Loading...
Loading...
Found 70 Skills
Provides comprehensive KeyCloak administration guidance including realm management, user/group administration, client configuration, authentication flows, identity brokering, authorization policies, security hardening, and troubleshooting. Covers SSO configuration, SAML/OIDC setup, role-based access control (RBAC), user federation (LDAP/AD), social login integration, multi-factor authentication (MFA), and high availability deployments. Use when configuring KeyCloak, setting up SSO, managing realms and clients, troubleshooting authentication issues, implementing RBAC, or when users mention "KeyCloak", "SSO", "OIDC", "SAML", "identity provider", "IAM", "authentication flow", "user federation", "realm configuration", or "access management".
Identify which WorkOS skill to load based on the user's task — covers AuthKit, SSO, RBAC, migrations, and all API references.
SAML SSO assertion attack playbook. Use when testing signature validation, assertion wrapping, audience restrictions, ACS handling, XML trust boundaries, and enterprise SSO flaws.
Authenticate to AWS using Single Sign-On (SSO). Use when AWS CLI operations require SSO authentication or when SSO session has expired.
Fast, zero-config AWS SSO login helper that discovers accounts and roles, configures AWS profiles, and auto-configures EKS Kubernetes contexts. Use when authenticating with AWS SSO, switching between AWS accounts or roles, setting up AWS profiles for CLI usage, configuring Kubernetes contexts for EKS clusters, or exporting AWS_PROFILE for tools that support named profiles.
Implements JWT SSO authentication for Metabase embedding in a project. Supports all embedding types that use SSO — Modular embedding (embed.js web components), Modular embedding SDK (@metabase/embedding-sdk-react), and Full app embedding (iframe-based). Creates the JWT signing endpoint, configures the frontend auth layer, and sets up group mappings. Use when the user wants to add SSO/JWT auth to their Metabase embedding, implement user identity for embedded analytics, set up JWT authentication for Metabase, or connect their app's authentication to Metabase embedding.
Vercel security and access controls including RBAC, SSO, deployment protection, firewall, bot defense, audit logs, and 2FA. Use when securing Vercel projects or managing access.
Configure Steedos Server via environment variables and YAML settings files. Covers required env vars (MONGO_URL, ROOT_URL, B6_TRANSPORTER, B6_CACHER), steedos-config.yml project settings, default.steedos.settings.yml template with env interpolation, datasources, tenant settings, CFS file storage (local, aliyun, aws, steedosCloud), SSO/OIDC, email, SMS, push notifications, and frontend asset URLs.
Grafana Cloud account management — organizations, stacks, RBAC, SSO/SAML/OAuth, service accounts, API keys, team management, billing, and cloud-level provisioning. Use when managing Grafana Cloud access, configuring SSO, setting up service accounts for CI/CD, assigning roles, managing multiple stacks or organizations, or provisioning cloud resources via API.
Implement secure OAuth 2.0, OpenID Connect (OIDC), JWT authentication, and SSO integration. Use when building secure authentication systems for web and mobile applications.
Audit project documentation quality across 8 categories (Hierarchy, SSOT, Compactness, Requirements, Actuality, Legacy, Stack Adaptation, Semantic Content). Delegates to ln-601 for deep semantic verification of project documents. Use when documentation needs quality review, after major doc updates, or as part of ln-100-documents-pipeline. Outputs Compliance Score X/10 per category + Findings + Recommended Actions.
Implement OAuth 2.1 / OIDC authentication using Better Auth with MCP assistance. Use when setting up a centralized auth server (SSO provider), implementing SSO clients in Next.js apps, configuring PKCE flows, or managing tokens with JWKS verification. Uses Better Auth MCP for guided setup. NOT when using simple session-only auth without OAuth/OIDC requirements.