Issue with Single Sign-On (SSO) Implementation for WPF application with ADFS/MSAL

I’m encountering an issue with the implementation of Single Sign-On (SSO) in our WPF application, and I’d appreciate some guidance or insights from the community.
Here’s a breakdown of our setup:

We have a main WPF application that utiliz… Continue reading Issue with Single Sign-On (SSO) Implementation for WPF application with ADFS/MSAL

Session/cookie expire time, match access token or refresh token from AD?

I am tasked with moving away from implicit flow in a SPA. It is a basic solution consisting of a react SPA and a .net API, on the same domain. This web app is a case management solution that deals with medical data, running in a private ne… Continue reading Session/cookie expire time, match access token or refresh token from AD?

Best practises regarding authentication in SPA/API solutions with SSO

There is really not that great information on what the best practices are for auth in SPA/API solutions. Most of them just say use JWTs and auth code flow in the SPA. There is a ton of information regarding auth in a SPA where you are requ… Continue reading Best practises regarding authentication in SPA/API solutions with SSO

New CISA and NSA Identity and Access Management Guidance Puts Vendors on Notice

This CISA-NSA guidance reveals concerning gaps and deficits in the multifactor authentication and Single Sign-On industry and calls for vendors to make investments and take additional steps. Continue reading New CISA and NSA Identity and Access Management Guidance Puts Vendors on Notice

Is there any advantage of per-tenant password storing to cross-tenant SSO if at all? [closed]

Similar Question: Securing a multi-tenant API with SSO and different roles per tenant
I’ll provide an example
This is the top level domain:
umantis.com

This is the syntax for a tenant/subdomain:
recruitingapp-xxx.umantis.com

Why don’t th… Continue reading Is there any advantage of per-tenant password storing to cross-tenant SSO if at all? [closed]