Articles
Latest news and updates in identity and IdentityServer
-
Implementing ABAC in a Microservice Architecture -
Account Enumeration How To Harden Your SSO Solution
An account enumeration attack involves an attacker attempting an action, such as authentication or password reset, and looking for differences between responses to gain information on the system. Learn how to harden your SSO solution against these attacks.
Jo Stevens
- •
- Job Role
- Software Developer
-
Why You Wouldn’t Use SAML in a SPA and Mobile App
SAML works really well for server-side applications, providing single sign-on across your applications. But can you use SAML with modern application types such as SPAs and mobile apps?
Sundas Choudry
- •
- Job Role
- Software Developer
-
Announcing Support for Duende IdentityServer
When will products be supporting Duende IdentityServer? Will I have to pay for my component to work with Duende IdentityServer? How can I keep up to date with product releases?
Kieran Odinius
- •
- Job Role
- Business Development
-
Rsk.Saml v4: Release Notes
SAML support for Duende IdentityServer is now available. Over the past few months, we have been updating our SAML component to work with both IdentityServer4 and Duende IdentityServer. As a result, we have split our component into separate packages to handle SAML identity provider and service provider functionality.
Scott Brady
- •
- Job Role
- Security Consultant
-
Authorization, What Are My Options?
Applications are designed to deliver functionality to users - this is their primary goal. However, commonly, not all users can do everything in an application: features may be sensitive, they may need a premium subscription, or someone may need to give the user explicit permission to access their data. Delivering this "limiting" of functionality is also a critical part of application design. This article explores options for controlling access to functionality and assesses their strengths and weaknesses
Andrew Clymer
- •
- Job Role
- Director
-
Online Tutorials for Getting Started with IdentityServer4 and AdminUI
Looking to get started with IdentityServer and AdminUI? Rock Solid Knowledge has released four new online tutorials to help you kick start your single sign-on solution (SSO).
Kieran Odinius
- •
- Job Role
- Business Development
-
The Benefits of SSOs for Your Business
The increasing complexity of the digital world is making single sign-on solutions (SSOs) more popular. Understand the benefits in its personal use and across your business, how it can improve employee productivity, and their work experience.
Briean Jenich
-
IdentityServer vNext: Duende IdentityServer
IdentityServer has reached such a level of adoption that building and maintaining it has become a considerable effort. The creators, Dominick and Brock, have decided that this is no longer tenable with free/sponsored development. Therefore, they have announced the next version of IdentityServer (Duende IdentityServer) will require a paid for license for commercial use.
Andrew Clymer
- •
- Job Role
- Director
-
AdminUI 4.0 Release Notes
AdminUI 4.0 now supports IdentityServer v4, changes to API resources and scopes, and additional ways to download and run AdminUI.
Kieran Odinius
- •
- Job Role
- Business Development
-
Managing Identities Across Cloud-based Applications and Services with SCIM
Managing user identities across cloud-based architectures can be difficult. By using the SCIM standards we can make this task simpler and more cost effective. This article will cover what SCIM is, why we use SCIM and give you a chance to preview the new SCIM for ASP.NET component from Rock Solid Knowledge.
Alex Jones
- •
- Job Role
- Software Developer
-
Rsk.Saml v3: Release Notes
SAML support for IdentityServer4 v4 is now available. Over the past few months, we have been building new features in our SAML IdP & SP component, culminating in 6 minor releases and 2 major releases.
Scott Brady
- •
- Job Role
- Security Consultant
-
AdminUI 3.1 Release Notes
AdminUI 3.1 includes: clone client, two new client secret types, no more tokens in the browser, a new installer, redesigned client settings and more.
Kieran Odinius
- •
- Job Role
- Business Development
-
Online Tutorials for FIDO2 for ASP.NET
Looking to get started with FIDO2 for ASP.NET and WebAuthn? Rock Solid Knowledge has released 4 new online tutorials to help you implement our “FIDO2 for ASP.NET” component.
Scott Brady
- •
- Job Role
- Security Consultant
-
Migrating Your IdentityServer4 v3 Database to IdentityServer4 v4
With the release of IdentityServer4 v4 comes new features, and with those features come model changes. To account for the model changes, your database needs to be updated.
Alex Jones
- •
- Job Role
- Software Developer
-
Using Biometrics in ASP.NET Core
Physical biometrics, such as fingerprint or facial recognition, are super useful when logging into mobile apps. It allows the user to prove their presence without having to manage a password or go through a Multi-factor Authentication (MFA) process. So why can't you use biometrics in the browser?
Scott Brady
- •
- Job Role
- Security Consultant
-
Using AdminUI to Only Manage your Client Applications
Guided walkthrough on how you can use AdminUI to only manage your IdentityServer configuration.
Jo Stevens
- •
- Job Role
- Software Developer
-
Strong Authentication Without the Drama
Confirmation of identity is central to all security decisions. A whole host of decisions are made based on a user proving who they are. Failing to successfully prove identity means the entire authorization system comes crashing down.
Andrew Clymer
- •
- Job Role
- Director
-
AdminUI's User Settings Endpoints
Learn how to create a self-service portal for user claims
Joe Harvey
- •
- Job Role
- Software Developer
-
The Challenge of Building SAML Single Logout
SAML single sign-on (SSO) allows the end-user to securely authenticate across multiple applications by logging in once using one set of credentials. However, authentication is only the first half of the story.
Sundas Choudry
- •
- Job Role
- Software Developer
-
Choosing a Single Sign-on Solution
Companies with multiple systems that each require users to login and manage different accounts have an increased cost of ownership. Single sign-on solutions provide a reduced cost of ownership. There are many out there but which one is best for you?
Andrew Clymer
- •
- Job Role
- Director
-
Why You Need to Rotate Your Signing Keys
IdentityServer provides access tokens for clients to access protected resources and identity tokens for describing user authentication. Find out how the KeyManagement component automatically rotates keys for you
Andrew Clymer
- •
- Job Role
- Director
-
AdminUI 3.0 Release Notes
We are happy to announce that AdminUI 3.0.0 now runs on ASP.NET Core 3.1. Alongside the migration we have added a new client wizard to support Proof-key for Code Exchange (PKCE) for Web apps.
Kieran Odinius
- •
- Job Role
- Business Development
-
Announcing the First FIDO2 Certified Component for ASP.NET Core
Rock Solid Knowledge is pleased to announce that their FIDO2 for ASP.NET component has now achieved FIDO2 certification from the FIDO Alliance. FIDO2 certification means that the FIDO Alliance has certified that our component complies with the FIDO specifications and meets specific security profiles.
Scott Brady
- •
- Job Role
- Security Consultant