SSO – Page 3 – WindowsTechs.com

how do you support sign in on android mobile applications for users who can only access the application via their institutions account

Posted on February 7, 2023 by Hector

I am a student learning Android Application development
I am a newbee to SSO oAuth2 etc and Im interested to learn.
I am comfortable with signing in a user using their username/password and obtaining Access and refresh tokens.
I have also … Continue reading how do you support sign in on android mobile applications for users who can only access the application via their institutions account→

Sending Client-Acquired SSO Token to My API Server to Access Firewalled Resources Under User Identity

Posted on February 1, 2023 by Peter Moore

In an SSO scenario (it’s Azure Active Directory specifically, but conceptually I’m not sure it matters), I obtain a token that then allows my application to impersonate the user to access resources – for example an Azure storage account wi… Continue reading Sending Client-Acquired SSO Token to My API Server to Access Firewalled Resources Under User Identity→

How to protect user/application-level encryption keys in an SSO scenario?

Posted on January 31, 2023 by Peter Moore

Assume a multitenant cloud-based application with a zero-knowledge security scheme where the hashed user password acts as a key which protects an actual 256-bit AES user encryption key, and that user key is used to encrypt and decrypt all … Continue reading How to protect user/application-level encryption keys in an SSO scenario?→

SAML Authentication Across multiple Service providers

Posted on January 27, 2023 by dingo

I am in the process of building an integration between 2 service providers (SP). I have setup my own Identity Provider, KeyCloak.
What I am trying to achieve is as follows: A user signs into SP1 using SSO, they get redirected to our IDP to… Continue reading SAML Authentication Across multiple Service providers→

Security/Liability Concerns with Sign-In-Provider Account Merging

Posted on January 18, 2023 by user65023

Assume my solution offers 5 identity providers that users can choose from
Apple
Facebook
Github
Google
Microsoft

These providers all take user identity very seriously. Is there any legitimate liability concern that an unauthorized person … Continue reading Security/Liability Concerns with Sign-In-Provider Account Merging→

CircleCI breach post-mortem: Attackers got in by stealing engineer’s session cookie

Posted on January 16, 2023 by Zeljka Zorz

The attackers who pulled off the recent breach of continuous integration and continuous delivery (CI/CD) platform maker CircleCI got in by compromising an engineer’s laptop with malware, stealing their 2FA-backed SSO session cookie, and using it … Continue reading CircleCI breach post-mortem: Attackers got in by stealing engineer’s session cookie→

SSO and/or JWT: make sure web app’s endpoints are protected

Posted on December 14, 2022 by Rififi

Let’s say I’m building a web application (let’s focus on the backend side) that is B2C. Users should be able to register with my application, using a SSO provider like Google or Facebook. Once they’re registered, they can access other endp… Continue reading SSO and/or JWT: make sure web app’s endpoints are protected→

what is the difference between "multiple set of credentials" and "single set of credentials"

Posted on December 4, 2022 by tonny

I see "multiple set of credentials" and "single set of credentials" in the SSO documentation. However, I can’t understand what the difference is between them.
Are they related to MFA?

Continue reading what is the difference between "multiple set of credentials" and "single set of credentials"→

How SSO with OpenID and Azure AD works?

Posted on December 3, 2022 by Elias MP

I try to understand how the integration we are using with OpenID works. I have read documents and different websites, but I feel that something escapes me related with SSO – I didn´t find so much information about this. If you could help m… Continue reading How SSO with OpenID and Azure AD works?→

Single Sign-On: multiple authentication providers [migrated]

Posted on November 17, 2022 by sevic

Let’s say we have a web application with SSO/OIDC implemented and there are multiple authentication providers.
The workflow so far:

Click "Login via Microsoft"
Enter your email-address.
Forward to the corresponding authenticatio… Continue reading Single Sign-On: multiple authentication providers [migrated]→