Category: News

Login to Your Salesforce Org with OpenID Connect in Winter ’14

The Winter ’14 release includes OpenID Connect Authentication Providers, allowing your org to be an OpenID Connect Client, and leverage an Authorization Server for user login. Let’s take a look at how this works: If you want to walk through the protocol in detail, there’s an excellent, detailed description on Google’s Developer site. (Source) http://blogs.developerforce.com/developer-relations/2013/09/login-to-your-salesforce-org-with-openid-connect-in-winter-14.html

Vulnerability Alert – OpenID 2.0 Implementations Vulnerabilities found in some OPs

Please be advised a number of OpenID Authentication 2.0 server implementations were found to be vulnerable due to non-compliance to the normative requirements of the OpenID Authentication 2.0 specification. The nature of the vulnerability In section 11.4.2.1 of the OpenID Authentication 2.0, it is stated that “For verifying signatures an OP MUST only use private […]

Second OpenID Connect Implementer’s Drafts Approved

The OpenID membership has approved the following specifications as OpenID Implementer’s Drafts in the vote held from July 23 and July 30, 2013: Basic Client Profile – Simple, self-contained profile for a Web-based Relying Parties using the OAuth code flow. Implicit Client Profile – Simple, self-contained profile for a Web-based Relying Parties using the OAuth […]

OpenID Connect Server in a Nutshell

Nat Sakimura has written a valuable post describing how to write an OpenID Connect server in three simple steps. It shows by example how simple it is for OAuth servers to add OpenID Connect functionality. This post is a companion to his previous post OpenID Connect in a Nutshell, which described how simple it is […]

Vote for Second OpenID Connect Implementer’s Drafts is Open

Please vote now at https://openid.net/foundation/members/polls/68. The vote is open between July 23 and July 30, 2013. The OpenID Connect Working Group recommends approval of the following specifications as OpenID Implementer’s Drafts: • Basic Client Profile – Simple, self-contained profile for a Web-based Relying Parties using the OAuth code flow. • Implicit Client Profile – Simple, […]

Review of Proposed Second OpenID Connect Implementer’s Drafts

The OpenID Connect Working Group recommends approval of the following specifications as OpenID Implementer’s Drafts: Basic Client Profile – Simple, self-contained profile for a Web-based Relying Parties using the OAuth code flow. Implicit Client Profile – Simple, self-contained profile for a Web-based Relying Parties using the OAuth implicit flow. Messages – Defines the messages that […]

OpenID Foundation 2013 Community Board Member Election Results

Thanks to all who voted for the board members who will represent the community at large on the OpenID Foundation Board of Directors. Nat Sakimura, John Bradley, Mike Jones and George Fletcher have been elected to two year terms. All are returning community board members, ensuring continuity and deep technical expertise to the Foundation. Henrik […]

OpenID Connect and Account Chooser Deployers’ Meeting at IETF 85

People interested in OpenID Connect, Account Chooser, and how they relate to IETF specifications such as OAuth, JSON Web Token (JWT), and JSON Object Signing and Encryption (JOSE) are meeting at IETF #85.  We will meet at 1:00 on Sunday, November 4th, and have the room all afternoon.  An overview of the specifications and status will be provided […]

OpenID Connect Technology Meeting, Oct 22 , 2012

OpenID Connect Technology Meeting will be held on Oct. 22, 2012 at Google, Mountain View. Bluewater Tech Talk Room Google Building 1220 1220 Charleston Road Mountain View, CA Lunch is at 11:30am and the meeting starts at 12:30pm. Non Members are welcome to attend, but must be aware of the OIDF IPR policy. You can find […]