On February 27, Duo Security reported SAML single sign-on has a vulnerability that could enable attackers to easily take over a victim’s account. Vendors impacted by the vulnerability such as Okta, OneLogin, OmniAuth, Clever Inc and the Shibboleth Consortium have been alerted, although it’s difficult to identify and notify all users who could be at risk.
We are into the second month of 365 Days of Passport and we are publishing a free whitepaper. We debated long and hard if we should gate this whitepaper and require you to fill out a form to get access. After much thought, we’ve decided to open this whitepaper to everyone (including the Google bot). If you like this new direction and want us to open all our content (old and new), let us know by emailing us at firstname.lastname@example.org.
It’s week 3 of 365 Days of Passport. Today, we are going geek on you. Let’s talk about JWTs (JSON Web Tokens).
JWTs are becoming more and more ubiquitous. CIAM providers everyone are pushing JWTs as the silver bullet for everything. JWTs are pretty cool, but let’s talk about some of the downsides of JWTs and other solutions you might consider.
The way I usually describe JWTs is that they are portable units of identity. That means they contain identity information as JSON and can be passed around to services and applications. Any service or application can verify a JWT itself. The service/application receiving a JWT doesn’t need to ask the identity provider that generated the JWT if it is valid. Once a JWT is verified, the service or application can use the data inside it to take action on behalf of the user.
Over the years, we’ve tried a number of different methods for letting developers get their hands on our products to try them out. During our 365 Days of Passport, we are going to try something new.
Our new evaluation system will let anyone create an account with us and immediately get access to the installable version of our products. You’ll be able to download any of our bundles (DEBs, RPMs or ZIPs), install on your dev box or on any server, and immediately start testing.
We also added another option to try our products. We created two sandbox servers in AWS, one for Passport and one for CleanSpeak. These sandboxes are open to the world and easy to log into. The username and password for our sandboxes will always be:
We are a couple of days into 365 Days of Passport, and it’s time to give you a preview of our plans to grow.
The first step of our plan is a little counter-intuitive, specifically in the current market climate. Step one is to stay bootstrapped for all of 2018. We want to prove that even in a heavily VC-funded space like CIAM, you can build a better mousetrap without taking any money. We want to prove that bootstrapped companies can compete with the the others who have $50M in the bank.