The Infinite Scale knowledge base provides setup examples, best practices, contributor-created content etc. that can be of interest to admins as a guide on how topics can be addressed. Information on topics listed here are not intended as a full and ready-to-go guide and may not be suitable for all deployment scenarios. Instead we give an overview on how things can be achieved.
Each topic contains a brief description what it is about and links to a document for more details. This keeps this document compact and readable while all the information about the particular topic has its own description page.
|ownCloud is not responsible for any referenced content of external pages. Provided information comes without any claim for correctness and eligibility for support.|
Implementing a brute force protection against failing login attempts is something that usually should be done before the IDP, the load balancer or whatever component sees the requests first. Setting up Fail2ban parsing Infinite Scale logs can be a possibility but is subject to a concrete setup. Follow this document for more details and guidance.
If two-factor authentication is needed for Infinite Scale, you can use Keycloak which provides built-in support for 2FA by default via TOTP/HOTP by using an app like Google Authenticator, FreeOTP and others. For 2FA using email and SMS, Keykloak’s Service Provider Interface (SPI) offers customized authentication providers to achieve this.
When looking at the Docker Compose Examples, in particular the file
ocis_keycloak/config/keycloak/ocis-realm.dist.json, you will find the following setting responsible for CORS inside Infnite Scale:
"webOrigins": [ "https://ocis.owncloud.test" ],
To complete this setup, you also must configure Keycloak. See the Keykloak Server Administration Guide in paragraph Web Origins for more details.