MilDStone services
General Overview
Account
- Account settings can be found on the Mildstone Account (account.mildstone.org)
- Documentation is available on Mildstone Cloud Documentation (docs.mildstone.org)
Cloud Services
- Mildstone cloud services are available on the Mildstone Cloud (ncc.mildstone.org)
- Overleaf editing environment is available on Mildstone Overleaf (overleaf.mildstone.org)
- OpenProject is available on Mildstone OpenProject (openproject.mildstone.org)
- Gitea repository is available on Mildstone Gitea (gitea.mildstone.org)
- Sandstorm grains is available on Mildstone Sandstorm (sandstorm.mildstone.org)
Coomunication services
- Matrix is available on Mildstone Matrix (matrix.mildstone.org)
- Nextcloud Talk ( see ncc.mildstone.org )
Internal Services
- Dashboard Mildstone Dashboard (mildstone.org)
- Current infrastructure status Mildstone Status (status.mildstone.org)
- IPAM IPAM (ipam.mildstone.org)
Account
The internal Identity provider is handled by Mildsotne services using a combination od FreeIPA and Keycloak. In particular a LDAP directory and Kerberos authentication are provided by the FreeIPA server, while the SSO authentication and authorization is provided by Keycloak.
The IPA server is for internal management only and is not available from the outside, while Keycloak is available for the users to manage their accounts and to access the services at the account address account.mildstone.org. The account application is actually a redirection to the specific realm inside Keycloak that is associated with the account: https://auth.mildstone.org/realms/mildstone.org. In this application each user can manage the account password, the possibly configured MFA tokens and the enabled services of the SSO provider. All available services that can authenticate in SSO OpemID Connect will be handled here by the account application.
NOTE: Some application do not support natively the OIDC protocol and require to enter the password manually, for instance OpenProject needs to be configured to use the password authentication method only. In any case the password provided is the same one used to authenticate in the account application.