Single Sign-On плагин для Sonatype Nexus Repository

Хочу рассказать о своём проекте - Single Sign-On плагин для Sonatype Nexus Repository . Плагин реализует аутентификацию через SSO и пользовательские токены для Nexus редакции "Community Edition". Если вам интересна эта тема, то добро пожаловать под кат.

https://habr.com/ru/articles/904766/

#сезон_open_source #sonatype_nexus_repository_oss #sso #saml #java #osgi #хранение_данных

I became a maintainer of a popular #SAML library for Node.js, "node-saml", which in turn uses "xml-crypto", which in turn is based on XML signatures.

If you are still using SAML for #SSO, be aware there has been string of SAML vulnerabilities related to the fundamentals of how it works and there are likely to be more. You are advised to OIDC instead.

In this thread, I'll discuss some of weaknesses in SAML that have come up repeatedly. 🧵

#infosec #security #coding #programming

🍋 LemonLDAP::NG 2.21 is out!

📃 This new release includes improvements on OpenID Connect and CAS protocols, Loki logger, public notifications and much more.

🔗 Read our release notes: https://projects.ow2.org/view/lemonldap-ng/lemonldap-ng-2-21-0-is-out/

@ow2 @worteks_com

#IAM #SSO #CAS #SAML #OpenIDConnect #OW2 #lemonldap #lemonldapng #Passkeys #Passwordless #WebAuthn #FIDO2 #Loki #WebSSO #OpenSource #FreeSoftware #LogicielLibre #Perl

Hivemind:

Roll your own SAML (like, no IdP)?

#appsec #infosec #SAML

 GitHub uncovers new Ruby-SAML Vulnerabilities allowing Account Takeover Attacks.

Two high-severity security flaws have been disclosed in the open-source ruby-saml library that could allow malicious actors to bypass Security Assertion Markup Language (SAML) authentication protections.

https://github.blog/security/sign-in-as-anyone-bypassing-saml-sso-authentication-with-parser-differentials/

#github #ruby #saml #library #it #security #privacy #engineer #media #programming #tech #news