Collaborate Disseminate
My company provides a single SaaS product for corporate clients.
For one client we are implementing SSO with them as authentication provider (via Azure AD/SAML for now, but the library we are using is extensible).
The same client has asked… Continue reading Does splitting auth SSO and MFA parts, between client and service companies have any issues?
I am adding Single Sign-On (SSO) via Google and Microsoft identity providers to a web application where many thousands of user accounts already have existing credentials stored by username and password. Each account also has a primary emai… Continue reading Adding SSO to an existing website – should SSO login link to matching email address?
Whilst I was looking for an SAML authentication workflows I stumbled upon this link.
But instead of 301 redirect (or any kind of http redirect), I thought that once the app finds out that SAML authentication is required to contact into iDP… Continue reading Instead of 301 redirecting can I generate unique login endpoint in order to utilize an Http POST request during SAML Auth?
The most known SSO workflows require the Identity provider to provide the login page/form, for example Google’s Authentication for its services.
An example for that is the: Simple SAML SSO Workflow
But in my case, I have a bunch of apps th… Continue reading How can I have SSO with multiple login forms?
When attackers pull off a privileged access breach, they have a beachhead into your network. Regardless of whether it’s software or users that are ill-protected, threat actors have a consistent playbook: establish a foothold on a vulnerable system, ele… Continue reading How to contain a privileged access breach and make sure it doesn’t happen again
LastPass released the findings of an IDC survey which revealed that “balancing company security requirements and the employee user experience” is the number one identity challenge, followed by “employees struggling with too many passwords.”… Continue reading The importance of balancing security requirements and employee user experience
My SaaS application offers enterprise customers the option to use SAML to authenticate their user population against their own Identity Provider. This normally works fine, however I am looking for advice on an edge case related to shared … Continue reading Authenticate via SAML without establishing SSO session
Setup:
Some service (SAS, HTTP, mongodb) running on a Linux server and using Windows AD/Kerberos for SSO.
On Linux, httpd is running as the http (Unix) account, and mariadb is running as "mariadb" (Unix) account.
Understanding:… Continue reading kerberoasting: Usefulness of hacking a SSO (GSSAPI/SPNEGO) service on Linux
Microsoft has issued an out-of-band emergency update fix to patch an authentication issue that was caused by the November 9th cumulative update for Windows Server. The bug affects Windows Server 2008 SP2 through to Windows Server 2019. The November 9th Patch Tuesday cumulative update (CU) for Windows Server causes a problem that can cause authentication […] Continue reading Microsoft Issues Emergency Update Fix for Windows Server SSO Authentication Bug
Let us say you have an app where the users will be required to deposit cryptocurrency. Is it safe to let users sign in with third-party authentication? For example "sign in with Google" or "sign in with Facebook"?
If it… Continue reading Using SSO for a cryptocurrency app