Knowledge Base

The Infinite Scale knowledge base provides setup examples, best practices, contributor-created content etc. that can be of interest to admins as a guide on how topics can be addressed. Information on topics listed here are not intended as a full and ready-to-go guide and may not be suitable for all deployment scenarios. Instead we give an overview on how things can be achieved.

Each topic contains a brief description what it is about and links to a document for more details. This keeps this document compact and readable while all the information about the particular topic has its own description page.

Implementing a brute force protection against failing login attempts is something that usually should be done before the IDP, the load balancer or whatever component sees the requests first. Setting up Fail2ban parsing Infinite Scale logs can be a possibility but is subject to a concrete setup. Follow this document for more details and guidance.

When looking at the Docker Compose Examples, in particular the file ocis_keycloak/config/keycloak/ocis-realm.dist.json, you will find the following setting responsible for CORS inside Infnite Scale:

To complete this setup, you also must configure Keycloak. See the Keykloak Server Administration Guide in paragraph Web Origins for more details.

When a user information gets updated like a group a user is member gets renamed or deleted, the user will experience a changed behavior in Infinite Scale that needs manual intervention. The source of the changed behavior is not in Infinite Scale but about the OIDC data flow. For details see the Claim Updates section in the proxy service.

Written by a contributor, the linked guide shows how to set up Infinite Scale to either work with Authelia or authentik. Note that the code base at the time of reference was Infinite Scale stable 2.0. Follow this article for more details and guidance.

If two-factor authentication is needed for Infinite Scale, you can use Keycloak which provides built-in support for 2FA by default via TOTP/HOTP by using an app like Google Authenticator, FreeOTP and others. For 2FA using email and SMS, Keykloak’s Service Provider Interface (SPI) offers customized authentication providers to achieve this.