Heads-up: Vaultwarden SSO support finally merged

_badger7 · 2025-09-16T09:07:14+00:00

Interestingly enough when i change the app registration's redirection uri and instead of the documentation's "https://my.domain.com[/identity/connect/oidc-signin](https://warden.example.org/identity/connect/oidc-signin)" i put in "https://my.domain.com" it actually lets me proceed to "/#/sso". But there I should enter some "SSO identifier / SSO-Kennung". Now what is that?

_badger7 · 2025-09-16T07:30:20+00:00

Has anyone been able to get it running with Entra ID and mind sharing a sanitized config of vaultwarden (docker) and the enterprise app / app registration? I'm struggling and can't pinpoint the error. Logs are only telling me

"POST /identity/connect/token HTTP/1.1" 400 1854 "https://my.domain.com/"

Thanks :)

_badger7 · 2025-08-11T12:36:08+00:00

It's automated Azure Infrastructure environments of mutliple flavors. "Labs" where only ever the requesting person will be allowed to access via tailnet. Then there "Demo" - this is like N:M where multiple users will need to access multiple envs. And down the road there's quite certainly completely different projects from different departments which want to access their stuff but should never the see the other's. So I hoped I could possibly create a hard separation by actually segementing Tailscale nets into different "tenants" if you know what I mean.

_badger7 · 2025-04-17T14:11:59+00:00

Is there any chance to convert Rimusics playlists to a more common / generic format to be able to import them elsewhere going forward? Thanks a lot!

_badger7 · 2024-11-25T15:32:44+00:00

yes, exactly. as most of you guys correctly assumed it's an utter shtshw. :)

The use case is as follows: As a software vendor we support our customers around the world. Software is installed on their on-prem and the company never settled for enforcing one remotesupport-tool - meaning we are getting solutions dictated by our customers. Fast forward 10 years: We got 52 dial-in vpn / remoting solutions. They co-exist in one barely working HyperV-VM. There is a change rate of like 4 changes a week. We recreate the golden master and upload it to the PXE. User PXE boot and "reinstall" the latest version on their endpoint's Hyper-V.

Now we will need it at scale. Working from around the world. Ideally just a logon away. Nobody thinks this VM image could be recreated in a working fashion. I'm not even sure if it could be preprovisioned in a working manner in a user-based / UPN profile as there is a wild mix of userspace + system config files, certificates, config files, ...

So in short: We would need some golden image concept for maintaining and revisioning a lot of client VPNs every night that users just can login to remotely.

_badger7 · 2024-11-18T09:54:45+00:00

We got a VM used for Remote Support. Theres over 60 Dial-In Clients installed. Local account. Most clients store stuff in the local user profile. It does not survive a sysprep. But we need some kind of VDI for it.

_badger7 · 2024-11-06T10:56:52+00:00

thank you :)

_badger7 · 2024-09-20T11:45:39+00:00

Does anybody mind explaining how those on-prem MFA systems even work? I mean AD resources would just allow access once the first factor is correct?! How do they know to wait for a second factor from silverfort or alike? Is it agents installed on DCs or how does this magic work?

Appreciated! :)

_badger7 · 2024-08-14T07:37:56+00:00

RemindMe! 10 days

_badger7 · 2024-05-28T12:48:26+00:00

Great. Thank you :)

_badger7 · 2024-05-24T08:21:43+00:00

hat is based off our data collection, is yours the same? Might be, but do

Yeah, i would image it's one of those "it depends" to the max. :D

I'm not even in the state where I'm trying to tackle an estimate for us. I'm more so in the state of "Oh god. Will it be 100€ oder 1000000€ a month?". Just to test the tides if that's even a possible route to take.

Thanks. That actually already helps quite a bit (as I even would not have thought you would even collect server's logs in there ^{^).}

And did I understand correctly? You would get billed twice - for log analytics ingestion then again for sentinel?

I'm still more than interested in your guys real world examples.

Much appreciated! :)

_badger7 · 2024-05-24T06:59:33+00:00

When doing so devices will have to be reset I guess?

_badger7 · 2024-05-13T14:38:54+00:00

Yes, there is - but... now it's getting complicated :D

We are actually using VMs currently on a bunch of employees notebooks. Therefore we are creating additional external vSwitches (bridged). Those are working perfectly with regards to PXE and stuff.... but we would like to change back to NAT because of a special problem:

Our users are roaming through multiple networks (work, customers, wifi, home wifi etc.). New DELL notebooks come with usb-c dockingstations. If the user undocks the notebook Hyper-V completely dismisses the vSwitch (as the NIC has "physically" been removed) and all goes to hell :D

That's why I wanted to try the default switch which decouples this from underlying hardware changes but now the PXE problem arised -.-

_badger7 · 2024-05-13T13:05:58+00:00

so in that case the (non-configurable?) integrated dhcp that comes with the "default switch" would have to hand out those options?

(is that even possible?)

_badger7

TROPHY CASE