today's howtos

posted by Roy Schestowitz on Mar 17, 2025

• University of Toronto ☛ OIDC claim scopes and their interactions with OIDC token authentication

  When I wrote about how SAML and OIDC differed in sharing information, where SAML shares every SAML 'attribute' by default and OIDC has 'scopes' for its 'claims', I said that the SAML approach was probably easier within an organization, where you already have trust in the clients. It turns out that there's an important exception to this I didn't realize at the time, and that's when programs (like mail clients) are using tokens to authenticate to servers (like IMAP servers).

• Jan Piet Mens ☛ DNSSEC Policy and Key template support in NetBox DNS

  Peter Eckel has been busy adding support for describing DNSSEC Key and DNSSEC Policy templates to NetBox DNS. The idea is that I can document one or more DNSSEC policies within NetBox DNS and therein also describe the keys (e.g. KSK or CSK) I will be using.

  It is explicitly not desirable that the actual key material, say, be included in NetBox and that is quite explicitly also out of scope. NetBox DNS is not a DNS server so it wouldn’t make much sense in having the key material contained in it even if secrets management is theoretically possible. A typical DNSSEC signer is bound do a much better job of managing, rolling (if at all), and securing keys (think also: HSM).

  So what’s it for then? Well, I create a Key template such as the one below, in which I configure that I want a CSK, say, with a particular algorithm (here: 13) and a certain lifetime if I want to be doing key rollovers.

• University of Toronto ☛ Some notes on the OpenID Connect (OIDC) 'redirect uri'

  The obvious general approach is for your program to run a little HTTP server that listens on some port on localhost, and capture the code when the (local) browser gets the HTTP redirect to localhost and visits the server. The problem here is that you can't necessarily listen on port 80, so your redirect uri needs to include the port you're listening (eg 'http://localhost:7000'), and if your OIDC IdP is following the standard it must be configured not just with 'http://localhost' as the allowed redirect uri but the specific port you'll use. Also, because of string matching, if the OIDC IdP lists 'http://localhost:7000', you can't send 'http://localhost:7000/' despite them being the same URL.

• idroot

  • ID Root ☛ How To Install Btop on Ubuntu 24.04 LTS

    Monitoring system resources is essential for maintaining optimal performance on GNU/Linux systems. Ubuntu 24.04 LTS “Noble Numbat” users have several options for resource monitoring, but btop stands out as one of the most feature-rich and visually appealing options available.

  • ID Root ☛ How To Install Pandas on Fedora 41

    Pandas is a powerful Python library essential for data analysis and manipulation. This guide explores multiple methods to install Pandas on Fedora 41, addressing various user needs from basic installation to advanced configurations. Whether you’re a data scientist, developer, or GNU/Linux enthusiast, you’ll find detailed instructions tailored to your experience level.

  • ID Root ☛ How To Install SuiteCRM on Ubuntu 24.04 LTS

    SuiteCRM is a powerful open-source customer relationship management solution that provides businesses with tools to effectively manage customer interactions, sales pipelines, and marketing campaigns.

  • ID Root ☛ How To Install Symfony Framework on Linux Mint 22

    In this tutorial, we will show you how to install Symfony Framework on Linux Mint 22. Symfony is one of the most popular PHP frameworks used for developing robust web applications. Its modular design and extensive community support make it a favorite among developers.

  • ID Root ☛ How To Install Akaunting on Fedora 41

    Akaunting stands as a powerful, free, and open-source accounting solution that helps businesses manage their finances efficiently. For those running Fedora 41, installing Akaunting provides a robust financial management system on a stable, secure GNU/Linux foundation.

  • ID Root ☛ How To Install XFCE Desktop Environment on Manjaro

    Manjaro GNU/Linux has established itself as one of the most user-friendly Arch-based distributions available today. Among its many strengths is the flexibility to choose between different desktop environments. The XFCE desktop environment stands out as an excellent choice for users seeking a lightweight, customizable, and efficient computing experience.

  • ID Root ☛ How To Install Realtek Wifi Drivers on Debian 12

    In this tutorial, we will show you how to install Realtek Wifi Drivers on Debian 12. Debian 12 Bookworm offers a stable, secure computing environment for GNU/Linux enthusiasts. However, WiFi connectivity issues with Realtek adapters can quickly turn your smooth computing experience into a frustrating ordeal.