Collaborate Disseminate
So, I know how public-private key encryption works. I understand how/why certificates are required. I understand how a SSO flow (IdP initiated) works. But, I do not understand how the three of them happen together. I am confused about what… Continue reading How does encryption, certificates in an end to end SSO flow?
I’m in need of an authentication & authorization service that can manage our app’s pool of users. I stumbled upon Keycloak and have been checking it for the past few days, but I’m wondering why Keycloak doesn’t provide an API for a cli… Continue reading Why doesn’t Keycloak allow user sign-up and sign-in through a client?
i have used SSO for many years and never experience this behavior.
Using URL https://example.html i have successfully passed authentication through Single SignOn page.
Clicked on logout link, which redirects me to custom.aspx page where a… Continue reading SSO logout / logon unusual behavior [closed]
I work for a company where we give customer (hundreds/thousands of users) access to 2 sites. One owned by a 3rd party SaaS and one owned by us. Customers spend alot of time registering for both sites and we also spend alot of time removing… Continue reading OAuth2, SAML, OpenID connect – Which one to use for my scenario?
Although most IT and security professionals think of zero trust as an important part of their cybersecurity approach, many still have a long way to go on their quest to deploying it, according to Illumio. Especially as users continue to move off campus… Continue reading In reality, how important is zero trust?
I have an application Foo that exposes a web-based portal as well as a REST API service via HTTPS.
When a human user connects to the app Foo to use its web-based portal, the human user is first redirected to an OAuth2-based login page. Onc… Continue reading App-to-app or service-to-service authentication using federated login
Are there any available statistics for how long different types of IT projects are expected to take within different sized organisations?
Specifically I am interested in Security related projects such as Single Sign On.
What factors affect… Continue reading Whats expected time scale to implement enterprise scale Single Sign On Solution? [closed]
I’m studying Auth0 and I would like to know if using a third party application like this for authentication and authorization can be a problem for privacy and data confidentiality.
Palo Alto Networks has patched a critical and easily exploitable vulnerability (CVE-2020-2021) affecting PAN-OS, the custom operating system running on its next generation firewalls and enterprise VPN appliances, and is urging users to update to a fixe… Continue reading Critical flaw opens Palo Alto Networks firewalls and VPN appliances to attack, patch ASAP!
Over the last few decades, as the information era has matured, it has shaped the world of cryptography and made it a varied landscape. Amongst the myriad of encoding methods and cryptosystems currently available for ensuring secure data transfers and u… Continue reading New privacy-preserving SSO algorithm hides user info from third parties