Articles

It is important to consider the potential risks associated with using email as a form of two-factor authentication. It may be worth exploring alternative options that offer increased security.

Discover the Dynamic Authentication Providers feature for AdminUI, including its functionality and a video demonstration.

Since its inception, AdminUI has been an application requiring no development effort to get it running. However, it is not as flexible as some of our customers require. So let's fix that!

As of January 2023, Rock Solid Knowledge is proud to announce that we are a Certified B -Corporation™. B Corp questions assess every aspect of your organisation - from the environment to governance to how we treat our workers and customers.

Client-Initiated Backchannel Authentication (CIBA) is a new OpenID Connect specification that describes decoupled authentication flows. This article describes how to implement a CIBA flow inside Duende IdentityServer.

IdentityServer4 will no longer be supported from 13th December 2022. We outline our product-specific support and migration steps to Duende IdentityServer

Are you looking to support WS-Federation clients into your IdentityServer? If so, this tutorial will help you implement a cross-protocol SSO.

AdminUI now supports custom identity implementations for users with their own identity schemas or extensions of the ASP.NET Identity schema.

Creating a secure login experience that defends against password stuffing and spraying can lead to an unpleasant user experience. Using Risk-Based Authentication allows you to adapt the login experience based on the current threat level, resulting in a secure and, more often than not, pleasant user experience.

IdentityServer uses a persisted grants table to store reference and refresh tokens. Clean-up code needs to be run periodically to remove expired tokens. The built-in functionality works for small/medium usage, but alternative approaches should be considered for high usage. This article outlines an alternative approach using a SQL stored procedure.

Are you looking to support SAML clients or external SAML identity providers in your IdentityServer? If so, this tutorial will help you implement a cross-protocol SSO.

To align AdminUI and Duende IdentityServer licensing, newly purchased copies of AdminUI come with a lower cost annual license

This article will build upon your existing OAuth knowledge to learn about Open Banking’s architecture, its new acronyms, and what implementation is the best fit for you.

Rsk.Saml v5 includes new features, improvements and breaking changes. Such as support for .NET 6, Duende IdentityServer v6 and HTTP Artifact binding.

Duende IdentityServer (IDS) 6 was released earlier this year – our products continue to support the framework in its latest update.

SAML implementations typically exchange sensitive user data via the browser. This considerably increases the attack surface of your Single Sign-On (SSO) solution. Luckily, SAML offers an alternative mechanism called HTTP Artifact binding that allows protocol messages to be transported more securely.

If you are new to SSO, the learning curve can appear quite daunting; not only do you have to change the way your applications perform authentication, you also need to configure and deploy the single sign-on server. Our All in one solution gets you started in minutes.

AdminUI has recently been made available as a universal project, meaning we now support a Linux installation scenario rather than recommending Docker as a multiplatform approach. This article will go through the steps needed to get AdminUI up and running on Linux.

Microservices is a common architectural pattern, but how best to integrate it with Attribute Based Access Control (ABAC).

An account enumeration attack involves an attacker attempting an action, such as authentication or password reset, and looking for differences between responses to gain information on the system. Learn how to harden your SSO solution against these attacks.

SAML works really well for server-side applications, providing single sign-on across your applications. But can you use SAML with modern application types such as SPAs and mobile apps?