Microsoft Office365 SAML Vulnerability: Authentication Bypass

English on April 30th, 2016 No Comments

The vulnerability in the Microsoft Office 365 SAML implementation, published last week, dramatically underlines how important it is to handle account federations with due diligence. In the light that such a drastic authentication bypass can happen, not only at a small SaaS and cloud player, but at a provider of the size and importance of […]

Tags: , , , , ,

User attributes in the SAML assertion

English on November 30th, 2012 2 Comments

It is nothing really new, but it was a missing feature in the administration GUI of our Public IDP: Configuring which user profile attributes should be sent as an AttributeStatement in a SAML assertion. The feature has always been there, but administrators had to open a service request to have attributes configured. Now, you can […]

Tags: , , ,

Securing Google Apps/Gmail – Part I

English on January 22nd, 2012 No Comments

In December Google announced the availability of SAML SSO and other APIs within the free edition of Google Apps. SAML was already introduced for the premium/business and educational versions back in 2007. But now you can benefit from this feature to make access to all versions of Google Apps more secure. This article has two […]

Tags: , , , , , , , ,

Single Sign On to the Game Portal Spellenmug

English on September 30th, 2010 No Comments

The board game portal www.spellenmug.nl offers several options for single sign on.  Most of them are OpenID based. Only one  leverages SAML v2:  the only free, open and public SAML V2 Identity Provider SSOCircle. SSOCircle IDP has now more than 250 integrated SAML v2 service providers in its SSOCircle of trust. Although many of them […]

Tags: , , ,

frrry is using SSOCircle as Identity Provider

English on July 11th, 2010 No Comments

Ferry Meewisse, a dutch bag designer, who runs the web site frrry.com, bags & fashion accessories, is using SSOCircle as a login option for partners and employees. Beside Google, Yahoo!, MySpace.com, myOpenID and generic OpenID, they have the option to log in via SSOCircle and leverage several strong authentication options like X.509 certificates, USB tokens […]

Tags: , , ,

SSOCircle celebrates its 3rd anniversary

English on January 28th, 2010 No Comments

It is already 3 years ago when SSOCircle, the free public multi protocol IDP, went into production. What happens in the past year ? We added new  devices to our strong authentication options:  The Yubikey and the Swekey, two new innovative OTP tokens. Users do not need to type in the one time passwords. In […]

Tags: , , , , , , , ,

New Download Service Provider

English on March 4th, 2007 No Comments

You can now download a sample SAML 2.0 service provider and install it in your web server. The sample is a static linked C executable which is preconfigured to use SSOCircle as an IDP. You just need a few steps to adopt it to your site. The steps are outlined in solutions. The download service […]

Tags: , , , , , ,

SSOCircle website launched.

English on January 28th, 2007 No Comments

SSOCircle offers a SAML 2.0 Identity Provider which allows everyone to join as a user or integrate as a Service Provider and participate in the SSOCircle.

Tags: , , ,