Is there a dead simple guide to keycloak authorization policies?
I basically want to prevent all users from accessing an application unless they have a specific role (which grants them access through their group)
The policy seemingly always evaluates as deny for now, even though there's sometimes a permit, but even with it evaluating to deny, I can still login to the application?
It's amazing to see that #DeGoogling is possible. 馃槑馃檶
Share your favorite DeGoogle apps in the comments!
Server side: @doncow, @nextcloud, some #Fediverse projects, #Matrix (Synapse) #Keycloak for SSO
Client side (Linux): #Evolution, #Libreoffice, #Librewolf
Mobile ( @GrapheneOS ): #FairEmail, #Firefox, some Fediverse clients, Matrix client
On weekend I managed to connect all my selfhosted services that support it to the #Keycloak#SSO (single sign on).
Namely #Mastodon#Peertube#NextCloud #FreshRSS#Matomo and #grafana
Why to bother with such complication for apps serving only a couple of users?
First it's quite easy nowadays.
And second, because I want to get rid of passwords and just use #passkeys .
This is one of many examples showing that good apps should just focus on one task and just use standards to cooperate with other apps focusing on other tasks.
Peertube for example focuses on videos, not user management. I am very OK that they don't support passkeys, because they implemented OpenId Connect standard to allow me use Keycloak for better login options.
On the other hand, I am quite sad that SSO is often the one feature, that is proprietary and reserved only for paying customers. SSO is not for huge corporations anymore. It's also usefull for us, selfhosters with couple of users.
鉂わ笍 
On weekend I managed to connect all my selfhosted services that support it to the #Keycloak#SSO (single sign on).
Namely #Mastodon#Peertube#NextCloud #FreshRSS#Matomo and #grafana
Why to bother with such complication for apps serving only a couple of users?
First it's quite easy nowadays.
And second, because I want to get rid of passwords and just use #passkeys .
This is one of many examples showing that good apps should just focus on one task and just use standards to cooperate with other apps focusing on other tasks.
Peertube for example focuses on videos, not user management. I am very OK that they don't support passkeys, because they implemented OpenId Connect standard to allow me use Keycloak for better login options.
On the other hand, I am quite sad that SSO is often the one feature, that is proprietary and reserved only for paying customers. SSO is not for huge corporations anymore. It's also usefull for us, selfhosters with couple of users.
鉂わ笍
Kurzer Nachtrag, ich m枚chte ja auch L枚sungen liefern:
Sollte jemand interesse an einer skalierbaren, sicheren und preiswerten Infrastruktur inkl. Chat, Video, Cloud (inkl Collabora), Wiki, Mastodon, sowie Groupware (open XChange) und IDM an alle Dienste interessiert sein, gerne melden. Wir haben dieses System letztes Jahr mit dem Relaunch des NABU-Netz komplett auf open-source Basis f眉r mehrere tausend Personen bereits umgesetzt.
#opensource #naturschutz #datenschutz #kubernetes #opencloud #matrix #keycloak #bookstack #opentofu #openxchange #mastodon #jitsi
A space for Bonfire maintainers and contributors to communicate
