Collaborate Disseminate
I am not questioning the security of the technical implementations of SSO, but the training of users to follow a potentially insecure access pattern.
Background
If you for example roll out SSO (single-sign-on) provider Okta in your organis… Continue reading Is single-sign-on making phishing attacks easier?
I plan to use Keycloak to authenticate / authorize various users and services across the organization.
These include:
Service-to-service
End-users connecting from public internet
Intranet users accessing internal services
I see two ways … Continue reading Multiple Keycloak instances versus one instance with many realms?
Microsoft has issued an out-of-band emergency update fix to patch an authentication issue that was caused by the November 9th cumulative update for Windows Server. The bug affects Windows Server 2008 SP2 through to Windows Server 2019. The November 9th Patch Tuesday cumulative update (CU) for Windows Server causes a problem that can cause authentication […] Continue reading Microsoft Issues Emergency Update Fix for Windows Server SSO Authentication Bug
According to the "Single sign-on" page on Wikipedia:
A simple version of single sign-on can be achieved over IP networks using cookies but only if the sites share a common DNS parent domain.
This means that if the user has auth… Continue reading Is it possible to use cookie-based single sign-on authentication scheme if sites do not share a common DNS parent domain?
I am working on an authentication system using JWT bearer tokens. Currently every single service our company provides has it’s own JWT sign key, but uses the same data structure for the token data. Currently a client logs into our system a… Continue reading Authenticating for multiple services with a single JWT token (Single sign-on)
For SSO enabled with the accounts on Office 365 and signing into Google with the Office 365 SSO, is it possible to enable the email address which is inputted when a user first tries to sign in with Google before being redirected to Office … Continue reading SSO Pass On Email from Office 365 to Google during Sign-In [closed]
I have a database-backed web application, with authentication via
organizational single sign-on, modeling a library lending system for
digital books. I’d like to allow users to check out books and see what
they’ve checked out, without allo… Continue reading How can I authorize access to a resource without knowing who I’ve authorized?
I have read that oauth2 can be used for both authorization as well as authentication. I have often encountered the 2nd usecase where when I want to login to a new website where I don’t already have account, I can login using my google/fb/g… Continue reading Real world examples of websites using oauth2 for authorization [closed]
I’m currently in need of some clarification for an authentication/overall strategy. First I will describe the use case and then the questions that arise for me.
Use Case
I want to have a single docker container consisting of an API and a d… Continue reading Multiple user specific APIs with a single Authentication Server
“Do you want to log in with your Facebook account?” This ever-present question looms around every corner and on almost every platform, offering a convenient way to log into various services with one simple set of credentials. What could go… Continue reading Digital Identity: The Reality of Online Privacy