Collaborate Disseminate
Having successfully integrated my old web forms app with an ADFS server I got to thinking about how the process works as a whole. The old app passes the user to the remote ADFS, then eventually the user arrives back in our server having a … Continue reading Do we need to guard against federated identity servers lying about who signed in?
I am asked to prepare a write up on Identity Federation. I have nearly completed the write up. There is a term multi-party federation which I am confuesed at. Does it simply mean alloting multiple parties to carry out federation? Or is it … Continue reading What is multi-party federation?
I have an app that revolves entirely around Spotify. I have followed the authorization guide from Spotify and am using the Authorization Code Flow so the access token can be refreshed. My thinking was that this will prevent them from havin… Continue reading Does my app need authentication in addition to Spotify authorization?
I’m setting up an Azure AD subscription for a small retailer with 3 branches and a headquarters (100s of users in each). The branches are self-sufficient and intend to manage their own users. Users from the branches will need… Continue reading Azure AD subdomains best practice
If I have an app which authenticates against one OIDC provider eg. Google but then uses the provided id- and access-token to make request against a 1. app-api and 2. a third-party-api using the tokens from before.
Is this po… Continue reading Having one OIDC provider and multiple APIs from third parties, how can I federate logins?
We are creating an OpenId Provider (using Identity Server 4) that has the ability to federate authentication to other IdPs based on email (eg, we first ask for email and then determine how to authenticate you, potentially by redirecting yo… Continue reading Are there documented best practices when federating identity to a third party using OIDC?
We are implementing Fedrated SSO provider in our company. Just getting difficulty to see how we can inform relying parties if logged in user’s claims revoked to further access the relying party while his sso session is alread… Continue reading Signout/update relying parties when authenticated users claims revoked
I have a WS-Trust workflow, for which I need to provide debug logging of the token exchanges.
The messages that are sent are
RST/Issue for Symmetric Key
RSTR with Symmetric Key
RST/Issue for Bearer Token using encrypted … Continue reading Masking sensitive info in WS-trust token exchange logs
I have a WS-Trust workflow, for which I need to provide debug logging of the token exchanges.
The messages that are sent are
RST/Issue for Symmetric Key
RSTR with Symmetric Key
RST/Issue for Bearer Token using encrypted … Continue reading Masking sensitive info in WS-trust token exchange logs
When logging into web sites using federated login, it’s easy to verify that the site that I’m entering my credentials into the site of the identity provider by looking at the address bar and ensuring that the certificate is v… Continue reading Is it possible to verify that it’s safe to enter social media credentials in a given [IOS, Android, Win10] app?