MänuAug 10
Zscaler SAML SP Authentication Bypass via Certificate Cloning & Signature Spoofing (CVE-2025-54982): https://blog.amberwolf.com/blog/2025/august/advisory---zscaler-saml-authentication-bypass/ #saml #zscaler
Angry Nerds PodcastAug 8

Angrynerds 115 - SAML bij?

https://video.angrynerdspodcast.nl/w/6XbPN9nqbm36jR9edsqEi3

Angrynerds 115 - SAML bij?

PeerTube
Christian HammondAug 6

A nice little release that brings some requested #SAML improvements. Review Board does NOT charge a SSO Tax, because security is too important for that.

We've been a bit quiet lately as we've worked toward the next major Review Board release, which we're starting to wrap up now.

https://mastodon.online/@reviewboard/114984090407873615

Review Board (@reviewboard@mastodon.online)

Review Board 7.0.4 is out now, featuring: 4️⃣ Custom tab stop widths 🔒 New SAML customization and provisioning options 🙋‍♀️ User API improvements https://www.reviewboard.org/news/2025/08/05/review-board-704-new-saml-options-custom-tab-stop-widths/ #projects #release #codereview #development

Mastodon
GripNewsAug 5
🌗 SAML Shield:現代化您的 SAML SSO 安全防護
➤ 阻止 SAML 漏洞於源頭,以開源或託管方式提供彈性保護
https://samlshield.com/
SAML Shield 是一套開源的解決方案,專為強化 SAML 單一簽署認證 (SSO) 安全性而設計,旨在防禦日益增長的 SAML 漏洞與斷言攻擊。它能與現有 SAML 堆疊無縫整合,無需修改現有的身分提供者 (IdP),並提供彈性的部署選項,包括直接嵌入應用程式或透過代理伺服器保護。透過即時驗證 SAML 斷言,SAML Shield 能在惡意斷言觸及應用程式碼前加以攔截,並持續更新規則集以應對最新的 CVE 漏洞。
+ 這真是太棒了!終於有一個能真正解決 SAML 斷言攻擊的方案,而且還是開源的,這讓開發者們能夠更深入地瞭解其運作原理。
+ 雖然我很欣賞開源選項,但 Stytch 提供的託管方案聽起來更吸引人,尤其是有自動更新和零維護的承諾。可以省去很多麻煩。
#安全 #SAML #SSO #資訊安全 #漏洞防護
SAML Shield

Modernize your SAML SSO security.

Joche OjedaAug 5

Understanding Keycloak: An Identity Management Solution for .NET Developers

https://www.jocheojeda.com/2025/08/05/understanding-keycloak-an-identity-management-solution-for-net-developers/

#Keycloak #DotNet #IdentityManagement #Authentication #Authorization #SingleSignOn #SSO #OpenIDConnect #OAuth2 #SAML #RedHat #OpenSource #IAM #MicrosoftEntraID #AzureAD #ActiveDirectory #EnterpriseSecurity #WebDevelopment #ASPNETCore #Blazor #JWTTokens #UserFederation #LDAP #MultiFactorAuthentication #SocialLogin #VendorIndependence #CostEffective #CentralizedAuth

Ludovic :Firefox: :FreeBSD:Jul 28

I'd like to follow some trainings on SAML/OIDC, understand how these things work, how they should be setup. Any recomendations?

#sysadmin #oidc #saml #training

Angrynerds PodcastJul 27

Angrynerds 115 - SAML bij?

https://makertube.net/w/hgGiDWPNvn7mween1fQghM

Angrynerds 115 - SAML bij?

PeerTube
Wladimir MuftyJul 26

Setting up a sector-wide #PeerTube pilot instance on behalf of Dutch higher ed & research using #SSO via #SAML, so no local usernames/passwords…

Anyone with experience uploading videos using the #REST #API for system integration purposes? No classic #OAuth flow here… or is it possible?!

💚➡️ #Framasoft #Fediverse #OpenSource #Education #Science #askfedi

👩🏽‍🎓 https://video.edu.nl/

video.edu.nl

Video.edu.nl, is een PeerTube pilot videoplatform van SURF.

video.edu.nl
LemonLDAP::NGJul 15

🍋 LemonLDAP::NG 2.21.2 is out!

🔗 Read our release notes: https://projects.ow2.org/view/lemonldap-ng/lemonldap-ng-2-21-2-is-out/

@ow2

#IAM #SSO #CAS #SAML #OpenIDConnect #OW2 #lemonldap #lemonldapng #Passkeys #Passwordless #WebAuthn #FIDO2 #WebSSO #OpenSource #FreeSoftware #LogicielLibre #Perl

Silke MeyerJul 9

Für "Identity Broker"-Szenarien mit Keycloak finde ich die Doku von Red Hat empfehlenswert. Dort ist verhältnismäßig gut beschrieben, wie man das Durchreichen von Claims/Attributen von einem Identity Provider durch einen anderen zu einem Client konfiguriert.

https://docs.redhat.com/en/documentation/red_hat_build_of_keycloak/26.0/html/server_administration_guide/identity_broker

#keycloak #singlesignon #iam #oidc #saml

Chapter 9. Integrating identity providers | Server Administration Guide | Red Hat build of Keycloak | 26.0 | Red Hat Documentation

Chapter 9. Integrating identity providers | Server Administration Guide | Red Hat build of Keycloak | 26.0 | Red Hat Documentation