Ultimate Security Professional Blog

Blog of Michael Furman

Keycloak with Onelogin OpenID Connect Provider

What will I cover in this post? We will learn how to integrate Keycloak with Onelogin OIDC Provider. Similar to SAML, Keycloak can be configured to use the external OpenID Connect Provider. The configuration steps are very similar to the configuration of SAML Provider described in my previous post, but the configuration simpler that the SAML configuration. Do not forget to follow me on Twitter Configuration Keycloak and Onelogin need to be configured in parallel.

Update Keycloak User Attributes from Onelogin SAML Provider

Update Keycloak User Attributes from Onelogin SAML Provider The post describes how to configure Keycloak and Onelogin to update Keycloak User Attributes from the Onelogin SAML Provider Do not forget to follow me on Twitter Why the User Attributes are empty? In my previous post I have described how to configure the Onelogin SAML Provider. You may be ask yourself: “Why the User Attributes are empty? I have values in Onelogin but the in Keycloak values are empty.

Keycloak with Onelogin SAML Provider

What will I cover in this post? We will learn how to integrate Keycloak with Onelogin SAML Provider. Do not forget to follow me on Twitter Configuration In my previous post I have described how to integrate Keycloak with Okta SAML Provider. The configuration with with Onelogin SAML Provider is very similar. Keycloak and Onelogin need to be configured in parallel. First, you need to add the SAML identity provider in Keycloak.

How can you deliver a secure product?

My presentation on the Application Security Meetup. You will learn what is Security Development Lifecycle (SDL) You will understand why SDL is important You will dive in details of SDL and you will see tips for each SDL phase You will realize how to roll out an SDL in your organization Finally, you will have all skills to deliver a secure product Do not forget to The video recording:

How to reset Two-Factor WebAuth

What will I cover in this post? In my previous post I have described Two-Factor Authentication with WebAuth. But what should you do when a user replaces WebAuthn device? In this post, we will learn how to reset WebAuthn for a specific user. In addition, we will see how to revert the WebAuthn configuration for all users. Reset WebAuthn for a specific user If a user replaces WebAuthn device he /she will not be able to login and will see the following error:

Two-Factor Authentication with Keycloak WebAuth

What will I cover in this post? We will learn how to configure Two-Factor Authentication with Keycloak WebAuth. In this post, I plan on: Explaining what is WebAuth Explaining how to configure WebAuth in Keycloak What is WebAuth? WebAuthn is the standard recommended by FIDO Alliance and W3C. WebAuthn defines a standard web API that gives users new methods to securely authenticate. It can be incorporated into browsers and related web platform infrastructure, in the browser, across multiple sites, and on numerous device types.

Preventing OWASP A4 XML External Entities (XXE) in a better way

XML External Entities (XXE) is a dangerous vulnerability, currently ranked fourth (A4) in the OWASP Top Ten. Resolving this vulnerability should be a high priority for all Java developers. In this presentation, presented by Anat Mazar (https://www.linkedin.com/in/anat-mazar/) and Michael Furman (https://www.linkedin.com/in/furmanmichael/) on the OWASP meetup we will Demonstrate why XXE is so dangerous Show you how this vulnerability is typically resolved – in each and every place in the code that you parse an XML file Show you the better resolution – set a couple of system Java system properties once, and never worry about XXE again.

Secure Communication with a WireGuard VPN

What will I cover in this post? We will learn how to configure a WireGuard Virtual Private Network (VPN) for secure communication between two servers. In this post, I plan on: Explaining what is WireGuard Explaining how to to configure WireGuard What is WireGuard? According to the WireGuard site: WireGuard® is an extremely simple yet fast and modern VPN that utilizes state-of-the-art cryptography. WireGuard communicates via a WireGuard interface.

TLS Communication with Ghostunnel

What will I cover in this post? We will learn how to use ghostunnel for the TLS communication between non-TLS client and server. In this post, I plan on: Explaining what is ghostunnel Explaining how to to configure ghostunnel Explaining advanced security settings What is ghostunnel? The ghostunnel site explains it very well: Ghostunnel is a simple TLS proxy with mutual authentication support for securing non-TLS backend applications.