Archive for January 2013

Yes, security of the identity store is important.

Posted on January 30, 2013, 11:59 AM, by Mike Diehn, under SysAdmin.

A friend at work identified a “feature” of SAML based Identity Federation systems. The weakness is likely possible in *any* SAML identity federation system. To explain, I’ll posit a Google Apps domain configured to use SSO with a company that uses Oracle’s Identity and Access Management products. In that product line, OIF is the federation […]

No Comments | Read the rest of this entry »

IIS7 keeps using old SSL cert

Posted on January 3, 2013, 9:43 AM, by Mike Diehn, under SysAdmin.

A user reported to me that his browser was reporting that one of the websites I maintain was sending out a revoked SSL certificate as it’s identity. I checked and found that, sure enough, the certificate authority (CA), which I also run, has put that cert on the CRL. It had been superseded when I’d […]

No Comments | Read the rest of this entry »