Skip to main content
Information Security

Questions tagged [single-sign-on]

Ask Question

Single Sign On (SSO) is the process of authenticating once against a single system to gain access to multiple (often unrelated) systems.

51 questions
Newest Active Bountied Unanswered
2 votes
0 answers
133 views

I'm encountering an issue with the implementation of Single Sign-On (SSO) in our WPF application, and I'd appreciate some guidance or insights from the community. Here's a breakdown of our setup: We ...
Barry Allen's user avatar
  • 21
1 vote
0 answers
621 views

I am tasked with moving away from implicit flow in a SPA. It is a basic solution consisting of a react SPA and a .net API, on the same domain. This web app is a case management solution that deals ...
ryansan's user avatar
  • 113
0 votes
1 answer
1k views

There is really not that great information on what the best practices are for auth in SPA/API solutions. Most of them just say use JWTs and auth code flow in the SPA. There is a ton of information ...
ryansan's user avatar
  • 113
1 vote
0 answers
101 views

I want to create a website with password login and social login (e.g. Google only.) For password login, first I will send a verification email. I want to prevent pre-hijacking. For those who do not ...
ihsan çiftci's user avatar
  • 11
2 votes
2 answers
195 views

This is a slightly tough one to explain with my current experience, lacking mainstream terminology. But here goes. I have an encryption/security model whereby I do not store users plaintext passwords. ...
RobbB's user avatar
  • 261
0 votes
0 answers
382 views

I want to accomplish the following: Having a web application or mobile app authenticating users using openid connect. Having a REST Api authenticated using openid connect using the same user as for ...
Wilko van der Veen's user avatar
  • 123
1 vote
1 answer
229 views

I am not questioning the security of the technical implementations of SSO, but the training of users to follow a potentially insecure access pattern. Background If you for example roll out SSO (single-...
jonatan's user avatar
  • 111
2 votes
0 answers
584 views

I plan to use Keycloak to authenticate / authorize various users and services across the organization. These include: Service-to-service End-users connecting from public internet Intranet users ...
sdgfsdh's user avatar
  • 158
1 vote
1 answer
370 views

According to the "Single sign-on" page on Wikipedia: A simple version of single sign-on can be achieved over IP networks using cookies but only if the sites share a common DNS parent domain....
Martin's user avatar
  • 441
1 vote
0 answers
188 views

I have a database-backed web application, with authentication via organizational single sign-on, modeling a library lending system for digital books. I'd like to allow users to check out books and see ...
David Moles's user avatar
  • 111
0 votes
0 answers
223 views

I’m currently in need of some clarification for an authentication/overall strategy. First I will describe the use case and then the questions that arise for me. Use Case I want to have a single docker ...
TM.96's user avatar
  • 1
1 vote
0 answers
643 views

I want to build an SPA with ASP.NET Core (Blazor server side) which some IFrames redirecting to other applications. In this example I have f.e. the SPA, Grafana to show graphs and Node-Red, but there ...
Max R.'s user avatar
  • 141
1 vote
1 answer
569 views

So it's unclear how much more security needs to happen at the ACS point. I can see that the IDP signs a signature that involves a certificate and private key. The SP can verify the signature with the ...
Luka's user avatar
  • 115
1 vote
2 answers
2k views

I am currently adding single sign-on functionality between my application and an electronic health record (EHR) system. The SSO is done using the OpenID Connect authorization code flow, but unlike a ...
Justin Holzer's user avatar
  • 111
10 votes
3 answers
24k views

Currently, my webserver support TLS 1.0 TLS 1.1 TLS 1.2 One of your single sign-on clients will move to TLS 1.2 on 1st April 2020. Can I remove TLS 1.0 and TLS 1.1 now? Or I need to wait till ...
Avery Lam's user avatar
  • 101

15 30 50 per page
1
2 3 4