SSO – Page 16 – WindowsTechs.com

SAML – when creating new users, how do I get essential fields?

Posted on January 16, 2019 by fridgepolice

My company runs a saas product; as we move into enterprise customers, we’re getting more and more requests for SSO.

I understand the SAML workflow for authentication, and roughly how we’d implement it. I also get that we co… Continue reading SAML – when creating new users, how do I get essential fields?→

Using third party authentication like google/facebook to login to a site, is there any security risk when the site is hacked?

Posted on December 4, 2018 by rcs

Sites like stackoverflow, quora, and many more offers sign in from Google/Facebook. In the event that there is a data breach or the site is hacked, is there any security risk to your Google/Facebook account?

Continue reading Using third party authentication like google/facebook to login to a site, is there any security risk when the site is hacked?→

SSO service fail on random query param

Posted on December 3, 2018 by Zentoaku

Does anyone know the attack/business case that would justify SSO service fail on random query param instead of just ignoring it? Really curious about that one, can’t figure it out on my own.

If the case isn’t clear: sending … Continue reading SSO service fail on random query param→

SP Initiated SSO

Posted on November 29, 2018 by Sublime1914

I am having a hard time figuring out how to setup SP Initiated SSO using Centrify as an IDP. I already have an app setup using SAML but I am trying to accomplish the task of not being logged on to the IDP (Centrify portal) an… Continue reading SP Initiated SSO→

Facing the Facebook Breach: Why Simple SSO is Not Enough

Posted on October 25, 2018 by Ronni Kives

Simple Single Sign On (SSO) offers clear advantages for enterprises, however, along with wide SSO solution implementation has come the risk associated with simple SSO. Learn why Smart SSO can mitigate Facebook-type Breaches.
The post Facing the Faceboo… Continue reading Facing the Facebook Breach: Why Simple SSO is Not Enough→

Signout/update relying parties when authenticated users claims revoked

Posted on October 23, 2018 by jNet

We are implementing Fedrated SSO provider in our company. Just getting difficulty to see how we can inform relying parties if logged in user’s claims revoked to further access the relying party while his sso session is alread… Continue reading Signout/update relying parties when authenticated users claims revoked→

Where to save the token information?

Posted on October 9, 2018 by skovanden

I’m currently working on an end user Windows 10 application using the Microsoft UWP platform. Within this application the end user will be able to authenticate themselves using an oauth2 SSO service.

So here is the question:… Continue reading Where to save the token information?→

Is signature validation mandatory if encrypted assertions are sent over HTTPs in SAML 2.0?

Posted on October 8, 2018 by user674669

We are using SAML Web Browser SSO Profile (SAML 2.0)

We have a SP using SAML2.0. All communication between IdP and SP is over HTTPs.

If AuthnResponse from IdP is sent over HTTPs, is it mandatory for the SP to validate the s… Continue reading Is signature validation mandatory if encrypted assertions are sent over HTTPs in SAML 2.0?→

The ultimate fallout from the Facebook data breach could be massive

Posted on October 3, 2018 by Zeljka Zorz

Less than a week ago, Facebook announced that unknown attackers have managed to string together three bugs affecting the social media platform, which allowed them to steal access tokens of at least 50 million users – and likely more. The tokens a… Continue reading The ultimate fallout from the Facebook data breach could be massive→

The ultimate fallout from the Facebook data breach could be massive

Posted on October 3, 2018 by Zeljka Zorz