please-open.it

Lock your session without logging out in Keycloak by using a PIN code blog.please-open.it/posts/acr-loa-…

oauth2proxy configuration generator for Keycloak blog.please-open.it/posts/oauth2pr…

European Companies: if you host your data with a US cloud provider, you are not GDPR-compliant. ⚠️ The Cloud Act overrides data location. Yes, even if your servers are in Europe. ⬇️ blog.please-open.it/posts/cloud-ac…

An authentication proxy is the best pattern for deploying SSO on existing and new apps. The proxy is in charge of the authentication mechanism, the application receive authenticated requests with the user's details in HTTP Headers. blog.please-open.it/posts/auth-pro…

@hanxhx_ @YodaBZH @sebi2706 @clever_cloudFR @keycloak super merci ! est-ce que tu as essayé de provisionner plutôt directement depuis un export de royaume ? Est-ce que le provisioning qu'on te propose via les variables pour créer un client "opentofu" suffiraient pas ?

@PleaseOpen_It @YodaBZH @sebi2706 @clever_cloudFR @keycloak Actuellement, je fais à la mano puis je lance opentofu. Voilà ma doc interne. Il y a des trucs à automatiser pour que ça soit top moumoute 😁

[𝗤𝗨𝗢𝗜 𝗗𝗘 𝗡𝗘𝗨𝗙] Clever Cloud évolue. Une plateforme plus flexible, un K8S managé qui arrive, 2 nouveaux points de présence, un PaaS MAJ en continu, des services managés renforcés et une Console en refonte. Un cloud qui s’adapte à vos usages : clever.cloud/fr/blog/entrep…

@hanxhx_ @YodaBZH @sebi2706 @clever_cloudFR @keycloak fabuleux 😍 tu utilises CC_KEYCLOAK_BOOTSTRAP_ADMIN_CLIENT_ID et CC_KEYCLOAK_BOOTSTRAP_ADMIN_CLIENT_SECRET pour ton provisioning automatique ? Surtout n'hésites pas à nous faire des retours, on essaye de faire le service qui colle le plus avec les demandes client !

@YodaBZH @sebi2706 @clever_cloudFR @keycloak Et voilà github.com/CleverCloud/te… Si besoin on peut se faire une visio 🖐️ A terme, il est possible que je fasse de l'instance dédiée pour mes clients... ce genre de chose me sera indispensable. Pour l'instant je m'en passe très bien 🙂

After oidc-bash, we tried to make a JWT Decoder in bash. It was so complicated with the signatures! github.com/please-openit/…

Another module for Keycloak : user attribute regexp mapper Because in Keycloak user attributes are multivalued (with ability to aggregate them with "user attribute mapper"), we added a regexp filter only to send back attribute if it matches. github.com/please-openit/…

New Keycloak module : groups regexp mapper. Map only groups (to a token, userinfo...) that only matches to a RegExp github.com/please-openit/…

Keycloak has announced "workflows" as a preview feature. A welcome feature we already implemented years ago with... n8n. This is how we did : blog.please-open.it/posts/keycloak…

Postgres 18 now supports oauth2.0 authentication 🥳 postgresql.org/docs/18/auth-o… postgresql.org/docs/18/libpq-…

Map HTTP headers to claims in tokens. We built this to support locales during a client_credentials authentication process blog.please-open.it/posts/keycloak…

We built a desktop JWT decoder, directly accessible from the system tray : blog.please-open.it/posts/jwt_deco… github.com/please-openit/…

An authenticator to match rfc8252 8.12 ! "native apps MUST NOT use embedded user-agents to perform authorization requests and allows that authorization endpoints MAY take steps to detect and block authorization requests in embedded user-agents" blog.please-open.it/posts/user-age…

oidc-bash github.com/please-openit/… now supports PKCE thanks to @ricsanfre

Retrouvez-nous le 29/04 pour découvrir ce que @PleaseOpen_It a mis au point avec @clever_cloud pour vous proposer une solution clés en main à base de Keycloak

Deploy @keycloak on @dokku Ready for production, with themes and SPIs built directly please-open.it/blog/keycloak-…

In Keycloak, you MUST take a look and uncheck "full scope allowed" checkbox if you use roles. blog.please-open.it/full-scope-all…

@Romain_LLC @davlgd Hi @Romain_LLC - Keycloak remain the SPOF of all the infra. No auth, no apps... - We know "heavy" loads that needs more than 2 instances... more than 3, and more than 4 😃 - LDAP are not mandatory

@davlgd I understand so (i have a duplicate VM ready in case of issue). As far as the LDAP directories are OK i'm not too nervous, setting up a new Keycloak SSO should be fast, setting up whole LDAP directories less easy 😅

🚀 A multi-instance Keycloak cluster synced through a Wireguard based private network in a snap ? We can do it! Want to know more ? Let us know! ▶️ github.com/CleverCloud/Co…

a "no code" event-listener for @keycloak with @n8n_io blog.please-open.it/event-listener/