Yesterday (June 13, 2017) Gluu’s CEO Mike Schwartz hosted a webinar covering what you should look for in a secure OpenID Connect client (or “RP”) implementation.
In case you missed it, or would like to re-watch or share with your colleagues, the recording and slides are now available online:
In the webinar Mike discussed a few important topics that I will briefly reiterate below:
- You can have the most secure central authentication server in the world, but if your applications don’t properly implement standards your security model is compromised;
- The goal of OpenID Connect was to make simple things easy and complicated things possible. Connect makes it possible to achieve varying levels of security depending on the transaction value;
- One of the biggest security threats today come from man-in-the-middle (MITM) attacks. FIDO U2F  tokens prevent MITM attacks by stopping the authentication if the browser and server are not directly connected.
Note: The Gluu Server supports U2F out-of-the-box. Learn more in our U2F docs. 
If you have questions or feedback we would love to hear from you.
Just send an email to email@example.com
Thanks, and we hope the content is useful for your application security initiatives!
Subscribe to Get News and Product Updates
our RSS Feed