Ancestors

Toot

Written by Felix Moessbauer on 2024-09-16 at 07:33

New blog post about my work: Enabling Conditional Access for Open Source Software. Links to the tools are in the post.

https://blog.siemens.com/2024/09/enabling-conditional-access-for-open-source-software/

[#]oss #linux #microsoft

=> More informations about this toot | More toots from fmoessbauer@mastodon.social

Descendants

Written by bluca on 2024-09-16 at 08:31

@fmoessbauer ooh that is just amazing, especially the browser extensions, and works like a charm with internal accounts too! I can finally uninstall edge! I am now glad I spent a lot of time and effort convincing the team to use D-Bus for this, it's very annoying that the MSAL library is still closed source, congratulations for managing to reverse engineer the protocol, this is fantastic work

=> More informations about this toot | More toots from bluca@fosstodon.org

Written by bluca on 2024-09-16 at 09:26

@fmoessbauer is it necessary for the extension to try and start the broker even when not needed? D-Bus activation should work, even if it takes a bit to cold start. The issue is that the broker is a memory and CPU hog, so I set RuntimeMaxSec=15m in the device-broker so it just stops after a while until the next time it's actually needed

=> More informations about this toot | More toots from bluca@fosstodon.org

Written by Felix Moessbauer on 2024-09-17 at 07:34

@bluca Let's better move this discussion to GitHub. But no, this is not needed as we auto-start it. However, the extension detects when the broker vanishes and then waits for it to re-appear. The dbus activation is only triggered on initial startup. Probably we should change this.

=> More informations about this toot | More toots from fmoessbauer@mastodon.social

Written by Felix Moessbauer on 2024-09-17 at 16:13

@bluca I created an issue on GH. Feel free to involve yourself. Looks like DBus activation and introspection does not play well together: https://github.com/siemens/linux-entra-sso/issues/33

=> More informations about this toot | More toots from fmoessbauer@mastodon.social

Written by Nils Ballmann on 2024-09-17 at 16:54

@fmoessbauer @bluca but isn't this just a... workaround for the suboptimal Java implementation on identity broker side? I mean, even the Intune PG is capable of using Rust (for their Linux agent and portal), why not the Entra PG?

=> More informations about this toot | More toots from nils_ballmann@infosec.exchange

Written by bluca on 2024-09-17 at 17:47

@nils_ballmann @fmoessbauer yeah it was the android version ported over to Linux - beggars can't be choosers 😛

=> More informations about this toot | More toots from bluca@fosstodon.org

Written by Nils Ballmann on 2024-09-17 at 17:59

@bluca so is it Support-Request-Friday for me end of the week which will turn into DCR Monday next week? Or do you give this a comparable low chance like the 10 PDF pages long DCR that @fmoessbauer and I wrote in December '23 about the Intune client software architecture?

=> More informations about this toot | More toots from nils_ballmann@infosec.exchange