Do not enter / Cory Doctorow In a previous post, I gave a definition of Authentication. In this post, we’re going[…]
Read moreCategory: Uncategorized
OpenID Connect (Authorization Code Flow) with Red Hat SSO
Patterns on the wall. / John In this post, we are going to configure Red Hat SSO v7.1 for OpenID Connect[…]
Read more
Application Security Models
I like to start system design (at the application level) with the security model that will be used to protect[…]
Read more
Digital Signature Series
The following blog posts are part of a series I wrote on digital signatures. DSig Part 1: XML Digital Signature[…]
Read more
Performance Tuning Methodology
I’m taking a brief excursion from my usual identity and API-centric posts to answer a question about performance tuning someone[…]
Read more
Understanding WS-Federation — Passive Requestor Profile
There are several identity protocols that are commonly supported by Identity Providers today — OAuth2, OAuth2 Token Exchange, OIDC, SAML2 Browser Profile,[…]
Read more
Summary of Azure Active Directory OAuth2 Authorization Grant and OIDC Authentication Flow Uses
A while back I needed a summary of which protocols were supported/recommended in different situations by Azure Active Directory while[…]
Read more
Authentication vs. Federation vs. SSO
Authentication. Federation. Single Sign On (SSO). I’ve mentioned these concepts many times. I haven’t actually formally defined what each of[…]
Read more
How To Submit Your Security Tokens to an API Provider, Pt. 2
This post was originally published as “How to Submit Tokens to an API Provider, Pt 2” on the Apigee Blog.[…]
Read more
How To Submit Your Security Tokens to an API Provider Pt. 1
This post was originally published as “How to Submit Tokens to an API Provider, Pt 1” on the Apigee Blog.[…]
Read more