IdentityServer
IdentityServer4 to Duende
This audio content is an AI generated podcast of two people discussing the original content. It is provided as an alternative way to consume the original text.
This audio content has been generated by AI. It is provided for convenience and may not perfectly reflect the original text.
The Challenge
PitPatPet, a manufacturer of pet tracking devices and software, relied on an IdentityServer4-based Single Sign-On solution to authenticate users across its applications and APIs. When IdentityServer4 reached end of life in December 2022, the platform was no longer supported, introducing security, compliance, and operational risk.
The business required a supported and sustainable identity platform without disrupting customers who depended on continuous access to services. The upgrade needed to:
- Be completed with no more than 10 minutes of downtime
- Honour existing refresh tokens - Strengthen password protection
- Introduce multi-factor authentication
- Establish a long-term support model to ensure an always available fully patched solution
This was a security-led upgrade delivered under strict operational constraints.
The Solution
Rock Solid Knowledge upgraded the SSO platform from IdentityServer4 to Duende IdentityServer 7, targeting .NET 8. This involved migrating PitPatPet’s custom code to the updated framework while preserving existing authentication flows and token compatibility.
As the IdentityServer operational data store schema had evolved, we developed migration scripts to transition the existing database safely to the new version.
Security enhancements were implemented as part of the upgrade:
- Enabled automatic signing key rotation using Duende’s enterprise capabilities, reducing the risk of forged tokens
- Upgraded password hashing to latest modern standard, while supporting legacy algorithms and automatically rehashing credentials on successful login
- Introduced stronger password protection controls and multi-factor authentication
Rock Solid Knowledge provided remote installation support across test and production environments, with out-of-hours engineering availability to align with PitPatPet’s deployment requirements. The engagement was delivered within a two to three-week timeframe.
What Was Delivered
- Upgrade to Duende IdentityServer 7 on .NET 8
- Migration of custom IdentityServer4 code to the new framework
- Operational data store migration scripts
- Automatic signing key rotation configuration
- Modern password hashing with progressive rehash on login, to keep up to date
- Multi-factor authentication capability
- Remote deployment and handover support
- Ongoing maintenance through Production Support Plus
The Impact
PitPatPet now operates on a fully supported, enterprise-grade identity platform.
- Reduced risk associated with unsupported software
- Improved protection against token forgery and credential compromise
- Preserved user experience with no forced password resets
- Minimal downtime and uninterrupted customer access
- Structured, proactive maintenance to avoid future end-of-life exposure
Highly responsive, deeply knowledgeable, and a pleasure to work with
Steven Greensmith
- Job Role
- VP of Development
- Company
- Pitpatpet Ltd
Why Rock Solid Knowledge
Rock Solid Knowledge is an official commercial partner of Duende IdentityServer with over eight years of experience delivering Single Sign-On solutions. Our deep familiarity with IdentityServer migrations reduced delivery risk and ensured the upgrade respected both security best practice and operational continuity.
Through Production Support Plus, PitPatPet benefits from proactive vulnerability monitoring, dependency management, and planned maintenance releases, keeping the platform current and secure.
Discuss modernising your identity platform and securing your applications with a supported, sustainable solution.
Andrew Clymer He/him
- Job Role
- Managing Director
- Company
- Rock Solid Knowledge