperative and collective projects. If you are interested in joining our community, please apply at https://join.social.coop/registration-form.html.

Administered by:

Server stats:

490
active users

social.coop: AboutStatusProfiles directoryPrivacy policy

Mastodon: AboutGet the appKeyboard shortcutsView source codev4.3.4

#saml

0 posts0 participants0 posts today
Chris Wysopal<p>These SAMLStorm vulnerabilities have been public for a couple weeks now. Anyone seeing exploitation in the wild? How’s patching going across vendors and infra? <a href="https://infosec.exchange/tags/infosec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>infosec</span></a> <a href="https://infosec.exchange/tags/SAML" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>SAML</span></a> <a href="https://infosec.exchange/tags/NodeJS" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>NodeJS</span></a> <a href="https://infosec.exchange/tags/AppSec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>AppSec</span></a></p>
pelzvieh<p>Du verwendest <a href="https://mastodon.flying-snail.de/tags/SAML" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>SAML</span></a> <a href="https://mastodon.flying-snail.de/tags/Authentifizierung" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Authentifizierung</span></a>?<br>Die letzten <a href="https://mastodon.flying-snail.de/tags/Mastodon" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Mastodon</span></a> <a href="https://mastodon.flying-snail.de/tags/Releases" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Releases</span></a> enthalten wichtige Sicherheitsupdates.<br><a href="https://github.com/mastodon/mastodon/releases" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">github.com/mastodon/mastodon/r</span><span class="invisible">eleases</span></a></p>
Bill<p>Hivemind:</p><p>Roll your own SAML (like, no IdP)?</p><p><a href="https://infosec.exchange/tags/appsec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>appsec</span></a> <a href="https://infosec.exchange/tags/infosec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>infosec</span></a> <a href="https://infosec.exchange/tags/SAML" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>SAML</span></a></p>
Olly 👾<p>:github: GitHub uncovers new Ruby-SAML Vulnerabilities allowing Account Takeover Attacks.</p><p>Two high-severity security flaws have been disclosed in the open-source ruby-saml library that could allow malicious actors to bypass Security Assertion Markup Language (SAML) authentication protections.</p><p><a href="https://github.blog/security/sign-in-as-anyone-bypassing-saml-sso-authentication-with-parser-differentials/" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">github.blog/security/sign-in-a</span><span class="invisible">s-anyone-bypassing-saml-sso-authentication-with-parser-differentials/</span></a></p><p><a href="https://nerdculture.de/tags/github" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>github</span></a> <a href="https://nerdculture.de/tags/ruby" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>ruby</span></a> <a href="https://nerdculture.de/tags/saml" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>saml</span></a> <a href="https://nerdculture.de/tags/library" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>library</span></a> <a href="https://nerdculture.de/tags/it" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>it</span></a> <a href="https://nerdculture.de/tags/security" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>security</span></a> <a href="https://nerdculture.de/tags/privacy" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>privacy</span></a> <a href="https://nerdculture.de/tags/engineer" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>engineer</span></a> <a href="https://nerdculture.de/tags/media" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>media</span></a> <a href="https://nerdculture.de/tags/programming" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>programming</span></a> <a href="https://nerdculture.de/tags/tech" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>tech</span></a> <a href="https://nerdculture.de/tags/news" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>news</span></a></p>
Hacker News<p>Sign in as anyone: Bypassing SAML SSO authentication with parser differentials</p><p><a href="https://github.blog/security/sign-in-as-anyone-bypassing-saml-sso-authentication-with-parser-differentials/" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">github.blog/security/sign-in-a</span><span class="invisible">s-anyone-bypassing-saml-sso-authentication-with-parser-differentials/</span></a></p><p><a href="https://mastodon.social/tags/HackerNews" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>HackerNews</span></a> <a href="https://mastodon.social/tags/SAML" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>SAML</span></a> <a href="https://mastodon.social/tags/SSO" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>SSO</span></a> <a href="https://mastodon.social/tags/Authentication" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Authentication</span></a> <a href="https://mastodon.social/tags/Bypass" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Bypass</span></a> <a href="https://mastodon.social/tags/Security" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Security</span></a> <a href="https://mastodon.social/tags/ParserDifferentials" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>ParserDifferentials</span></a> <a href="https://mastodon.social/tags/Cybersecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Cybersecurity</span></a> <a href="https://mastodon.social/tags/Vulnerability" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Vulnerability</span></a></p>
Public
sekurak News

GitLab naprawia podatności związane z biblioteką ruby-saml

GitLab ogłosił wydanie nowych wersji oprogramowania. Aktualizacja dotyczy zarówno Community Edition, jak i Enterprise Edition. Poprawione wersje to  17.9.2, 17.8.5 oraz 17.7.7. Najważniejsza poprawka dotyczy dwóch podatności (CVE-2025-25291, CVE-2025-25292), zgłoszonych w bibliotece ruby-saml, która jest wykorzystywana przez GitLab do SAML SSO (security assertion markup language; single sign-on). W pewnych okolicznościach...

#WBiegu #Cve #Gitlab #Graphql #Podatności #Rce #Ruby #Saml

sekurak.pl/gitlab-naprawia-pod

Sekurak · GitLab naprawia podatności związane z biblioteką ruby-samlGitLab ogłosił wydanie nowych wersji oprogramowania. Aktualizacja dotyczy zarówno Community Edition, jak i Enterprise Edition. Poprawione wersje to  17.9.2, 17.8.5 oraz 17.7.7. Najważniejsza poprawka dotyczy dwóch podatności (CVE-2025-25291, CVE-2025-25292), zgłoszonych w bibliotece ruby-saml, która jest wykorzystywana przez GitLab do SAML SSO (security assertion markup language; single sign-on). W pewnych okolicznościach...
Public
hikari

USSO is a third-party cookie-based SSO (for now), built to work across multiple domains and businesses. It has been in development for over a year by Mahdi Kiani.

Right now, it's written in Python, but a Go rewrite is coming soon. After the rewrite, OAuth, SAML, and other authentication methods will be added.

For now, USSO doesn’t have a frontend to manage all SSO operations, but everything is available through an API.

A couple of microservices also work with USSO:

A global S3-based file manager

UFAAS, a Function-as-a-Service platform, optimized for Iran

UFAAS currently only supports IRT/IRR currencies and integrates with Iranian payment gateways, but accounts can also be manually charged.

A Rust module for USSO has also been released, making it easier to integrate with Rust-based applications. Additionally, I've recently joined the development team.

USSO is planned to be used on Parch Linux, and detailed deployment documentation will be written for all major platforms, including cloud, Docker, Kubernetes, and Jails.

Mahdi Kiani on X: x.com/mahdikiani
Project GitHub: github.com/ussoio
The File Manager: github.com/ufilesorg
FaaS: github.com/ufaasio
profile manager based on usso: github.com/uprofile
rustcrate: crates.io/crates/usso

X (formerly Twitter)مهدی کیانی (@mahdikiani) on Xدر تلاش برای بنده بودن، شوهر، پدر، کمی کارآفرین با زاویه نگاه فنی
#USSO#SSO#OAuth
Public
Silke Meyer

Dear Keycloak friends, I would love to hear if/how you use category-specific logging! What do you recommend to sysadmins interested in database + ldap interaction, caching, user events/errors, the user attributes that are actually sent to clients - without getting spammed with other things at the same time. Would you mind sharing your start settings for "--log-level"? Boosts welcome!

keycloak.org/server/logging#_c

www.keycloak.orgConfiguring logging - KeycloakKeycloak is an open source identity and access management solution
#keycloak#sso#singlesignon
Public
Silke Meyer

Im Hinblick auf den Keycloak Identity Provider kann man sich übrigens bei openDesk schön angucken, wie die verschiedenen Clients angebunden sind. Der vorkonfigurierte Keycloak ist auch ein tolles Beispiel für eine möglichst datensparsame/gezielte Freigabe von Nutzerattributen an die angebundenen Anwendungen.

gitlab.opencode.de/bmi/opendes

Screenshot aus Keycloaks Admin-Oberfläche mit der Liste der vorkonfigurierten Anwendungen: Univention Portal/UMC, Guardian, Intercom Service, Matrix, Jitsi, OX Appsuite, Dovecot, Nextcloud, Openproject und XWiki.
#openDesk#Keycloak#sso
ExploreLive feeds
About