Virtually all of the systems we are building today share data via public networks. We rarely want that data to be available to everyone, so we restrict access to it.| securityblog.omegapoint.se
In the previous article, we talked about what information we require to achieve strong access control. This article looks at how we transfer information on what scopes and audiences the user has approved, their identity and details on their login, plus rights we use for access control.| securityblog.omegapoint.se
CVE-2023-6927 Keycloak vulnerability allows bypassing redirect URI validation which can be used as a vector for stealing authorization codes, access tokens and be used to redirect victims to arbitrary hosts.| securityblog.omegapoint.se
As independent security consultants we have had the opportunity and privilege to help our customers selecting and implementing a plethora of different solutions.In this article we aim to share with you some of the key factors to consider when selecting the right IdP solution for you, a central part of your architecture and IAM solution.| securityblog.omegapoint.se