Auth0 – An Exciting SSO Infrastructure

30 בספטמבר 2013

When we think about SSO we have to think about simplicity, multi-platform integration, deployment scenarios (cloud / on-premises) and standard compliance. Unfortunately Microsoft solutions (ADFS, WAAD, ACS) are focused on SAML 1.1 and assume that applications has the ability to parse and validate such tokens. (WAAD and ADFS has OAuth previews which are currently not stable, ACS can use WRAP OAuth which not relevant) This assumption is problematic in the mobile era. Web Platforms today do not include strong XML stacks that are required to handle SAML tokens and so applications and especially mobile applications cannot handle...
no comments

NServiceBus PubSub Is Static and Does Not Support Publisher Side Filtering

12 בספטמבר 2013

NServiceBus has a simple Pub\Sub infrustructure. I use the word simple because it is simple to use. In NServiceBus subscriptions are defined statically. The NserviceBus scans your code and decides that A has to subscribe to B for messages of type M. If a A (Billing) has a class that handles message of type M (OrderAcccepted) and those messages are configured to be under the responsibility B (OrderProcessing), NServiceBus will initiate a subscribe request from A to B for messages M. (see the following example) public partial class...
no comments

Pub Sub Across Servers Using Redis

11 בספטמבר 2013

Redis is famous key value store that uses memory as its primary storage. This is why it is known for its speed and is often being used as a distributed cache in distributed systems. One important feature of Redis is its pub/sub system. With Redis Pub/Sub, processes can communicate and implement the publish subscribe pattern (one process publishes a message and many other can listen). More on Redis pub/sub can be found here. The question I’d like to discuss is how to do this across servers. When all participants are connected to the same...
no comments

Bug in ADFS. OAuth access token can be requested in UTC time zone only

9 בספטמבר 2013

My friend Assaf Israel showed me a bug in the new ADFS version in Windows Server 2012 Preview. When calling ADFS endpoint /oauth/authorize to get an authorization token the server will call the method BeginAdd in the class Microsoft.IdentityServer.Server.ArtifactResolutionService.ArtifactService to creates an artifact with an authorization token and store it in the database. The server will set the expiration date to be UTC time + 5 min. if (DateTime.Compare(artifact.Expire,DateTime.MinValue) == 0) artifact.Expire = DateTime.UtcNow.AddSeconds((double).artifactService.LifetimeInSeconds); When calling /oauth/authorize to get an...