SSOCircle

We are planing a scheduled maintenance of SSOCircle services on Sunday, 3rd May, with some short service interruptions between 6:00-8:00 GMT. We will be back with even more features, so please stay tuned.

We will replace SSOCircle’s signing and encryption certificate at 28. February 209. The meta data containing the new certificates can be found at new meta data URL. The certificate will be changed at 28.02.2009, next Saturday. Please be sure to replace the data on your SP.

As some customers are asking for better means of confirming a user’s identity after using the self registration procedure. Our IDPee hosted identity provider product now supports SMS confirmation messages send to a mobile telephone number instead of sending an email to the email-address entered during registration. As many users are subscribing with free web mailer accounts, which can be anonymous, the sending of SMS as an optional feature provides stronger linking of the user account at the IDP to the identity recognized by its cell phone telephone number. Interested in this feature ? Send us an email and we will upgrade your IDPee account.

SSOCircle is now adding a new strong authentication method: One Time Password tokens. In our approach to offer an IDP with strong authentication to everyone, the ePassOTP hardware tokens are unbeatable in price and give you a strong authentication method that can be used with any device. The SSOCircle authentication portfolio now comprises MSISDN, username/passwords, X.509 certificates (software and hardware token) and OTP hardware tokens mapping to three authentication levels.

SSOCircle now added MSISDN authentication support. Now you can choose among three authentication methods. Read the new authentication context study that describes use cases for these methods. MSISDN is an authentication method based on a trust relationship to your mobile provider. If you access the internet from your mobile, devices use the provider’s WAP gateway ( simple devices default to use WAP, others may use WAP optionally ). Some of the WAP gateways insert an HTTP header for identification – the MSISDN number. The number is used by SSOCircle to identify and authenticate you. To use MSISDN authentication you need the following requisites:

• The WAP Gateway must insert a MSISDN number
• The WAP Gateway must be trusted by SSOCircle
• You need to link the MSISDN number to your account
• Access SSOCircle by a mobile through a WAP Gateway

Please check whether you match the first two criteria by accessing the MSISDN check page. The third step can be done through the SSOCircle self administration.
Another part of the new authentication context study describes how to leverage authentication context to protect high sensitive user data by requiring a session upgrade to a strong authentication security context.

SSOCircle and IDPee now support different SAML2 authentication contexts. The SP is now able to require that a user is authenticated at the specified security strength. SSOCircle will determine the current authentication level and if necessary, asking the user to reauthenticate to the stronger security level.
Think of three different types of use cases. For example a simple bookmarking application that is accessed by a mobile device. For convenience you might decide to use a simple MSISDN automatic user recognition at SSOCircle. But if you are now accessing your Email at Google Apps, you definitely like to have a better protection of the emails. SSOCircle now enforces username/password authentication and upgrades your existing session. Consider now you like to regard your companies sales report application. In this case username / password might not be enough. The application may require that you are authenticated by a X.509 client certificate, issued to your Smart Card token.
Read our technical description for a detailed explanation of how all this works, what you have to do to leverage authentication context levels and which levels SSOCircle and IDPee support. Have a look on our secure lightbulb example which complements the previous lightbulb application to a demonstration of how an application might enforce a stronger authentication.

In our effort to provide a secure available architecture our servers are now hosted at geographically distributed locations by separate ISPs. We apologize for any inconvenience the change brought along. As some users might have noticed broken links or other misbehavior in the last weeks due to servers not being synchronized correctly. The locations have now replicated user database ( ssl encrypted replication ) and site fail-over capability protecting against server and ISP network outages.

How long does it take to setup an IDP ? Do you really want to read long manuals and fighting with installation and certificates ? Are you dreaming of automagically connect ? IDPee.com, the identity provider enterprise edition comes as a hosted service. Reducing your setup and operational costs, SAML v2 IDP is now getting affordable and manageable without hiring expensive specialists. IDPee comes with advanced security features like client certificate authentication ( automatic enrollement of X.509 certificates in your browser ) or even stronger security with smart card tokens. Different plans are available according to your requirements. We have just started public beta. Please register and start your own private IDP. Your IDP will be reachable by .idpee.com and can be customized to your corporate identity.

“SSO for All: SSOCircle Makes Single Sign-On Available to Everyone” is the title of the recently published Case Study on SSOCircle. The study gives a very good overview of the features and objectives of SSOCircle.

We are celebrating the 1st anniversary of SSOCircle’s public launch. It is exciting to see how SSOCircle is adopted and that the subscriber base climbed to over 500 users despite of almost no marketing activities. For us it is important to note that 10 % of the users are actively trying to undertake their first SAML steps or test their ready-to-run Service Provider by integrating into the SSOCircle of Trust. Strong authentication is another well accepted feature which was introduced in mid 2007. People are enrolling their certificates and use it to improve authentication to a more secure level. This short résumé is also the right time to say thanks for their ideas and help to the OpenSSO community notably Pat Patterson and Paul C. Bryan, ZXID creator Sampo Kellomäki and the guys from RS-Computer in Hannover and Feitian in Beijing.