Articles

2FA All the Way
10 Sept 2019
For over 30 years, we have used single passwords to verify identity, and we have known that they are vulnerable to a variety of attacks. Two-Factor authentication has been applied to strengthen the mechanism, but they often increase friction for the user, and can still be vulnerable to phishing attacks. The solution: FIDO2.

Andrew Clymer

Job Role

Managing Director

2FA All the Way
AdminUI: Connecting to SQL Server using Integrated Security
30 Jul 2019
If you wish to use Integrated Security here is what you need to know.

Christopher Myhill

Job Role

Software Developer

AdminUI: Connecting to SQL Server using Integrated Security
AdminUI 2.4 Release Notes
11 Jul 2019
AdminUI 2.4 includes 3 new client wizards, a new installer, inbuilt documentation and much more.

Kieran Odinius

Job Role

Head of Sales

AdminUI 2.4 Release Notes
Dynamic Authentication Providers
08 Jul 2019
One issue we hear a lot from our customers is the inability to add and configure external identity providers during runtime. To solve this, Rock Solid Knowledge have developed a new component for ASP.NET Core called Dynamic Authentication Providers.

Scott Brady

Job Role

Security Consultant

Dynamic Authentication Providers
The Dangers of SAML IdP-Initiated SSO
06 Jun 2019
When using SAML, we have two methods for starting Single Sign-On (SSO): SP-initiated or IdP-initiated. Both have their use cases, but one is more secure than the other. No points for guessing from the title.

Scott Brady

Job Role

Security Consultant

The Dangers of SAML IdP-Initiated SSO
SAML 2.4 Release Notes
06 Jun 2019
Rock Solid Knowledge is pleased to announce version 2.4 of the IdentityServer4 SAML component. This release includes new features for both SAML Service Providers and Identity Providers, based on user feedback and sponsored development.

Scott Brady

Job Role

Security Consultant

SAML 2.4 Release Notes
Fact Sheet: The Dangers of Using the Password Grant Type with Mobile Applications
22 Mar 2019
Having trouble convincing your colleagues that using the password grant type is a terrible idea? Is the allure of owning the login UI too strong for your design team? Then check out our fact sheet below for quick and easy facts about why you should never use the Resource Owner Password Credentials flow with public clients such as mobile applications.

Scott Brady

Job Role

Security Consultant

Fact Sheet: The Dangers of Using the Password Grant Type with Mobile Applications
Change in Recommendations for Browser-Based Applications
15 Feb 2019
Recently, due to a renewed discussion in the OAuth Working Group, the recommended approach for securing browser-based applications (such as JavaScript SPAs) has changed

Scott Brady

Job Role

Security Consultant

Change in Recommendations for Browser-Based Applications
AdminUI Audit Event Sink
07 Feb 2019
Today we are pleased to announce the release of the AdminUI Event Sink for IdentityServer...

Christopher Myhill

Job Role

Software Developer

AdminUI Audit Event Sink
AdminUI 2.3 Release Notes
15 Jan 2019
We are pleased to announce the release of AdminUI 2.3 compatible with IdentityServer4 2.x, featuring Auditing and DeviceFlow support...

Kieran Odinius

Job Role

Head of Sales

AdminUI 2.3 Release Notes
SAML & WS-Federation 2.2 & 2.3 Released
15 Jan 2019
We are pleased to announce the full release of .NET Core support for the IdentityServer4 SAML and WS-Federation components...

Scott Brady

Job Role

Security Consultant

SAML & WS-Federation 2.2 & 2.3 Released
Announcing WS-Federation Support for IdentityServer4 and .NET Core
22 Dec 2018
We are pleased to announce the open BETA of the IdentityServer4 WS-Fed component, allowing IdentityServer to act as an Identity Provider (IdP) using WS-Fed...

Scott Brady

Job Role

Security Consultant

Announcing WS-Federation Support for IdentityServer4 and .NET Core
Extending AdminUI with NewUser and PasswordReset WebHooks
26 Oct 2018
AdminUI offers a couple of webhooks enabling it to tightly integrate with your own custom user onboard or password reset journies...

Jo Stevens

Job Role

Software Developer

Extending AdminUI with NewUser and PasswordReset WebHooks
AdminUI's New Access Policy
11 Oct 2018
In response to customer feedback, we are pleased to announce that there is now multi-level administration in AdminUI 2.2...

Joe Harvey

Job Role

Software Developer

AdminUI's New Access Policy
FIDO2: The End of Passwords is Near
27 Sept 2018
There have been bold claims of killing passwords off for years. Recently there's been a lot of buzz about a potentially viable solution: FIDO2...

Scott Brady

Job Role

Security Consultant

FIDO2: The End of Passwords is Near
AdminUI 2.2 Release Notes
11 Sept 2018
We are pleased to announce the release of AdminUI 2.2. We've added support for new languages, redesigned the landing page, and addressed a number of bugs...

Kieran Odinius

Job Role

Head of Sales

AdminUI 2.2 Release Notes
Extending the AdminUI Schema
22 Aug 2018
AdminUI uses a custom ASP.NET Core Identity schema that extends the default user entities, allowing existing IdentityServer solutions to continue using these entities...

Scott Brady

Job Role

Security Consultant

Extending the AdminUI Schema
SAML 2.0 Integration with IdentityServer4
16 Aug 2018
Security Assertion Markup Language (SAML) is used to communicate authentication data between two parties. Implementing IdentityServer4 in the world of OpenID Connect? You could call it a "legacy" protocol...

Scott Brady

Job Role

Security Consultant

SAML 2.0 Integration with IdentityServer4
Announcing .NET Core Support for the IdentityServer4 SAML Component
09 Aug 2018
We are pleased to announce the first preview release of the IdentityServer4.Saml built using .NET Standard 2.0...

Scott Brady

Job Role

Security Consultant

Announcing .NET Core Support for the IdentityServer4 SAML Component
Increasing Click Through Rates with IdentityServer4 Passwordless Authentication
16 Jul 2018
Recently one of our customers came to us with a problem; their email campaign links all required an authenticated user, and as a result, a significant portion of users abandoned the campaign...

Scott Brady

Job Role

Security Consultant

Increasing Click Through Rates with IdentityServer4 Passwordless Authentication
Announcing IdentityManager2
09 Jul 2018
We are pleased to announce the BETA release of IdentityManager2, the newest version of the IdentityManager project, ported to ASP.NET Core with example support for ASP.NET Core Identity...

Scott Brady

Job Role

Security Consultant

Announcing IdentityManager2
AdminUI 2.1.2 Release Notes
23 May 2018
An update to address some bugs found in the software by the community. Thank you for bringing these problems to our attention and look forward to bringing more high-quality updates to you in the future...

Kieran Odinius

Job Role

Head of Sales

AdminUI 2.1.2 Release Notes
An Introduction to the OAuth Device Flow
27 Mar 2018
One of the few legitimate uses for the Resource Owner Password Credentials grant type is for browserless devices (smart TVs or Internet of Things etc). To address the issue of such devices, the OAuth working group are in the stages of finalizing a new spec...

Scott Brady

Job Role

Security Consultant

An Introduction to the OAuth Device Flow
AdminUI 2.1 Released
20 Mar 2018
We are pleased to announce the release of AdminUI 2.1, with new features focused on internationalization, usability, and accessibility. This includes bug fixes and UX improvements...

Scott Brady

Job Role

Security Consultant

AdminUI 2.1 Released

Vodafone
REPower
Deloitte
Tata Consultancy Services
Bouygues Telecom
British Council
Organisation for the Prohibition of Chemical Weapons
Project Management Institute (PMI)
Verizon
Sandvik Coromant
Schibsted
Stericycle
ICAEW
JP Morgan