Single Sign On

I built a SSO system mostly to protect some of my more sensitive sites. However, now that I did the hard work of getting it working, it's super easy for me to do stuff like secure a knowledgebase site with a SSO login.

The SSO login is https://auth.matt-cloud.com/ and you can manage multi-factor methods here. There is no other user visible functionality here, but it's worth mentioning. 

The platform is called Authelia and I have it running in a docker container like everything else these days. 

AsI have a pretty well configured guacamole instance protected by Authelia and 2FA now, and I have discovered a slight issue. During the 2FA device registration the service will send an email with a code to your email I have programmed in AD. However, if the receiving email server likes to click on links as part of the writingspam offilter, then the code will be invalidated before it can be used. I discovered this inauguralhappening entrywith ina test account that sent these codes to my tesla.com email address. Any Tesla folks that want Terminal Server access or otherwise need 2FA on Matt Cloud I'll need a different email address. If you want I can just set up a mailbox on my server for this knowledgebase,too. I don't have anything else worthwhile behind this SSO, though that is sure to change at some point given how easy it is for me to use it now. The nice part is that it also natively supports 2FA, both a TOTP google authenticator method and a WebAuth method. These are configurable on the user side, and are how I now am making the remote desktop server available.