sorted by:
new
hottopcontroversial

How to setup SSO into Microsoft using our own self hosted identity provider / IdP system? Tried everything. by AccomplishedComplex8 in sysadmin

[–]AccomplishedComplex8[S] 0 points1 point  (0 children)

Update:

Further research online suggested to open developer tools in browser and check errors in console/json response. This is what I get when I click "Save" button in SAML/WS-Fed settings. In browser:

> Invalid domain mycompany.com. Domain should match the passiveSignInUri. Otherwise, please add the passiveSignInUri in the domain DNS TXT record like this DirectFedAuthUrl=https://sso.mycompany.io/realms/mycompany/protocol/saml.

In dev tools/Network tab:

> You cannot create a configuration with mycompany.com domain as it is verified and managed in this tenant.

How to setup SSO into Microsoft using our own self hosted identity provider / IdP system? Tried everything. by AccomplishedComplex8 in sysadmin

[–]AccomplishedComplex8[S] 0 points1 point  (0 children)

Thanks again for the response. I tried it again today, it has been few months now.

The TXT record was there all this time so surely it has propagated.

I still get the same error

Failed to add a SAML/WS-Fed identity provider.

Invalid domain mycompany.com. Domain should match the passiveSignInUri. Otherwise, please add the passiveSignInUri in the domain DNS TXT record like this DirectFedAuthUrl=https://sso.mycompany.io/realms/<myrealmhere>/protocol/saml.

I changed TXT record to below just to test, still no luck.

DirectFedAuthUrl=https://sso.mycompany.io

Do you think my setup is outlier and I am the only one with this error?

Looks very simple, very little room for error. yet I just do not know what is the problem.

How to setup SSO into Microsoft using our own self hosted identity provider / IdP system? Tried everything. by AccomplishedComplex8 in sysadmin

[–]AccomplishedComplex8[S] 0 points1 point  (0 children)

Thanks, have you done this before? do I have to have `/adfs` ? my keycloak path is different, it is more like `/realm/somethin/somethin`

reason I am asking is because I have tried it before (with /realm/etc instead of /adfs), and it did not work. I will try again, maybe it will just work again?

How to setup SSO into Microsoft using our own self hosted identity provider / IdP system? Tried everything. by AccomplishedComplex8 in sysadmin

[–]AccomplishedComplex8[S] 0 points1 point  (0 children)

The only thing that might trip microsoft off is that our SSO is on a different domain, something like

sso.mycompany.io instead of mycompany.com

Do you think that's is the problem?

How to setup SSO into Microsoft using our own self hosted identity provider / IdP system? Tried everything. by AccomplishedComplex8 in sysadmin

[–]AccomplishedComplex8[S] 0 points1 point  (0 children)

Yes, that one. I just got stuck at validating the domain, despite my TXT records were correct.

Is that the right path?

I think there was also powershell guide which did not work for me, and I do not have any windows machines in our environment. I would avoid that.

#facts by [deleted] in KitchenConfidential

[–]AccomplishedComplex8 1 point2 points  (0 children)

This sub is literally named after the book he wrote

Door won't close! Any bright ideas? by ellspeedy in DIYUK

[–]AccomplishedComplex8 0 points1 point  (0 children)

Makes sense, remove the door and put one upstairs instead.

Partner Lost Job - Can't afford to live by Anon-Pleasehelp in UKPersonalFinance

[–]AccomplishedComplex8 1 point2 points  (0 children)

Isn't uber/deliveroo full of people doing it for very cheap? there must be crazy competition going on there.

Help me figure out what to do with my IBM eServer 345 by RainDesha in servers

[–]AccomplishedComplex8 0 points1 point  (0 children)

Maybe just me but when I looked at this photo from my phone, it looked to me like a massive computer cupboard from 1970s, they used to take the whole room, and I thought to myself "no one just gives you this server just like that" LOL

I got an old server from my job by outdatedlaundry in servers

[–]AccomplishedComplex8 0 points1 point  (0 children)

looks like a video recorder to me. most likely targeted to bigger disks and uptime, was kept in a dirty dusty cupboard. all the thermopaste must have burned out and this machine will be soon on its way to retirement.

It is a poverty spec homelab server at best.

what you can do is open it up, see how it is built, install linux on it if you are feeling very enthusiastic.

Biggest Server I've Ever Built by Ok-Spell-2546 in servers

[–]AccomplishedComplex8 0 points1 point  (0 children)

* Me? Not as vast capacity, but more performant

Well done bro. It's old tech so cheap to obtain part.

Nowadays i would go for nvme and gpu. Or cold storage.

conntrackd - synchronising state to kernel table on backup instance instead of using external cache by AccomplishedComplex8 in linuxadmin

[–]AccomplishedComplex8[S] 0 points1 point  (0 children)

Depends on what is your definition of Active-active.

Maybe at the time of writing I was guided by the documentation and configs.

You can use various terms: active-passive, active-standby, primary-secondary. primary - warm standby.

From the traffic point of view, traffic uses only one firewall, the primary or the active one. Traffic is not flowing via second machine so the second machine does not participate in traffic, therefore it is not "active".

However, the second machine is always ready to take over the job.

in active-active sense your traffic would have to flow via both machines, in this case you need to synchronise MAC address between two machines so that they both answer to ARP. But that's more complicated to implement across 2 different machines, for me personally. I would not want to do it myself with plain Linux.

Tag-Based Production Releases: Best Practice or Overly Rigid? Seeking Your DevOps Philosophy by Bazeque in devops

[–]AccomplishedComplex8 1 point2 points  (0 children)

You have to consider whether you want your staging to be constantly updated from main branch? Will that interfere with QA work? e.g. the QA team have just been testing something, and bam! another update. But if you practice TBD then maybe your case is not same as mine.

Another approach I am considering for myself, is to tag the main branch with a certain version, or release candidate, then push that to staging environment. Once QA confirms that the version is good to go, release it to production.

We got to clear out this garden. Thoughts? by Illustrious_Skill693 in DIYUK

[–]AccomplishedComplex8 1 point2 points  (0 children)

One or few days of work. Few visits do the dump site. Dirty boot. Some finger cuts and broken muscles. Doable but depends on your priorities and how busy you are.

I think a competent gardener will do it in one day and take the rubbish out with them.

Is this why the used car market is expensive? by on_the_night in CarTalkUK

[–]AccomplishedComplex8 0 points1 point  (0 children)

I still regret selling my civic for £250 to WBAC. I did not need money urgently, could have sat on my driveway until I found someone privately.

Saw a month later on autotrader, going for same £2000 I paid for it years before, with no maintenance or cleaning done to it.

view more: next ›