IT Security Stack Exchange
IT Security Stack Exchange

Questions tagged [identity-management]

49 questions
1
vote
0 answers

Is there any advantage in using Google's IAM on Android?

We are building a few corporate apps for field workers / front office. In most cases each user will have their own device, but there are some shared devices (for example reception). The devices are going to be Android and we are planning to develop…
aquaman
  • 73
  • 5
1
vote
1 answer

What are the pieces of information delivered in a user profile at the end of a OpenID Connect flow?

From what I understand about using OpenID Connect (over OAuth2), is that we end up with some JSON containing information about the user. That information is transported as a JSON Web Token. ➥ What are the pieces of information specifically?…
Basil Bourque
  • 137
  • 6
1
vote
0 answers

What's a good method for user to retrieve their unique identifiers?

This is an identity management question. After generating a unique identifier for users, what is the best way to allow them to retrieve their own uid for the first time? They get their uid shared with them during training but they often forget. …
pnkflydgr
  • 133
  • 2
1
vote
1 answer

Authentication providers for applications with no internet connection

I have an interesting use case where users need to authenticate to applications running in environments that might not have internet access or even access to an authentication server. Administrators need to be able to grant and revoke access to…
Raul Santelices
  • 111
  • 5
1
vote
1 answer

How to deal with spam that contains my personal details?

I just noticed some spam in my inbox in GMail that is from a very suspicious e-mail address (partially redacted anonymous@webXXXXXXX.ad.aruba.it) containing a link to a similarly suspect URL (http://centrodeesteticaopalo.com/URL_PARMS_REDACTED). …
Michael
  • 407
  • 2
  • 8
  • 16
0
votes
1 answer

Is there a way to securely lockdown a website to an Iphone?

So with a typical website, perhaps the fastest and most effective (arguably) way to secure the site is to add a simple .htaccess and restrict by ip addresses: .htaccess DENY from ALL ALLOW from xxx.xxx.xxx.xxx but I want to access my website via an…
Matthew Peters
  • 3,592
  • 4
  • 21
  • 39
0
votes
1 answer

How to sync with multiple authentication services?

I have a peculiar case to work on. We are using a proprietary product which supports LDAP integration. However, it can be configured to use only one LDAP service. (most of the products are shipped that way). Now, our customers want to login to this…
slayedbylucifer
  • 115
  • 5
0
votes
1 answer

How can I ensure privacy when outsourcing authentication to an IdP (Identity Provider)

I need to outsource authentication to an IdP (Identity Provider) but I don't want that IdP to know of the calling site. The two major issues are the callback URL and the referer header. Is there any way to "hide" or mask the callback URL, referer…
makerofthings7
  • 50,090
  • 54
  • 250
  • 536
0
votes
2 answers

Why would a bus ticketing app require an Internet connection when you board the bus?

The bus company that I use (Arriva UK) is trying to persuade passengers to switch from buying paper tickets to tickets stored on their app. They are particularly pushing this for 'bus passes': tickets that allow you to take any bus in a given area…
Matthew
  • 162
  • 6
0
votes
3 answers

What security concerns are there regarding website users inputting personal financial data without putting in personally identifying data?

I am a web developer, but I have only a rudimentary grasp of security, e.g., be careful to sanitize inputs, store as little user data as possible, encrypt passwords, keep up with security issues of libraries and packages, etc. Today, I was…
user
  • 103
  • 3
0
votes
0 answers

What is multi-party federation?

I am asked to prepare a write up on Identity Federation. I have nearly completed the write up. There is a term multi-party federation which I am confuesed at. Does it simply mean alloting multiple parties to carry out federation? Or is it a term…
Anonymous Platypus
  • 1,392
  • 3
  • 18
  • 33
0
votes
2 answers

Someone is using my email to create online accounts; what should I do?

I suspect it’s an attempt at getting into an existing account using a leaked email/password combo. I update my passwords regularly and do not reuse, so I don’t think the attack will be successful, but it is still frustrating. Right now, I’m changing…
Émile Jetzer
  • 109
  • 1
  • 1
  • 5
0
votes
1 answer

AWS IAM policies that differentiate between console & access key access

Question: How can an AWS IAM policy be devised to differentiate between a console (web) and access key (API) access? Use Case: Say, I want to allow the a certain group of users full IAM privileges via console(web), and read only IAM via access key…
Alex
  • 1
  • 2
0
votes
1 answer

Google Cloud IAM login to linux machines

Is it true that in GCP, accounts that will be used to log in to linux machines can be provisioned in Google Cloud IAM? And if so, how is it achieved (i.e. using directory services or by amending etc files)?
aquaman
  • 73
  • 5
0
votes
1 answer

a chain of 3 federated IdPs

My client has 5 different identity and access management solutions. Until now they have been asking each one of their suppliers to add 5 trusted parties to their IAM solution, implement different URLs that will trigger SSO etc. It is now proposed…
aquaman
  • 73
  • 5
1 2
3
4