Collaborate Disseminate
IDaaS, otherwise known as Identity-as-a-Service, is one of the hottest categories in the identity and access management market. With all of that activity, it also means that the IDaaS space…
The post IDaaS Capability to Support Samba File Servers app… Continue reading IDaaS Capability to Support Samba File Servers
Web application single sign-on (SSO) has been an extremely popular category in the identity and access management space. But, as the identity management space changes and evolves, the question is…
The post Future of Web App SSO appeared first on Jump… Continue reading Future of Web App SSO
Google Cloud announced today that it has acquired Bitium, a company that focused on offering enterprise-grade identity management and access tools, such as single-sign on, for cloud-based applications. This will basically help Google better manage enterprise cloud customer implementation across an organization, including doing things like setting security levels and access policies for… Read More Continue reading Google Cloud acquires cloud identity management company Bitium
Before this gets flagged as a duplicate, I’m not asking a question about the disadvantages of single sign-on, I’m asking if the initial concept is flawed to begin with without enforcing two-factor authentication.
Let me explain what I mean… Continue reading Is the idea of Single Sign-On (SSO) a flawed concept without Two-Factor Authentication (2FA)?
I am studying the domain of Identity and Access Management in CISSP, and I come across the three terms Federated Identity Management (FIM), Third Party Identity Services (3PIS) and Single Sign-On (SSO). After some readings, i… Continue reading Examples of Federated Identity Management, Third Party Identity Services and Single Sign-On
Uber patched an authentication bypass vulnerability in its homegrown SSO solution that allowed attackers to take over subdomains and steal session cookies. Continue reading Uber Patches Authentication Bypass Vulnerability on Custom SSO Solution
Version 10g of Oracle Access Manager suffers from vulnerabilities that could allow an attacker to hijack sessions. Continue reading Vulnerabilities Expose Oracle OAM 10g to Remote Session Hijacking
A breach at OneLogin appears to have compromised customer data, including the ability to decrypt encrypted data. Continue reading OneLogin Breach Compromised Customer Data, Ability to Decrypt Encrypted Data
There seems to be a number of techniques to authenticate a person on the web. Most commonly there are
Javascript Pop-ups (Google, Firefox Persona, Disqus, etc)
HTTP Redirects (OAuth, Facebook)
IFrames, with sandboxing set … Continue reading Is there any security difference between login via iFrame, Pop-up, or redirect?
I am learning about the Thinktecture Identity Server v2 and considering deploying it as a single sign on solution for 3 to 4 apps/services our company is developing for our customers. The applications use a mix of ASP.NET for… Continue reading Does Thinktecture V2 Require Round Trips on Requests