Skip to content

Instantly share code, notes, and snippets.

View calmh's full-sized avatar
:bowtie:
I may be slow to respond.

Jakob Borg calmh

:bowtie:
I may be slow to respond.
686 followers · 0 following
View GitHub Profile
@calmh
calmh / gist:c790c3c5b73d86716c3effec2029e6ea
Created October 10, 2024 10:53
10:49:10.009429 vxlan48 Out IP 100.64.51.239.50148 > 216.153.53.63.443: Flags [S], seq 63849243, win 65535, options [mss 9176,sackOK,TS val 3336816561 ecr 0,nop,wscale 14], length 0
10:49:12.029420 vxlan48 Out IP 100.64.51.239.50148 > 216.153.53.63.443: Flags [S], seq 63849243, win 65535, options [mss 9176,sackOK,TS val 3336818581 ecr 0,nop,wscale 14], length 0
10:49:16.185431 vxlan48 Out IP 100.64.51.239.50148 > 216.153.53.63.443: Flags [S], seq 63849243, win 65535, options [mss 9176,sackOK,TS val 3336822737 ecr 0,nop,wscale 14], length 0
10:49:24.377417 vxlan48 Out IP 100.64.51.239.50148 > 216.153.53.63.443: Flags [S], seq 63849243, win 65535, options [mss 9176,sackOK,TS val 3336830929 ecr 0,nop,wscale 14], length 0
10:49:24.399562 vxlan48 P IP 216.153.53.63.443 > 100.64.51.239.50148: Flags [S.], seq 4279993438, ack 63849244, win 65535, options [mss 1460,sackOK,TS val 1390655000 ecr 3336815551,nop,wscale 14], length 0
10:49:24.399700 vxlan48 Out IP 100.64.51.239.50148 > 216.153.53.63.443: Flags [.], ack 1
@calmh
calmh / gist:227bca58ddf527a79e9b3f11cd904e30
Created May 14, 2025 09:00
SSO Refresh
Keycloak vs Authentik
### Existing user import
I wrote a custom LDAP server that returns the current set of users from Azure AD B2C. This works for both Authentik and Keycloak to ingest the current user base (minus passwords).
In Authentik we can run the import once, then disable user syncing and retain the users in the database. On first login Authentik does a bind towards the LDAP server to verify the password, then writes the password back to the local user, thus completing their migration.
@calmh
calmh / sso-notes.md
Created May 14, 2025 09:01

SSO Refresh

Keycloak vs Authentik

Existing user import

I wrote a custom LDAP server that returns the current set of users from Azure AD B2C. This works for both Authentik and Keycloak to ingest the current user base (minus passwords).

In Authentik we can run the import once, then disable user syncing and retain the users in the database. On first login Authentik does a bind towards the LDAP server to verify the password, then writes the password back to the local user, thus completing their migration.