Skip to main content

One post tagged with "Zitadel"

View All Tags

Using Single Sign-On

Jimmy Kmi
Jimmy Kmi
Give it a try, how will you know if you don't try?

Recently, I have been busy with learning English and dealing with a sudden pile of school assignments. The homepage will be temporarily updated with content, and features will be added later as needed.

This is a history of my development in account management. If you're only interested in the technology I am currently using, please skip this historical part.

History

  • Back in 2008, when I set up my first page, I wanted to implement login and registration features. During my elementary school years, the most I could do was manage logins with Excel.
  • Then in middle school, I came across VisualBasic, which made it easy to implement a login system. However, I faced two problems: VB programs were easily decompiled to reveal passwords, and I didn't know how to do online authentication (or even write server-side code). The second issue was that an exe program, especially one that was frequently updated, was hard to demonstrate to friends and difficult to distribute (after all, who knows if your program contains viruses).
  • Still in middle school, I used VisualBasic to implement monitoring and basic management of multiple Windows servers, and a basic Web backend (returning a string or something similar, without any standards or JSON). Of course, I also implemented web login: account and password verification based on a 404 error for xxx.com/password.html not found.
  • By high school, PHP had become "the best language in the world". I implemented login, but the account and password storage method was based on file storage. Looking back, using a database would have been much simpler than what I did with file-based storage, but I chose the most difficult path among the odd and challenging ones.
  • In university, with more time on my hands, not only did I start using databases, but I also employed various databases and encryption methods. Below is the latest update on my account management mechanism.

Using Open Source Account Management

Selection Introduction

Currently, my approach to account management is domain control + single sign-on. Although I understand most of the principles and have implemented them, creating a complete visual interface is a huge task. So I turned my attention to current open-source projects, such as Zitadel. I have successfully integrated several platforms using Zitadel's SDK, but I've also encountered some pitfalls. I won't go into the specifics of integration and deployment in this blog, but I'll organize this information once I'm more settled (at least one foot on solid ground).

Concerns and Solutions (Out of Sight, Out of Mind)

  1. Could such a project suddenly start harvesting users? I think, if they do, then it's time to build my own (or find another one).
  2. What if I encounter a bug I can't fix? Since it's an open-source project, just submit a PR and become a part of the open-source community.
  3. Will publicizing my tech stack lead to targeted attacks? Yes, but it's inevitable. Even building my own system won't avoid vulnerabilities, and intentionally hiding my tech stack isn't easy, requiring changes at the core or foundational level. So for most of my projects, I choose not to deliberately hide any technology stack I use. I rely on honeypots, attack tracing, firewalls, and separating services from data for security.
  4. Will the authentication system be subject to traffic attacks? Yes, but using a CDN is only for faster static responses. The defense steps are as follows: regional cleaning (region, ASN, operator), then full cleaning, attack tracing, and feature recording (the rest depends on the law). The intent of the attack is also important. I categorize them into three types: accidental, unavoidable. For random attacks, if it's just for fun... why not consider contacting me and becoming friends rather than enemies? For malicious attacks... well, thanks?

Account Allocation

Currently, I will make as many tools and services publicly available as possible, but some resources are either too costly or need to be protected (like my graduation project), so I have to implement identity verification. Please understand.

Can I get an account? For compliance reasons, I currently do not provide any information registration channels. If you are a faculty member of a college, a scientific research institution, or a good friend of mine, please contact me via email or other means at jimmy@lzj.ac.cn. I would be delighted to hear from you.