Collaborate Disseminate
Consider the steps involved in WS-Federation Passive Requestor Profile1:
The above figure shows a sequence diagram of a user (requestor) accessing a web application with his browser. Since the user was not authenticatio… Continue reading Do we need CSRF protection for WS-Federation Passive Requestor Profile?
Are there operating systems that allow logging on to the device (laptop, tablet etc.) using claims based authentication?
Continue reading Claims based authentication to log on to a device
We have ADFS and want to add a 3rd party application as trusted to it. I have certificate and metadata (xml) URI to give them but want to have a checklist what they need to give me. So far
HTTP location of their federation … Continue reading What do I need to ask 3rd party to add trust
We have ADFS and want to add a 3rd party application as trusted to it. I have certificate and metadata (xml) URI to give them but want to have a checklist what they need to give me. So far
HTTP location of their federation … Continue reading What do I need to ask 3rd party to add trust
I would like to know if the Service Provider (SP) has to be always known to the IdP according to the SAML 2.0 specification (e.g. out-of-band registration)? If this is specified only on profile level, are there any profiles t… Continue reading SAML 2.0 Service Provider (SP) registration mandatory?
The prevailing notion seems to be that OAuth2 and OpenID Connect are considered less secure than SAML/WS-Federation. From what I gather, it comes down to encryption – i.e. the fact that OAuth2/Open ID Connect do not support t… Continue reading Why is OAuth2/OpenID Connect considered less secure than SAML/WS-*?
I’m looking for one or more books on modern authentication, identity management and access control. Some of the topics I would like covered are:
SPML vs SCIM
XACML and the cloud?
SSO: SAML, OAuth2, OpenID Connect, Kerberos,… Continue reading Book on IAM and the Cloud
IT organizations have a simple goal: make it easy for workers to access all their work applications from any device. But that simple goal becomes complicated when new apps and old, legacy applications do not authenticate in the same way. In this Lightboard Lesson, I draw out how VMware and F5 helps remove these complexities […]
Continue reading Lightboard Lessons: SSO to Legacy Web Applications
The SaaS provider you just selected claims SAML compatibility? That’s awesome for you! This will enable you and your users to use this new service in a much more secure and user-friendly way. Imagine the pain if there was one more user ID and password to manage. But you know what? “SAML compatible” means very little…
The post Your SaaS Cloud Provider Does An Awful Job At Implementing SAML And That’s Totally OK appeared first on Speaking of Security – The RSA Blog.
Datadog, a software-as-a service-based provider of IT infrastructure monitoring and analytics services, has forced a password reset on all of its user and admin accounts following a breach last Friday. Continue reading Datadog Forces Password Reset Following Breach