Recording & slides available for our OpenID Connect webinar


Yesterday (June 13, 2017) Gluu's CEO Mike Schwartz hosted a webinar covering what you should look for in a secure OpenID Connect client (or "RP") implementation.

In case you missed it, or would like to re-watch or share with your colleagues, the recording and slides are now available online:

https://www.gluu.org/openid-connect-client-webinar-recording/

In the webinar Mike discussed a few important topics that I will briefly reiterate below:

  1. You can have the most secure central authentication server in the world, but if your applications don't properly implement standards your security model is compromised;
  2. The goal of OpenID Connect was to make simple things easy and complicated things possible. Connect makes it possible to achieve varying levels of security depending on the transaction value;
  3. One of the biggest security threats today come from man-in-the-middle (MITM) attacks. FIDO U2F [1] tokens prevent MITM attacks by stopping the authentication if the browser and server are not directly connected. 

Note: The Gluu Server supports U2F out-of-the-box. Learn more in our U2F docs. [2]

If you have questions or feedback we would love to hear from you.

Just send an email to sales@gluu.org

Thanks, and we hope the content is useful for your application security initiatives!