Collaborate Disseminate
I am looking at a use case where the service provider will need to capture the user id (not password) to identify the target IDP. In this case, the requirement is to send the user id (that is already captured at service provi… Continue reading Does SAML 2.0 define how to pass only username from SP to IDP?
I am looking at a use case where the service provider will need to capture the user id (not password) to identify the target IDP. In this case, the requirement is to send the user id (that is already captured at service provi… Continue reading Does SAML 2.0 define how to pass only username from SP to IDP?
F5 iApps are user-customizable frameworks for deploying applications that enables you to ‘templatize’ sets of functionality on your F5 gear. You can automate the process of adding virtual servers or build a custom iApp to manage your iRules…
Continue reading Your Applications Deserve iApps
We run a large distributed system consisting of a number (>10) of Django-based web services and web applications with a consumer base of about 10000 university students. Currently, we use a single single-sign-on system (Shibboleth) provided by our university to handle authentication. Authorization/roles are manually configured per-user at each web service. Our current architecture is shown below:
We would like to extend our system to allow logins using Google, Facebook, LinkedIn and other universities. It seems like we need a middleware that is in charge of authentication and role management. Roles are frequently created and cannot be statically defined. The middleware should also perform session management (like handling timeouts, single log-out). We picture something like the following:
What components would we need in this middleware? Our sysadmin is considering Gluu or Keycloak along with an AD service. Would either of these solutions meet our requirements? Are there any best practices or vulnerability/configuration checklists for such systems?
We run a large distributed system consisting of a number (>10) of Django-based web services and web applications with a consumer base of about 10000 university students. Currently, we use a single single-sign-on system (Shibboleth) provided by our university to handle authentication. Authorization/roles are manually configured per-user at each web service. Our current architecture is shown below:
We would like to extend our system to allow logins using Google, Facebook, LinkedIn and other universities. It seems like we need a middleware that is in charge of authentication and role management. Roles are frequently created and cannot be statically defined. The middleware should also perform session management (like handling timeouts, single log-out). We picture something like the following:
What components would we need in this middleware? Our sysadmin is considering Gluu or Keycloak along with an AD service. Would either of these solutions meet our requirements? Are there any best practices or vulnerability/configuration checklists for such systems?
I am working on a tablet application and have come across an interesting issue.
We have a domain joined tablet that runs a Windows Store Application. We already have user identity and we need to call a web service endpoint that is secured… Continue reading SAML token and service calls
I am working on a tablet application and have come across an interesting issue
We have a domain joined tablet that runs a Windows Store Application, we already have user identity and we need to call a web service endpoint th… Continue reading SAML token and service calls
Google doesn’t just offer its own web-based productivity apps, but it also offers a service for business users who want to use Google as an identity provider for accessing other online services using the widely used SAML standard. Today, Google is adding a few new options to this program, which now includes a number of Google competitors. Among the 14 new pre-configured options are the… Read More Continue reading Google adds support for Microsoft Office, Facebook at Work, Slack and others to its single sign-on solution
I would like to secure a JavaScript Single Page App with SAML. My server is powered using Node.js and serves a RESTful API. What are my options?
Details: I have worked with OAuth2 in the past, but I am not familiar with SAML concepts. Wit… Continue reading Securing a JavaScript Single Page App with SAML
I came across the concepts of passive authentication and active authentication in my work related to SAML 2.0 single-sign-on integration. I tried very hard to find a clear, generic definition and a proper explanation on these… Continue reading Definition of "passive" and "active" authentication?