Ones and Zeros

 Apigee  (Google's Cloud API tool)   I was surprised how many policies Google offered in Apigee:  Standard Policies:     1) Traffic management policies: SpikeArrest policy     2)  Mediation policies: CORS, GraphQL, HTTPModifier, JSONtoXML, OASValidation, PublishMessage, RaiseFault, ReadPropertySet, SOAPMessageValidation, XMLtoJSON policies    3) Security policies: AccessControl, HMAC, DecodeJWT, VerifyJWT policies    4) Extension policies: AssertCondition, ExternalCallout policies Extensible policies:    1) Traffic management policies: InvalidateCache, LookupCache, PopulateCache, ResponseCache, Quota, ResetQuota policies    2) Mediation policies: AccessEntity, AssignMessage, ExtractVariables, KeyValueMapOperations, MonetizationLimitsCheck, ParseDialogflowRequest, SetDialogflowResponse, XSLTransform policies    3) Security policies: BasicAuthentication, JSONThreatProtection, DecodeJWS...

  Active Directory Federation Services  Microsoft's Active Directory Federation Services (ADFS) is outdated because it only allows SAML 1.0 rather than the current 2.0 and requires multiple servers.  ADFS is focused around Business Central clients.  With ADFS you have to choose between Security Assertions Markup Language (SAML) 1.0 tokens or JSON Web Tokens (JWT). Then Business Central and Business Central Web Server has to be adjusted to use ADFS. The Dynamic Nav Windows client connection has been discontinued for a number of years now.   Microsoft announced the availability of Azure Active Directory certificate-based authentication (CBA) in Feb. 2022.   Source: https://redmondmag.com/articles/2021/04/28/fireeye-explains-nobelium-exploit-of-adfs.aspx   ADFS was attacked by the Nobelium (also called "Solorigate") group associated with Russia, which tapped into government and industry organizations. One of the avenues of those attacks was ADFS...

 Okta Okta is neutral authentication platform that is:    passwordless,    multi-factor authentication (MFA),    OAuth2 with lots (30+) of social platforms,    can email magic links or enter one-time codes    Fast IDentity Online (FIDO) authentication    includes biometrics    WebAuthn Okta does:    Active Directory,    Federated single sign-on (SSO),    Deep App Integration,    Network Security,    3rd party Mobile Device Management (MDM),    Cloud Access Security Broker (CASB) Okta pricing is high for Workday Identity Cloud, but good for Customer Identity Cloud.  Okta offers Customer Identity Cloud and Workforce Identity Cloud solutions. Try Customer Identity Cloud for free and get 7,000 monthly active users (MAU) & unlimited logins. No credit card required. 

 JWT vs OAuth 2.0 vs SAML vs SSO    The main differences between JSON web tokens (JWT) and OAuth 2.0 and Security Assertions Markup Language (SAML) tokens are :     JWTs could be used internally in SPAs, stateless situations, or authorizations for APIs. JWTs are JSON of course.     OAuth is always external and authorization server is the server that grants it. OAuth is based on HTTP request parameters and JSON response message.     SAML is always external and identity provider is the server that grants it. SAML is thought of as more enterprise. SAML has challenges of coding XML parsing, encryption, signing, and validation on the client. SAML 2.0 introduced many new protocols, including the assertion query and request, authentication request, artifact resolution, name identifier management, name identifier mapping, and single logout protocols. SAML 2.0 separated bindings from underlying profiles such as reverse SOAP, SAML...