Collaborate Disseminate
We’ve got implementations in a browser-based system right now that does both SAML and OpenID-connect login support, but does them differently and was looking for advice on the risks.
Our SAML implementation does a full browser redirect to… Continue reading SSO and browser vs. server
I’m having issues finding the right language to search for answers to my problem so hopefully I can explain it here.
I am trying to create an API that will be accessed by a 3rd party. This 3rd party authenticates their users using some u… Continue reading Securing an API for 3rd party users
Facebook will (finally!) explicitly tell users who use Facebook Login to log into third-party apps what information those apps are harvesting from their FB account. At the same time, users will be able to react quickly if someone managed to compromise … Continue reading Facebook users will be notified when their credentials are used for third-party app logins
I wanted to change my profile’s password on this one website. I clicked “Change password” and noticed that I was possibly directed to a test server. The URL started like
https://sso-test.WEBSITENAME
and the site looked ju… Continue reading Did I find a vulnerability by stumbling on an SSO test server? [closed]
Is the use of SSO sufficient enough to leave an application open for ease of use or should we also implement IP whitelisting on top of SSO?
Continue reading Is SSO enough to protect applications? [closed]
Enterprises are adopting infrastructure as a service (IaaS) en masse in pursuit of enhanced flexibility, productivity, and cost savings. These platforms allow organizations to upload and download data via custom applications, machines, scripts, and ot… Continue reading Bitglass API Gateway Encryption
Cloud adoption is transforming the way business is conducted on a larger scale. The integration of SaaS (software as a service) applications via the cloud is transcending individual and organizational productivity and overall employee morale. Moreover… Continue reading The Ins and Outs of Securing BYOD
I’ve run into this docs when I was studying some SSO concepts;
This grant adds the concept of a code_verifier to the Authorization Code Grant. When the Client asks for an Authorization Code it generates a code_verifier an… Continue reading SSO – How Auth Code flow with PKCE is secure?
Apple has updated its privacy pages on Wednesday and shared three new white papers and tech briefs on how Safari, Location Services, and Sign in with Apple protect user privacy. The changes Apple does not provide access to its products’ source co… Continue reading Apple details new Safari, Location Services, Sign in with Apple privacy features
86% of enterprises have deployed cloud-based tools, but only 34% have implemented single sign-on (SSO), one of the most basic and critically important cloud security tools, according to Bitglass. The report found that the use of cloud applications has … Continue reading As more companies deploy cloud apps, they must also implement security tools