Articles

18 Aug 2022
What is Risk Based Authentication

Creating a secure login experience that defends against password stuffing and spraying can lead to an unpleasant user experience. Using Risk-Based Authentication allows you to adapt the login experience based on the current threat level, resulting in a secure and, more often than not, pleasant user experience.

Andrew Clymer

Job Role

Managing Director

What is Risk Based Authentication
15 Aug 2022
Efficient Cleaning Up of the Persisted Grant Table

IdentityServer uses a persisted grants table to store reference and refresh tokens. Clean-up code needs to be run periodically to remove expired tokens. The built-in functionality works for small/medium usage, but alternative approaches should be considered for high usage. This article outlines an alternative approach using a SQL stored procedure.

Andrew Clymer

Job Role

Managing Director

Efficient Cleaning Up of the Persisted Grant Table
29 Jul 2022
SAML 2.0 Integration with Duende IdentityServer

Are you looking to support SAML clients or external SAML identity providers in your IdentityServer? If so, this tutorial will help you implement a cross-protocol SSO.

Sundas Choudry

Job Role

Software Developer

SAML 2.0 Integration with Duende IdentityServer
04 Apr 2022
Announcing New AdminUI licensing

To align AdminUI and Duende IdentityServer licensing, newly purchased copies of AdminUI come with a lower cost annual license

Kieran Odinius

Job Role

Business Development

Announcing New AdminUI licensing
08 Mar 2022
Open Banking for OAuth Developers

This article will build upon your existing OAuth knowledge to learn about Open Banking’s architecture, its new acronyms, and what implementation is the best fit for you.

Scott Brady

Job Role

Security Consultant

Open Banking for OAuth Developers
08 Feb 2022
Rsk.Saml v5: Release Notes

Rsk.Saml v5 includes new features, improvements and breaking changes. Such as support for .NET 6, Duende IdentityServer v6 and HTTP Artifact binding.

Sundas Choudry

Job Role

Software Developer

Rsk.Saml v5: Release Notes
07 Feb 2022
Duende IdentityServer v6 Product Releases

Duende IdentityServer (IDS) 6 was released earlier this year – our products continue to support the framework in its latest update.

Kieran Odinius

Job Role

Business Development

Duende IdentityServer v6 Product Releases
18 Nov 2021
Improving SAML SSO Security Using HTTP Artifact Binding

SAML implementations typically exchange sensitive user data via the browser. This considerably increases the attack surface of your Single Sign-On (SSO) solution. Luckily, SAML offers an alternative mechanism called HTTP Artifact binding that allows protocol messages to be transported more securely.

Sundas Choudry

Job Role

Software Developer

Improving SAML SSO Security Using HTTP Artifact Binding
01 Sept 2021
Get a Single Sign-on (SSO) POC up and running in minutes.

If you are new to SSO, the learning curve can appear quite daunting; not only do you have to change the way your applications perform authentication, you also need to configure and deploy the single sign-on server. Our All in one solution gets you started in minutes.

Andrew Clymer

Job Role

Managing Director

Get a Single Sign-on (SSO) POC up and running in minutes.
24 Jun 2021
Installing IdentityServer and AdminUI on Linux

AdminUI has recently been made available as a universal project, meaning we now support a Linux installation scenario rather than recommending Docker as a multiplatform approach. This article will go through the steps needed to get AdminUI up and running on Linux.

Sam Brinsden

Job Role

Software Developer

Installing IdentityServer and AdminUI on Linux
05 Mar 2021
Implementing ABAC in a Microservice Architecture

Microservices is a common architectural pattern, but how best to integrate it with Attribute Based Access Control (ABAC).

Andrew Clymer

Job Role

Managing Director

Implementing ABAC in a Microservice Architecture
26 Feb 2021
Account Enumeration How To Harden Your SSO Solution

An account enumeration attack involves an attacker attempting an action, such as authentication or password reset, and looking for differences between responses to gain information on the system. Learn how to harden your SSO solution against these attacks.

Jo Stevens

Job Role

Software Developer

Account Enumeration How To Harden Your SSO Solution
01 Feb 2021
Why You Wouldn’t Use SAML in a SPA and Mobile App

SAML works really well for server-side applications, providing single sign-on across your applications. But can you use SAML with modern application types such as SPAs and mobile apps?

Sundas Choudry

Job Role

Software Developer

Why You Wouldn’t Use SAML in a SPA and Mobile App
22 Jan 2021
Announcing Support for Duende IdentityServer

When will products be supporting Duende IdentityServer? Will I have to pay for my component to work with Duende IdentityServer? How can I keep up to date with product releases?

Kieran Odinius

Job Role

Business Development

Announcing Support for Duende IdentityServer
20 Jan 2021
Rsk.Saml v4: Release Notes

SAML support for Duende IdentityServer is now available. Over the past few months, we have been updating our SAML component to work with both IdentityServer4 and Duende IdentityServer. As a result, we have split our component into separate packages to handle SAML identity provider and service provider functionality.

Scott Brady

Job Role

Security Consultant

Rsk.Saml v4: Release Notes
14 Dec 2020
Authorization, What Are My Options?

Applications are designed to deliver functionality to users - this is their primary goal. However, commonly, not all users can do everything in an application: features may be sensitive, they may need a premium subscription, or someone may need to give the user explicit permission to access their data. Delivering this "limiting" of functionality is also a critical part of application design. This article explores options for controlling access to functionality and assesses their strengths and weaknesses

Andrew Clymer

Job Role

Managing Director

Authorization, What Are My Options?
09 Nov 2020
Online Tutorials for Getting Started with IdentityServer4 and AdminUI

Looking to get started with IdentityServer and AdminUI? Rock Solid Knowledge has released four new online tutorials to help you kick start your single sign-on solution (SSO).

Kieran Odinius

Job Role

Business Development

Online Tutorials for Getting Started with IdentityServer4 and AdminUI
02 Nov 2020
The Benefits of SSOs for Your Business

The increasing complexity of the digital world is making single sign-on solutions (SSOs) more popular. Understand the benefits in its personal use and across your business, how it can improve employee productivity, and their work experience.

Briean Jenich

The Benefits of SSOs for Your Business
01 Oct 2020
IdentityServer vNext: Duende IdentityServer

IdentityServer has reached such a level of adoption that building and maintaining it has become a considerable effort. The creators, Dominick and Brock, have decided that this is no longer tenable with free/sponsored development. Therefore, they have announced the next version of IdentityServer (Duende IdentityServer) will require a paid for license for commercial use.

Andrew Clymer

Job Role

Managing Director

IdentityServer vNext: Duende IdentityServer
30 Sept 2020
AdminUI 4.0 Release Notes

AdminUI 4.0 now supports IdentityServer v4, changes to API resources and scopes, and additional ways to download and run AdminUI.

Kieran Odinius

Job Role

Business Development

AdminUI 4.0 Release Notes
16 Sept 2020
Managing Identities Across Cloud-based Applications and Services with SCIM

Managing user identities across cloud-based architectures can be difficult. By using the SCIM standards we can make this task simpler and more cost effective. This article will cover what SCIM is, why we use SCIM and give you a chance to preview the new SCIM for ASP.NET component from Rock Solid Knowledge.

Alex Jones

Job Role

Software Developer

Managing Identities Across Cloud-based Applications and Services with SCIM
04 Sept 2020
Rsk.Saml v3: Release Notes

SAML support for IdentityServer4 v4 is now available. Over the past few months, we have been building new features in our SAML IdP & SP component, culminating in 6 minor releases and 2 major releases.

Scott Brady

Job Role

Security Consultant

Rsk.Saml v3: Release Notes
20 Aug 2020
AdminUI 3.1 Release Notes

AdminUI 3.1 includes: clone client, two new client secret types, no more tokens in the browser, a new installer, redesigned client settings and more.

Kieran Odinius

Job Role

Business Development

AdminUI 3.1 Release Notes
16 Jul 2020
Online Tutorials for FIDO2 for ASP.NET

Looking to get started with FIDO2 for ASP.NET and WebAuthn? Rock Solid Knowledge has released 4 new online tutorials to help you implement our “FIDO2 for ASP.NET” component.

Scott Brady

Job Role

Security Consultant

Online Tutorials for FIDO2 for ASP.NET