Tag Archives: OpenID Connect

CAcert OpenID Connect resolve the security issues of logon credentials

More and more people have access to the internet. These people spend an increasing amount of time on the web. On the web are many websites on which the user has to authenticate itself; in many cases with a username and password combination. Using the same combination on every site is unwise. This is where Single Sign On (SSO) gets into the picture.

SSO allows users to use a single account on one site to gain access to multiple other websites. Even in the scenario of SSO there are still some pitfalls in using a username and password combination. An attacker has several options to gain access to the account. Using a certificate from a Certificate Authority (CA) based on the Public Key Infrastructure (PKI) would following Barthold Derlagen and Onno Berfelo resolve the security issues of logon credentials.

OpenID is an open standard, it is open source. OpenID is decentralized which means that authentication does not need to take place on the site that offers the service. Within OpenID there are three parties, the User, Identity Provider (IdP) and Relaying Party (RP). The IdP provides the user with an identity and an identifier. The user can provide his identifier to the RP. The RP will then redirect the user to the IdP. The user will authenticate himself to the IdP. The IdP redirects the user back to the RP. The RP then accepts that the user has identified himself. The only thing, OpenID could have, are trust problems. On this point comes CAcert into the game.

CAcert is not unlike a common CA. It does, however, use a Web of Trust to verify the identy of their users. CAcert has assurers which are users with 100 or more assurance points who have successfully taken an assurer test. The assurer can then grant the user points. Once a user has 50 or more points he is deemed assured which will unlock various options in generating certificates.

While Barthold Derlagen and Onno Berfelo proved in a master’s thesis (“How to use the CAcert infrastructure within an OpenID context?”) that CAcert certificates could be used for SSO with OpenID, a project group of volunteers from the CAcert community has implemented exactly that – with OpenID Connect. The new CAcert SSO with OpenID Connect is currently available for Drupal, WordPress and Nextcloud. Interested? Then read more about this in our wiki or download the illustrated manuals.

If you are happy with the new functions of CAcert OpenID Connect, done by our volunteers, please consider to donate: Donations IBAN CH02 0077 4010 3947 4420 0

P.S. If your CMS is missing, please get in touch with our project team. It would be happy to create together with you an other CAcert OpenID Connect access that fits your needs.

CAcert OpenID Connect for Nextcloud now available

Leave a reply

Nextcloud is free software for storing data (e.g. files, calendars, contacts, etc.) on a server. The user can access the data both via the web and with client applications. This enables a centralised and consistent database from many end devices and optional sharing with other users.

In addition to data storage, Nextcloud offers functionalities for video conferencing and various office applications via the web interface.

Using passwords is just annoying and not very secure. Now it’s much easier and even more secure: with CAcert OpenID Connect for Nextcloud, you simply log in with your certificate. Welcome to the future!

You can find out exactly how this works and how easy it is to activate in the illustrated guide for CAcert OpenID Connect for Nextcloud right here in the wiki: https://wiki.cacert.org/CAcertOpenIDConnect (no credit card, no e-mail-address, just download)

If you are happy with the new functions of CAcert OpenID Connect for Nextcloud, done by our volunteers, please consider to donate: Donations IBAN CH02 0077 4010 3947 4420 0

Test the new CAcert OpenID Connect at a Conference

Leave a reply

Of course, CAcert is 2025 also at some conferences. After two days in Elsene near Brussels at FOSDEM in early february, you can get in touch with us:

8.-11. Aug 2025 Oudkarspel, Netherlands WHY CAMP 2025 (sold out)
16.-17. Aug 2025 St. Augustin (Köln-Bonn) FrOSCon 2025 (free entrance)

It is really a good idea to see and test the new CAcert OpenID Connect on your own! Come and join us.

If you are happy with the new functions of CAcert OpenID Connect, done by our volunteers, please consider to donate: Donations IBAN CH02 0077 4010 3947 4420 0

CAcert OpenID Connect for Drupal now available

Leave a reply

OpenID Connect (OIDC) was developed by the OpenID Foundation as an authentication protocol that verifies a user’s identity when they attempt to access a protected site. CAcert now offers a way to both authenticate and authorise Drupal with OIDC. This allows users of one of the best known and most widely used open source content management systems (CMS), used by some of the largest websites such as The Economist or the White House, to be used for single sign-on (SSO) and offers the benefits of a single login for multiple sites.

This Guide will help you configure your Drupal sites and other applications as an OpenID Connect Client with CAcert. Following these steps will allow you to configure OIDC SSO which will allow your users to log in to your Drupal site using their CAcert credentials.

Get the illustrated guide for CAcert OpenID Connect for Drupal here: https://wiki.cacert.org/CAcertOpenIDConnect

If you are happy with the new functions of CAcert OpenID Connect for Drupal, done by our volunteers, please consider to donate: Donations IBAN CH02 0077 4010 3947 4420 0

Start 2025 with a first CAcert project

Leave a reply

Over the past few months, we have been pushing OpenID Connect forward. Today, you can sign in with OpenID Connect using CAcert certificates. Our tireless volunteers are still working on the finishing touches and documentation. Perhaps you are still looking for a New Year’s resolution and would like to give them a hand?

Or in the hours left until the new year is rung in, would you prefer to work on a small project that is guaranteed to be finished in less than an hour? Then the CAcert calendar prism is for you (free download). Print it out, cut it out, fold it and stick it together. 1-2-3-4 and your first project for 2025 is complete!

All the best for the new year
and thank you very much for your support, help and funding.

Best price journeys with cash back for CAcert: https://www.booking.com/index.html?aid=346253
Donations IBAN CH02 0077 4010 3947 4420 0

Was ist OpenID Connect und was kann es?

Leave a reply

Seit etwas mehr als einem Jahr ist bei CAcert immer wieder die Rede von OpenID Connect. Vor wenigen Wochen konnten die Messebesucher der FrOScon unser neues Standbein an unserem Stand selber testen. Doch um was geht es da genau? Eva Stöwe erklärte die Vorteile von OpenID Connect im zweiten Teil (ab 32:40) eines Vortrags an der FrOScon. Dabei geht sie auch auf die Kombination von OpenID Connect mit CAcert-Zertifikaten ein.

Schau den ganzen Vortrag oder auch nur den Teil über OpenID Connect mit CAcert-Zertifikaten ab Minute 32:40 auf dem Medienserver des ChaosComputerClubs: https://media.ccc.de/v/froscon2022-2801-wer_bin_ich_und_wenn_ja_wie_viele (Vortrag in deutscher Sprache)

Bist du so begeistert, dass du selber mithelfen möchtest? Lies hier, welche Möglichkeiten sich dir bieten! Oder wie du mit einer kleinen Spende von €10 die Betriebskosten decken kannst: https://paylink.conotoxia.com/t3A15JkVVW oder IBAN CH02 0077 4010 3947 4420 0

CAcert’s OpenID Connect is now working

Leave a reply

CAcert was represented at Froscon last week end. Our volunteers presented the new OpenID Connect project and discussed with the attendees. In fact, an exciting development this year was the completion of a first version of the CAcert OpenID Connect tool, allowing our members to use their Client Certificates to log in to various other services without using passwords. Services such as Nextcloud, Mantis, and possibly Drupal and WordPress can provide our members easy access. Work will continue on this project into the next month.

CAcert staff talking to interested public and giving assurances at FrOSCon booth

Are you so enthusiastic that you want to help out yourself? Read here what opportunities are available to you! Or how you can cover the operating costs with a small donation of €10: https://paylink.conotoxia.com/t3A15JkVVW or IBAN CH02 0077 4010 3947 4420 0

Entdecke ennet dem Rhein CAcerts neuer Quell’

Leave a reply

Wenn die Sommerhitze unerträglich wird, dann ist es höchste Zeit, sich an den Gestaden des Rheins etwas zu erfrischen. Und was liegt näher, als darauf ennet dem kühlen Nass seine Schritte nach St. Augustin zu lenken, wo die Freiwilligen von CAcert an der FrOScon etwas absolut Neues persönlich vorstellen?

Join us at FrOScon for something new!

Leave a reply

Is there anything at all at CAcert apart from bug reports? Over the past few months, CAcert volunteers have been very busy behind the scenes and soon CAcert will have a third leg to stand on. Let our volunteers show and explain it to you personally: Just across the Rhine near Cologne-Bonn at FrOScon.

Une révolution s’annonce le 14 juillet

Leave a reply

A l’occasion de ce 14 juillet, CAcert a l’honneur d’annoncer par cette voie une nouveauté à tous les membres français et francophones de la communauté CAcert. Nos bénévoles se feront un plaisir de vous le montrer et de vous l’expliquer personnellement: Juste de l’autre côté du Rhin, près de Cologne-Bonn, à la FrOScon.