OpenVPN certificates vs. SSO with MFA
I am wondering, is using certificates with OpenVPN gives any advantages vs. using SSO with MFA to authenticate to OpenVPN?
Are there any disadvantages for combining both?
Category Archives: SSO
Use el acceso condicional para mejorar la postura de seguridad de su fuerza de trabajo remota
Ya que el trabajo remoto se está convirtiendo en la norma, las políticas tradicionales para el control del acceso que rigen cómo se otorga el acceso y bajo qué circunstancias, tienen una necesidad de una renovación inevitable.
Implementar políticas de… Continue reading Use el acceso condicional para mejorar la postura de seguridad de su fuerza de trabajo remota
Imagining a professional life without passwords
Passwords are a source of many security risks, with recent LastPass research revealing IT teams are spending five hours a week on average dealing with password-related issues. A passwordless login experience, on the other hand, provides employees with … Continue reading Imagining a professional life without passwords
How an IDP sends SAML assertion to an SP?
I’m new to security concepts. I am studying how SAML works and I’m confused about how IDP sends SAML assertion to SP. I searched on the internet and I found out two scenarios are possible.
First is when you authenticate to an IDP, the IDP … Continue reading How an IDP sends SAML assertion to an SP?
SSO SAML2: validating/verifying the SAMLResponse at the ACS
So it’s unclear how much more security needs to happen at the ACS point.
I can see that the IDP signs a signature that involves a certificate and private key.
The SP can verify the signature with the copy of the certificate it holds. Is th… Continue reading SSO SAML2: validating/verifying the SAMLResponse at the ACS
OAuth 2.0: programmatically authenticate Resource Server user after Authorization Code grant
The requirement: have a user, existing in an IDP, be automatically authenticated on a Resource server. IDP app can then provide web view for resource server user.
OAuth 2.0 Approach:
IDP nudges resource server saying they want a user to b… Continue reading OAuth 2.0: programmatically authenticate Resource Server user after Authorization Code grant
Are there security issues around controlled cross site sharing behind SSO?
Very simply we have a ton of websites at our company behind SSO.
I am having a hard time figuring out what security issues there are if we open cross-site sharing between these sites but wanted to get a broader view. This is really a res… Continue reading Are there security issues around controlled cross site sharing behind SSO?
Cookie set from a server to a client with different domain(via XHR), but not recognized by Client domain
I have three domains but the same code base (Domain X, Domain Y, Domain Z) and
Accounts website A
If a user tries to sign in accounts from domain X, I wanted to SSO in the other two domains (Browser Scenario: third party cookies blocked)…. Continue reading Cookie set from a server to a client with different domain(via XHR), but not recognized by Client domain
Is normal that a web site which use OpenID as SSO sends all the cookie without samesite header?
Is normal that a web site which uses OpenID as SSO sends all the cookie without samesite header?
Is this required in order to make OpenID work correctly?
Verifying the security of SAML SSO
I run an instance of a log aggregation product in the cloud, installed on a VM. I’ve strictly configured it’s networking settings, internal firewall, internal port redirection, strong admin password, valid HTTPS certificate, etc. The web i… Continue reading Verifying the security of SAML SSO