wow, I'm actually surprised we haven't made (any) progress on FIDO2 despite the few suggestions...it's sad...
adisonverlice2
Posts
-
passwordless.dev -
passwordless.dev@crazybrad I see.
btw, you'll have to explain it in word form, I'm blind and my screen reader does not work in some cases with images.
if not, I've been testing something like astica cognitive AI, so I might be able to use artificial intelligence to scan it. -
passwordless.dev@crazybrad o not a prob;em. I advocate for more secure solutions like web authn, so I thought I'd share it.
and yeah, loll, they're basically giving us jef basos amount of users leol.
of course, this would be a different issue if we were using it with, say, vaultwarden, but bitwarden has it's own authentication methods with FIDO2.
we would use passwordless for securing admin data for the my domain and OIDC my domains.
also, would you be willing to share a summery of that from yubiko's end? or in a separate post?
if not, it's fine, I think though it would help in implementing things like passwordlesss and stuf like that. -
passwordless.devand while it's out of this posts skope, there is a program called fido2-lib, but I would like passwordlessdev more because it gives you more flexibility and you don't have to necisarily worry about compatiblity.
this post from bitwarden also covers how they do bitwarden FIDO2 auth on their password manager if you're interested -
passwordless.dev@necrevistonnezr thank you.
also, I myself do not need that much users, I don't have a thousand employees, I have around 5 employees.
that's what I plan to use passwordless.dev for -
passwordless.devhi everybody.
I wantt cloudron ot have a application called passwordless.dev
@nebulon if I remember correctly, said 2FA via passkey is not supported very well in cloudron.
however, with passwordless, all you would have to do is install a few libraries, which makes it easy, and the user would have to just provide an API key and such in their dashboard to get logged in. -
question about SAML authentication@mrhyk93 well actually, I did get openID connect to work with cloudflare access to cloudron.
the only caviot is that it can only except 35 characters for the secret.
they also except Google authentication, Facebook, and GitHub.
however, when using duo, that is, for cloudflareaccess, only supported for SAML.
while duo has generic OIDC, AD or SAML needs to be configured, and if i'm correct, cloudron, by itself, does not hold AD, just things like lDAP, with no actual AD. -
many authentication methodsgreetings guys.
I would like to propose there should be other ways to authenticate than just username, password, or even TOTP.
1 of the things you could do is allow for the Google oauth2.0 options, if the administrator has a Google cloud console client Id and secret. right now, as it is I'd have to configure my instence via cloudflare, and make it to where cloudflare access must be accessed first, then go through the tredissional authentication process
yes, that is my cloudflare access setup, which, lol, feel free to break into, you won't find anything. but that's becides the point.
another possibility is to intigrate something like the duo auth API, kinda like vaultwarden does.duo has many authentication options, like security key, hardware token, and SMS gateway, features cloudrons athentication doesn't have. it would also make it easier.
there should also be more oauth options, like Facebook GitHub, discord, etc.
if we had oauth options, this would allow for more authentication choice, and it would probably be more secure.
for example, suno AI, into order to log into their applications, you
must
use oauth.
I also forgot that if you used duo security, you wouldn't even have to worry about the Fido implementation. just sign up for duo, and you're good. oauth like Google also support Fido. so you're killing a couple of birds with a couple of features.
I find it a little disappointing how cloudron doesn't have much authentication options.
o another suggestion, the 2FA token option should only be presented when the correct username and password are entered.
as a hacker, if I see that, I will know you have a TOTP before even the username and password is entered, and try t exploit it.
thanks -
Keycloak & Cloudronwait, so how do I use this with cloudron?
-
question about SAML authentication@brerlapn I don't know if my message came through, but in case I didn't, I basically asked if keycloak was a cloudron application? if not, how can I get it using cloudron?
-
question about SAML authentication@brerlapn heard of it, but is it a cloudron app? if so, I think it needs to be
-
Chatbot UI for ChatGPTy'know, I would love to see AI chatbots on cloudron. if there are any. lol
it's been a while sense i've used cloudron. -
some good news finally..I finally have some good news.
remember when I lost my original domain?
well the good news is, I managed to get in contact with 1 of my admins, who access to the cloudflare dashboard, and was finally able to get back into my domain. I have enough admin access to where I can do well, everything. it may not be my OG account, but I did manage to get my access back with a new account, which is great.
i've ebbn trying to get that superier to get things back, and finally I have it.
now Alex is gonna get a synology Nas in his home, and we'll host things off that.
might have him get a firewall, just for good measure.
editionally, I might have him search for a firewall, just for good measure.
still would be nice to get cloudron working with cloudflare tunnel...
this time, I have saved and backed up my codes so I won't lose access again -
question about SAML authenticationwait someone upvoted my post?
-
question about SAML authentication@nebulon I see...
-
question about SAML authentication@nebulon 1. wait how did this post get moved and to what category? and2. I see. our SSO provider, duo, wants our SAML credentials, and wants an IDP. because of financial strains, we cannot get an IDP like Google workspace, or entra ID, etc.
I've been looking for a free 1, but cannot find any good 1's, that's why I was wondering. duo also has active directory, but it needs the duo proxy service installed, and I don't know if it'll support LDAP or whatever it uses... -
question about SAML authenticationhello.
I was wondering if cloudron could act as a SAML2.0 IDP for users.
thanks in advance -
character.aiaw ok i will when i find1
-
character.aihey:
was wondering, does cloudron have anything similar to character.ai?
i was just wondering.
thanks -
OTP requesthi.
i had a thought in me the other day.
what if in stead of using a regular oll password, users could use OTP methods, like TOTP or yubikey OTP?
and not just for 2FA, but for actual logins.
this, from my understanding, would also decrease the chance of a hacker getting in, as they would need the OTP, and not just 1 20 character password.
of course, this could be fished, but this could easily be stopped via employee education. and well, passwords can be fished anyway.