fairkom issueshttps://git.fairkom.net/hosting/fairlogin/fairkom/-/issues2024-03-04T14:51:43Zhttps://git.fairkom.net/hosting/fairlogin/fairkom/-/issues/82Please provide Revoke-Keys for 2FA2024-03-04T14:51:43ZChrisPlease provide Revoke-Keys for 2FAThere are no revoke/backup-keys for the two-factor-authentification. This means, I do not have the possibility to bypass the 2FA and do a emergency password-change after a bad person stole my phone.There are no revoke/backup-keys for the two-factor-authentification. This means, I do not have the possibility to bypass the 2FA and do a emergency password-change after a bad person stole my phone.https://git.fairkom.net/hosting/fairlogin/fairkom/-/issues/78invite users and onboard on fairchat in group2024-03-25T20:14:47ZRoland Altoninvite users and onboard on fairchat in groupWe often have the use case from @sebastian.kuehs , that we have to onboard users in a chat group. Customers can not wait until all their employees have signed up and notified an admin who finally adds them to a chat group.
## Manual onb...We often have the use case from @sebastian.kuehs , that we have to onboard users in a chat group. Customers can not wait until all their employees have signed up and notified an admin who finally adds them to a chat group.
## Manual onboarding steps
1. add user in keycloak, set a password and do not verify e-mail
1. login with that user with fairlogin in fairchat
1. add this user with fairchat admin to desired group(s)
1. send user an e-mail notifying of having been onboarded and that a password has to be set
1. request user in keycloak to change password
@armin.felder could this be automated via the RC and keycloak API?https://git.fairkom.net/hosting/fairlogin/fairkom/-/issues/76Federate fairlogin with Wirtschaftsportalverbund2023-02-18T21:45:43ZRoland AltonFederate fairlogin with Wirtschaftsportalverbundhttps://git.fairkom.net/hosting/fairlogin/fairkom/-/issues/71IP address logging2024-03-04T14:51:57ZRoland AltonIP address loggingCurrently we do not log IP addresses in keycloak.
* [ ] Is there a legal requirement for cloud providers?Currently we do not log IP addresses in keycloak.
* [ ] Is there a legal requirement for cloud providers?Roland AltonRoland Altonhttps://git.fairkom.net/hosting/fairlogin/fairkom/-/issues/70Keycloak monitoring2024-03-04T14:51:59ZRoland AltonKeycloak monitoring@arminfelder berichtete, dass DB nicht erreichbar. dB läuft aber auf heu13. Geht wieder nach keycloak restart. Wie können wir das monitoren?@arminfelder berichtete, dass DB nicht erreichbar. dB läuft aber auf heu13. Geht wieder nach keycloak restart. Wie können wir das monitoren?Johannes BuecheleJohannes Buechelehttps://git.fairkom.net/hosting/fairlogin/fairkom/-/issues/68add quota to LDAP2024-03-04T14:52:00ZRoland Altonadd quota to LDAPAs analysed in #59 and agreed in the team, we will use quota rules per user.
Default quota is 200MB, which can be upgraded to 2GB (basic) or 20GB (pro).
Connect nextcloud, GroupOffice, DoveCot (IMAP) and Sandstorm with that quota fiel...As analysed in #59 and agreed in the team, we will use quota rules per user.
Default quota is 200MB, which can be upgraded to 2GB (basic) or 20GB (pro).
Connect nextcloud, GroupOffice, DoveCot (IMAP) and Sandstorm with that quota field.
Provide web interface (keycloak?) so that an admin can set quota per user.Armin FelderArmin Felder2018-05-15https://git.fairkom.net/hosting/fairlogin/fairkom/-/issues/67Contact discovery by hash2024-03-04T14:52:00ZRoland AltonContact discovery by hashIn many application such as fairchat it would be nice to see which users I already might know. Signal hashes the phone numers. Silent Circle is a more generic approach: https://github.com/SilentCircle/contact-discoveryIn many application such as fairchat it would be nice to see which users I already might know. Signal hashes the phone numers. Silent Circle is a more generic approach: https://github.com/SilentCircle/contact-discoveryhttps://git.fairkom.net/hosting/fairlogin/fairkom/-/issues/63allow to enter preferred_username2024-03-25T20:02:50ZRoland Altonallow to enter preferred_usernameIn fairchat.net new users get the e-mail address set as user name. This is a privacy concern, reported by @sebastian.kuehs and some users in the https://fairchat.net/channel/fairchat-general channel.
Users could certainly change their u...In fairchat.net new users get the e-mail address set as user name. This is a privacy concern, reported by @sebastian.kuehs and some users in the https://fairchat.net/channel/fairchat-general channel.
Users could certainly change their user name in their profile at https://fairchat.net/account/profile if they knew it.
We could either ask for a preferred nickname when users register or construct it in fairlogin from the e-mail address (part before @).
1. fairchat oauth settings: user = preferred_username
1. Keycloak mapper for the fairchat client: username / the preferred_username
Could we adapt the mapping in 1 or 2?Johannes BuecheleJohannes Buechele2024-04-16https://git.fairkom.net/hosting/fairlogin/fairkom/-/issues/62Describe data storage policy for fairlogin SSO2024-03-04T14:52:04ZRoland AltonDescribe data storage policy for fairlogin SSOOrganisations who are interested to connect a service with fairlogin want to know:
* [ ] which data do we collect
* [ ] how long do we collect data
* [ ] which data do we give to others
* [ ] what is the consent procedure for the userOrganisations who are interested to connect a service with fairlogin want to know:
* [ ] which data do we collect
* [ ] how long do we collect data
* [ ] which data do we give to others
* [ ] what is the consent procedure for the userDavid AyersDavid Ayershttps://git.fairkom.net/hosting/fairlogin/fairkom/-/issues/60Logout bug2024-03-04T14:52:05ZRoland AltonLogout bugWhen logging off from fairapps.net, an error message appears from fair.sandcats.io (which apparently initiated the SAML session).
![Bildschirmfoto_2018-03-13_19-36-31](/uploads/facd5a82ff7b36e90447057f5fb5b05b/Bildschirmfoto_2018-03-13...When logging off from fairapps.net, an error message appears from fair.sandcats.io (which apparently initiated the SAML session).
![Bildschirmfoto_2018-03-13_19-36-31](/uploads/facd5a82ff7b36e90447057f5fb5b05b/Bildschirmfoto_2018-03-13_19-36-31.png)
Expected behaviour: logout screen or get back to fairapps.netJohannes BuecheleJohannes Buechelehttps://git.fairkom.net/hosting/fairlogin/fairkom/-/issues/59Payment strategy2024-03-04T14:52:06ZRoland AltonPayment strategyCurrently we only charge per quota on some services and the process is manual.
Check options:
* [ ] Limit number of concurrent fairlogin sessions
* [x] Quota on all offered services in LDAP per *user*
* [ ] Quota on all offered s...Currently we only charge per quota on some services and the process is manual.
Check options:
* [ ] Limit number of concurrent fairlogin sessions
* [x] Quota on all offered services in LDAP per *user*
* [ ] Quota on all offered services in LDAP per *group* (more family and organization friendly!)
* [ ] Usage per day / month
* [ ] Sandstorm quota per user https://fair.sandcats.io/admin/hosting-management (requires both SAML and LDAP configured) see https://docs.sandstorm.io/en/latest/administering/hosting-provider/
* [ ] ~~~ Sandstorm credit card payment mechanism (removed now from blackrock, which is a more scalable backend for sandstorm) https://github.com/sandstorm-io/blackrock/commit/4045b833ebcbe3c2f88f44db8ac2a3f412c8f372 ~~~ deprecated
* [ ] Remove content if not paid after x months (e.g. in fairchat https://github.com/RocketChat/Rocket.Chat/issues/795#issuecomment-206897221 )
* [ ] FairCoin payment optionhttps://git.fairkom.net/hosting/fairlogin/fairkom/-/issues/55Test Apache Mellon2024-03-04T14:52:07ZRoland AltonTest Apache MellonApart from mod-shib, there is also Mellon to authenticate users to access web pages.
MELLON connects nicely with SAML (P. Pflaeging, TIIME keycloak workshop 06 FEB 2018).
We should test it when we have a case.Apart from mod-shib, there is also Mellon to authenticate users to access web pages.
MELLON connects nicely with SAML (P. Pflaeging, TIIME keycloak workshop 06 FEB 2018).
We should test it when we have a case.https://git.fairkom.net/hosting/fairlogin/fairkom/-/issues/54ISPconfig use case description2024-03-04T14:52:07ZRoland AltonISPconfig use case descriptionWhat could we replace ISPconfig with Keycloak add onsWhat could we replace ISPconfig with Keycloak add onsRoland AltonRoland Altonhttps://git.fairkom.net/hosting/fairlogin/fairkom/-/issues/53Dokument User Management with KC/LDAP integrated with GO, DokuWiki & fairchat2024-03-04T14:52:08ZDavid AyersDokument User Management with KC/LDAP integrated with GO, DokuWiki & fairchatPlease document the steps needed to:
- Create a new user that is visible in KC & LDAP
- Add him to Groups like fairkom_Mitarbeiter
- Add him to fairchat users [this should make fairchat available to the user]
- Add him to GroupOffice_Ev...Please document the steps needed to:
- Create a new user that is visible in KC & LDAP
- Add him to Groups like fairkom_Mitarbeiter
- Add him to fairchat users [this should make fairchat available to the user]
- Add him to GroupOffice_Everyone [this should make GO available to the user]
- Add him to DokuWikiUsers [this should make GO available to the user]
- Remove him from GroupOffice_Everyone [this should make GO unavailable to the user]
Add all needed Sync calls to insure the users are synced to the corresponding applications.
Please open issues for syncs that still need to be implements or that are erroneous.Johannes BuecheleJohannes Buechelehttps://git.fairkom.net/hosting/fairlogin/fairkom/-/issues/52Create how to's2024-03-04T14:52:08ZRoland AltonCreate how to's* [ ] How to add a service to fairlogin with SAML
* [ ] How to add a service to fairlogin with OpenID Connect
* [ ] How to add a federated identity provider
Put in WIKI here https://git.fairkom.net/fairlogin/fairkom/wikis/home
See a...* [ ] How to add a service to fairlogin with SAML
* [ ] How to add a service to fairlogin with OpenID Connect
* [ ] How to add a federated identity provider
Put in WIKI here https://git.fairkom.net/fairlogin/fairkom/wikis/home
See also questions from https://git.fairkom.net/drupal/faircoin/issues/11David AyersDavid Ayershttps://git.fairkom.net/hosting/fairlogin/fairkom/-/issues/39Incoming identity providers2023-11-05T11:11:25ZRoland AltonIncoming identity providers* [x] github (organisation name space anfordern: fairkom und osalliance)
* [ ] Portalverbund PVP
* [x] github
* [x] Google
* [x] Twitter
* [ ] ~~facebook~~
* [x] gitlab.com
* [x] ACOnet - member FH Vorarlberg* [x] github (organisation name space anfordern: fairkom und osalliance)
* [ ] Portalverbund PVP
* [x] github
* [x] Google
* [x] Twitter
* [ ] ~~facebook~~
* [x] gitlab.com
* [x] ACOnet - member FH Vorarlberghttps://git.fairkom.net/hosting/fairlogin/fairkom/-/issues/30Drupal LDAP/OpenID Connect/SAML2 integration2024-02-26T07:08:15ZDavid AyersDrupal LDAP/OpenID Connect/SAML2 integrationAP4: P2 FedID: Integr: DrupalJohannes BuecheleJohannes Buechelehttps://git.fairkom.net/hosting/fairlogin/fairkom/-/issues/22Dashboard: ISP Config Integration2024-03-04T14:52:12ZDavid AyersDashboard: ISP Config IntegrationAP5: Dashboard: ISPConfig IntegrationJohannes BuecheleJohannes Buechelehttps://git.fairkom.net/hosting/fairlogin/fairkom/-/issues/21Dashboard: Group Adminstration2024-02-26T07:09:54ZDavid AyersDashboard: Group AdminstrationAP5: Dashboard: User AdministrationWenninger JosephWenninger Josephhttps://git.fairkom.net/hosting/fairlogin/fairkom/-/issues/20Dashboard: Invitation2024-03-04T14:52:13ZDavid AyersDashboard: InvitationAP5: Dashboard: User AdministrationJohannes BuecheleJohannes Buechele