Photo by Chaman Raj on Unsplash

Lately, most of the popular browsers have been working on blocking the use of third party cookies. As of late 2020, Safari and Firefox had already begun blocking third-party cookies by default, and now Google Chrome seems to be following closely with a “phased-out” approach [1]. So how would this affect a user accessing an application using a session at WSO2 Identity Server? If the application still uses the old method for extending sessions, the user’s experience may become a little inconvenient.

Let me elaborate. Earlier, when a user’s session at the Identity Provider (IdP) approaches its timeout, the application…

I think this looks cool. Tee hee.

An aesthetically pleasing look and feel on your desktop environment is a nice thing to have. Especially when working long hours on your machine, it becomes more of a mandatory requirement, because the last you need when you’re cracking your brains trying to find a solution to a problem is an annoying user interface which just keep adding to the frustration.

Using a few tools and some tweaks here and there, you could make your Ubuntu Desktop look cooler and more efficient. In this post, I show you how to do just that.

The Terminal

The Linux Shell is a developer’s best…

The OpenID Connect specifications provides three methods for Single Logout (SLO) of an End-User from all the logged-in applications.


  • OIDC Session Management
  • OIDC Backchannel Logout
  • OIDC Frontchannel Logout

WSO2 Identity Server now supports all three types of logout specified by OpenID Connect. Session Management is enabled by default for all Service Providers and users (admins) are also provided with a choice between Backchannel and Frontchannel logout mechanisms.

If you need more information on OIDC Backchannel Logout, see here.

By reading this blog post, you will be able to learn the following,

1. How to configure OIDC Backchannel logout on…

This tutorial will guide you through configuring SSL (using HTTPS protocol) on Tomcat in a matter of minutes.

I have assumed that you have already installed and are familiar with the JAVA SDK and Apache Tomcat.

For Tomcat to use HTTPS, it needs JAVA keystore. We will first generate a keystore using JAVA..

Generating a Keystore file using JAVA

  1. Open a terminal and navigate to the bin folder in the JAVA_HOME directory.

Use the following command,

On Linux or OSX:
cd $JAVA_HOME/bin
On Windows:
cd %JAVA_HOME%/bin

We’re going to use the Keytool in this folder to generate the keystore.

2. Type the following command on the…

Photo by Brennan Ehrhardt on Unsplash

As mentioned in my previous post, OpenID Connect specifies three different forms of logout, two of which uses front channel communication. OIDC Backchannel Logout is a logout mechanism that uses backchannel communication.

As defined in Ldapwiki,

Front-channel communication is when the communications between two or more parties which are observable within the protocol.

Back-channel Communication is when the communications are NOT observable to at least one of the parties within the protocol.

In simple terms, frontchannel communication is when requests are communicated via the User Agent (i.e. …

Nowadays, just a username and password alone may not be enough to protect critical data and systems from the rapidly growing varieties of Cyber Attacks. To fight against these booming offensive maneuvers, the need for more security precautions in addition to the traditional username-password logon has been become a key requirement for most systems.

Adaptive Authentication was developed as a solution to fix this emerging issue. It is a type of dynamic Multi-Factor Authentication which can be configured and deployed in a way that the Identity Provider can provide the necessary levels of authentication by analyzing the user’s risk profile.

In my previous post, I talked about OpenID Connect and its basic workflows that are used to authenticate an End-User. Along with the login functionality, the logout functionality has to be provided as well to end the End-User’s session when required. The OIDC specification mentions the following three methods for Logout.

  • Session Management
  • Front-channel Logout
  • Back-channel Logout

In this post, I will be elaborating on Session Management and how it works.

According to the specification,

Session Management is a method of monitoring the End-User’s login status at the OpenID Provider (OP) in a continuous basis so that the Relying Party…

Whenever a certain application requires your personal details to identify who you really are, you would have to enter your name, phone number, email, etc, into the application to confirm your identity. Or would you really have to?

For example, let’s say that I want to log in to Medium. I already have a Google account and I’m logged in to it from the same browser. When I click ‘Sign in’ the following window pops up.

Back in the day, if a third-party application needed to access certain content from another application, the user would have to provide login details (i.e. username and password) of the application holding the content to the third-party app in order to enable access to the resources. This method would introduce many security risks as the third-party application could now gain full access into our resource provider application using the login credentials we entered. We may not know what the third-party app actually intends to do with our login info or how they store it in their system. All the security…

Ashen De Silva

“Talent is a pursued interest. Anything that you’re willing to practice, you can do.”

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store