Collaborate Disseminate
I am trying to activate SingleSignOn for a new browser-based application hosted on a server by us, which we implemented at work recently. The application works flawlessly, the only thing that doesn’t seem to work is the SingleSignOn servic… Continue reading I am trying to configure SingleSignOn (Kerberos) and get 2 error messages in the log. Even google hasn’t heard of them
The need for secure data access management is top-of-mind in the C-suite and boardroom. The question I keep hearing from IT departments is how to do it right, that is, how to ensure security and governance without frustrating users or slowing innovatio… Continue reading How to secure data one firewall at a time
Azure Active Directory generates certificates for federated SSO that have a lifespan of 3 years.
in the case of an on premises AD, this is two years by default, and can be changed.
Are there any technical/security reasons why such a length… Continue reading Are there specific reasons why ADFS certificates are generated for 2 years?
The low code market continues to grow, increasingly finding adoption for more diverse and serious applications among enterprises and independent software vendors (ISVs). The lingering question of application code security follows, as stories of securit… Continue reading A leadership guide for mitigating security risks with low code platforms
The concept of passwordless authentication has been gathering steam. Gartner anticipates that by 2022, 60% of large and global enterprises will implement some sort of passwordless solution to enhance security. While these emerging authentication tools … Continue reading Why passwordless is not always passwordless
From CWE598 sensitive information should be sent using POST request. Why CAS protocol sends the ticket value using a GET request as illustrated below? Should it be considered safe in this scenario? From the image:
"Set the session coo… Continue reading CAS Protocol ticket sent via GET request
I want to build an SPA with ASP.NET Core (Blazor server side) which some IFrames redirecting to other applications. In this example I have f.e. the SPA, Grafana to show graphs and Node-Red, but there could be more in the future. To create … Continue reading Implement an SPA with IFrames, but with Single Sign-on
I have an application that uses SSO and needs to contact an LDAP server to retrieve whether the user exists or not. For that, I thought to use SAML as a means to link the SSO token user information with the LDAP user. However, I don’t real… Continue reading SSO, SAML and LDAP question
When a person reuses the same password across multiple accounts, one account’s exposure puts all the others at risk. To prevent this, cybersecurity awareness programs must emphasize the importance of passwords: how to create them, use them, and how to … Continue reading Password reuse defeats the purpose of passwords
I manage a set of service providers (SP1, SP2, SP3, etc), and we currently have this SAML SSO flow working where the SP causes a POST submit to the SAML IDP with an XML SAML request which includes an SP SAML Endpoint. The SAML IDP returns … Continue reading SAML/oauth2/openid-connect login via proxy as another user