Lately, most of the popular browsers have been working on blocking the use of third party cookies. As of late 2020, Safari and Firefox had already begun blocking third-party cookies by default, and now Google Chrome seems to be following closely with a “phased-out” approach . So how would this affect a user accessing an application using a session at WSO2 Identity Server? If the application still uses the old method for extending sessions, the user’s experience may become a little inconvenient.
Let me elaborate. Earlier, when a user’s session at the Identity Provider (IdP) approaches its timeout, the application…
An aesthetically pleasing look and feel on your desktop environment is a nice thing to have. Especially when working long hours on your machine, it becomes more of a mandatory requirement, because the last you need when you’re cracking your brains trying to find a solution to a problem is an annoying user interface which just keep adding to the frustration.
Using a few tools and some tweaks here and there, you could make your Ubuntu Desktop look cooler and more efficient. In this post, I show you how to do just that.
The Linux Shell is a developer’s best…
The OpenID Connect specifications provides three methods for Single Logout (SLO) of an End-User from all the logged-in applications.
WSO2 Identity Server now supports all three types of logout specified by OpenID Connect. Session Management is enabled by default for all Service Providers and users (admins) are also provided with a choice between Backchannel and Frontchannel logout mechanisms.
If you need more information on OIDC Backchannel Logout, see here.
By reading this blog post, you will be able to learn the following,
1. How to configure OIDC Backchannel logout on…
This tutorial will guide you through configuring SSL (using HTTPS protocol) on Tomcat in a matter of minutes.
I have assumed that you have already installed and are familiar with the JAVA SDK and Apache Tomcat.
For Tomcat to use HTTPS, it needs JAVA keystore. We will first generate a keystore using JAVA..
Use the following command,
On Linux or OSX:
cd $JAVA_HOME/binOn Windows:
We’re going to use the Keytool in this folder to generate the keystore.
2. Type the following command on the…
As mentioned in my previous post, OpenID Connect specifies three different forms of logout, two of which uses front channel communication. OIDC Backchannel Logout is a logout mechanism that uses backchannel communication.
As defined in Ldapwiki,
In simple terms, frontchannel communication is when requests are communicated via the User Agent (i.e. …
Nowadays, just a username and password alone may not be enough to protect critical data and systems from the rapidly growing varieties of Cyber Attacks. To fight against these booming offensive maneuvers, the need for more security precautions in addition to the traditional username-password logon has been become a key requirement for most systems.
Adaptive Authentication was developed as a solution to fix this emerging issue. It is a type of dynamic Multi-Factor Authentication which can be configured and deployed in a way that the Identity Provider can provide the necessary levels of authentication by analyzing the user’s risk profile.
In my previous post, I talked about OpenID Connect and its basic workflows that are used to authenticate an End-User. Along with the login functionality, the logout functionality has to be provided as well to end the End-User’s session when required. The OIDC specification mentions the following three methods for Logout.
In this post, I will be elaborating on Session Management and how it works.
According to the specification,
Session Management is a method of monitoring the End-User’s login status at the OpenID Provider (OP) in a continuous basis so that the Relying Party…
Whenever a certain application requires your personal details to identify who you really are, you would have to enter your name, phone number, email, etc, into the application to confirm your identity. Or would you really have to?
For example, let’s say that I want to log in to Medium. I already have a Google account and I’m logged in to it from the same browser. When I click ‘Sign in’ the following window pops up.
Back in the day, if a third-party application needed to access certain content from another application, the user would have to provide login details (i.e. username and password) of the application holding the content to the third-party app in order to enable access to the resources. This method would introduce many security risks as the third-party application could now gain full access into our resource provider application using the login credentials we entered. We may not know what the third-party app actually intends to do with our login info or how they store it in their system. All the security…