Test your SAML Service Provider from the Command Line

English on March 14th, 2016 No Comments

cURL and wget – these tools tend to be of great value when a developer starts programming against a new API. With OAuth, you need to get an access token from one API and query another API for the actual data. Seeing the requests at the command line helps understanding the protocols and errors that […]

Tags: , , , ,

New Premium Feature: Debugging IDP Integration

English on February 29th, 2016 No Comments

SAML Integration is easy? If you start to get your hands dirty and undertake the first steps in implementing the standard, you will most likely get an error when running your initial tests. You simply might have missed to import your service provider metadata into the SSOCircle of Trust or have something wrong with the […]

Tags: , , ,

Banks ignore crypto checks in credit card transactions. Standards are not enough!

English on January 23rd, 2016 No Comments

The newspapers “Zeit” and “c’t” revealed that credit cards with new chip-and-pin based security (EMV) can be cloned and used for payments. At first glance very surprising as EMV credit cards are smartcards with crypto graphic measures, which allow a bank to recognize modifications to cards or transaction data. These cards are per se more […]

Tags: , , ,

Session Timeout – another useless Security Brainchild?

English on January 7th, 2016 No Comments

A synonym for “timeout” is “break” or “pause”. Sounds like a good thing – in principle. When it comes to “session timeout” perception might be different. What exactly do we mean with “session timeout”? At OWASP you might find explanations similar to: Session timeout defines an action window which represents the time span in which […]

Tags: , , , ,

User attributes in the SAML assertion

English on November 30th, 2012 No Comments

It is nothing really new, but it was a missing feature in the administration GUI of our Public IDP: Configuring which user profile attributes should be sent as an AttributeStatement in a SAML assertion. The feature has always been there, but administrators had to open a service request to have attributes configured. Now, you can […]

Tags: , , ,

Service-now.com: On Demand IT Service Management supports SAML 2.0

English on November 29th, 2010 No Comments

ITIL v3 + Web 2.0 + SaaS = Service-now.com, a pioneer of On Demand IT Service Management combines ITIL v3 guidelines with Web 2.0 technology to a Software as a Service offering. As we have seen in many cases customers of SaaS providers are increasingly asking for identity and access management features for convenience and security. To […]

Tags: , , , , ,

SSOCircle integrates with Google Apps

English on April 15th, 2007 No Comments

With SSOCircle you can now experience Single Sign On to Google Apps: Email, Calendar, Docs and Spreadsheet plus a personalized portal page. See how it works and get your ssocircle.com email address.

Tags: ,