Looking for more information on how to do PHP the right way? Check out PHP: The Right Way

php[architect]:
Single Sign On - You’re Probably Doing It Wrong
Aug 15, 2017 @ 13:28:32

The php[architect] site has a new post today sharing an article from their August 2017 issue by author (and member of thePHP.cc) Arne Blankerts: "Single Sign On - You’re Probably Doing It Wrong ".

Requiring users to log in individually to all the websites they need for their work is more than merely annoying: It wastes a lot of time and turns maintaining log-in credentials and permissions into a nightmare for the administrative staff. Let’s see if we can fix that with a single sign-on service.

The article talks about the basics of single sign on and what kind of benefits it brings to the table. They also talk about the single point of failure it introduces and some of the problems that can cause. The article then discusses the choices involved in implementing it: Should it support authentication, authorization or both? Should OAuth be involved? What about SAML? Other alternatives are also offered including JWTs, tokens/callbacks and client side certificates. The article ends with the suggestion that a proxied approach, one that authenticates on the first request but the session is then trusted by other services, is one of the better ways to go (but isn't without its own issues either).

tagged: singlesignon article phparchitect magazine arneblankerts security

Link: https://www.phparch.com/2017/08/single-sign-on-youre-probably-doing-it-wrong/

Stefan Priebsch's Blog:
thePHP.cc (a PHP Consulting Group)
Mar 04, 2009 @ 15:54:02

According to this new post on his blog Stefan Priebsch, Sebastian Bergmann and Arne Blankerts have joined forces to create thePHP.cc, a PHP consulting group.

In times of tight budgets, quality is a key success factor to reduce risks in IT projects. [...] We help businesses and enterprises to reduce IT costs in the long term with Open Source technologies and PHP in particular. We support our clients in improving their employee’s qualification to overcome skills shortages.

You can get more information about the group (including conferences they'll be at and contact information) from their site - thePHP.cc.

tagged: consulting thephpcc sebastianbergmann stefanpriebsch arneblankerts

Link: