Archive/category: Authentication

OpenDJ Attribute Uniqueness (and the Effects on OpenAM)

In real life we tend to value those traits that make us unique from others; but in an identity management deployment uniqueness is essential to the authentication process and should not be taken for granted. Case in point, attributes in OpenDJ may share values that you may or may not want (or need) to be unique. For Read more

Understanding OpenAM and OpenDJ Account Lockout Behaviors

The OpenAM Authentication Service can be configured to lock a user’s account after a defined number of log in attempts has failed.  Account Lockout is disabled by default, but when configured properly, this feature can be useful in fending off brute force attacks against OpenAM login screens. If your OpenAM environment includes an LDAP server Read more

It’s OK to Get Stressed Out with OpenAM

In fact, it’s HIGHLY recommended…. Performance testing and stress testing are closely related and are essential tasks in any OpenAM deployment. When conducting performance testing, you are trying to determine how well your system performs when subjected to a particular load. A primary goal of performance testing is to determine whether the system that you Read more

How to Configure OpenAM Signing Keys

The exchange of SAML assertions between an Identity Provider (IdP) and a Service Provider (SP) uses Public-key Cryptography to validate the identity of the IdP and the integrity of the assertion.   Securing SAML Assertions SAML assertions passed over the public Internet will include a digital signature signed by an Identity Provider’s private key.  Additionally, Read more

Single Sign-On Explained

  So what is SSO and why do I care?   SSO is an acronym for “Single Sign-On”.  There are various forms of single sign-on with the most common being Enterprise Single Sign-On (ESSO) and Web Single Sign-On (WSSO). Each method utilizes different technologies to reduce the number of times a user has to enter their username/password Read more

Opinions About the Federal Government’s Identity Initiative

Interesting read. This is essentially a WebSSO initiative with authentication based on CAC type ID cards or OpenID. The CAC type of implementation (ID Cards) are not practical as they require everyone to have a card reader on their PC in order to do business with the government. I don’t see this happening anytime too Read more

Identity Management Lessons from Sarah Palin

By now, many of you have already heard about the hacking of Alaska Governor Sarah Palin’s Yahoo e-mail account earlier this week (on or about Tuesday 9/16/2008). If not, here is a brief synopsys of the story. Sarah Palin’s personal Yahoo e-mail account was compromised and the contents of her account (including her address book, Read more