Source — https://depositphotos.com/247966288/stock-photo-high-angle-view-diverse-business.html

In the first post of this blog series about the OAuth2, I provided a comprehensive overview of the OAuth2 core specification and its supporting specification. In the 2nd post, I discussed the OAuth2 Authorization Server Metadata specification. …


This article is the second post in my blog series about the OAuth2; reading the first post may help you to understand this current topic easily.

Although I intended to provide an overview above the OAuth2 and related specifications, I have extensively discussed the Authorization Code grant type in the


(Source — https://www.economist.com/gulliver/2018/05/08/two-hackers-have-found-how-to-break-into-hotel-room-locks)

Now it has been nearly 8 years after the formal approval of OAuth2 Core standard by IETF. Obviously, the OAuth2 is not a new technology for writing yet another introduction post, especially in 2020. So what has motivated me to write an introductory post about OAuth2 at this point? …


OWASP project recently finalised their API Security Top 10 list into RC level; you can have a look at it from here. When I went through the list, I was a bit surprised because most of the top security vulnerabilities are fundamental principles that we had been practising for a…


So far I have discussed key constructs of SAML 2.0 core standard and few supportive standards such as IDP Discovery and SAML Metadata too. Starting from this post, I’m planning to discuss SAML Profiles, if I recall our discussion about SAML profiles, profiles are practical use-cases defined in terms of…


This post is somewhat different from other posts of this series, majority of the concepts that we are discussing here are not only specific to SAML, those can be used with some other protocols as well, additionally, some of the real-world examples used here to describe some general concepts are…


WSO2 Identity Server (WSO2 IS) is a leading open source IAM (Identity and Access Management ) product and a member of WSO2 middleware platform. Like any other WSO2 product WSO2 IS is also licensed with Apache 2.0 …


As we previously discussed, SAML is a structured format to define security information (assertions) about a subject (usually about an individual) by an authorized authority called asserting party; however, there is no point to generate a SAML assertion and keep it itself by the asserting party, instead generated SAML assertions…


During the last post, I discussed some of the practical use cases of SAML, within this post I will try to discuss a few basic concepts related to SAML.

Generally, we refer SAML as a one stranded but it has been evolved into a complex ecosystem with a number of…


Recently I have been working closely and directly on Identity and Access Management (IAM) domain, which also raised a necessity to revisit most of the IAM concepts and standards again. …

Sagara Gunathunga

Integration and Identity Architect & PMC Member @ The Apache Software Foundation, was a Director @ WSO2

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store