There are many ways to implement user authentication in a modern application (mobile, desktop, tablet, web, etc). I have previously[…]
Read moreTag: Authentication
Red Hat SSO v7.1 OAuth2 Resource Owner Password Credential Grant Support
Patterns / New Media Consortium In this post, we will look at an example of the OAuth2 Resource Owner Password[…]
Read more
Understanding WS-Federation — Passive Requestor Profile
There are several identity protocols that are commonly supported by Identity Providers today — OAuth2, OAuth2 Token Exchange, OIDC, SAML2 Browser Profile,[…]
Read more
Authentication vs. Federation vs. SSO
Authentication. Federation. Single Sign On (SSO). I’ve mentioned these concepts many times. I haven’t actually formally defined what each of[…]
Read more
How To Submit Your Security Tokens to an API Provider, Pt. 2
This post was originally published as “How to Submit Tokens to an API Provider, Pt 2” on the Apigee Blog.[…]
Read more
How To Submit Your Security Tokens to an API Provider Pt. 1
This post was originally published as “How to Submit Tokens to an API Provider, Pt 1” on the Apigee Blog.[…]
Read more
JWT Use Cases
This post explores the equivalent JWT use cases corresponding to the five SAML2 use cases that were explored earlier in[…]
Read more
OpenID Connect Logout
The OpenID Connect (OIDC) family of specs supports logout (from a single application) and global (or single) logout (from all[…]
Read more
SAML2 Use Cases
The following blog posts discuss SAML2 use cases that have been explored in this series: SAML v2.0 vs JWT: SAML2[…]
Read more
Identity Propagation in an API Gateway Architecture
The power of end-to-end user security context with APIs This post was originally published as “Identity Propagation in an API[…]
Read more