Jump to content

Leaderboard

Popular Content

Showing content with the highest reputation since 08/17/2021 in all areas

  1. elmo

    Support for SAML2 LogoutRequest

    As defined in the SAML RFC the end application should be able to generate and send a POST request to the originating IDP using a LogoutRequest, when using PasswordState combined with Azure AD SAML if you point it at the AAD logout URL and press logout Azure says no as its just a 302 to the logout URL. If you input the generic URL it will log you out of all AzureAD applications. Can we please ask for this to be supported? The application should send a LogoutRequest back to the IDP via client browser on logout/timeout. See the following URL for more info https://docs.microsoft.com/en-us/azure/active-directory/develop/single-sign-out-saml-protocol
    1 point
  2. To make the app server work you have to pin its certificate through the main Passwordstate service, which currently seems to use the certificate itself. I'm using Let's Encrypt for my certificates, so that means every few months I have to clear the pin, re-query for the new cert and tell all users to re-pair their apps. And even if you use "real" certs that have a validity period of a couple years, once that expires you'll have exactly the same problem. I propose that instead of generating some form of hash of the certificate, Passwordstate should use the SPKI fingerprint instead. As far as I know this is dependent on the private key, so as long as that doesn't change the output will be the same. This is how HTTP Public Key Pinning works as well, as to not to break all clients that have already cached the previous pin when the cert rotates. Many Let's Encrypt clients (or ACME in general) can be told to reuse an existing private key.
    1 point
  3. We recently implemented PWS as a MSP and lot of the engineers and sysadmins are missing a feature from the old system where they can shortcut an item which copies the username + password and CTRL-V would paste and username the first time and CTRL-V would paste the password the second time, then the clipboard is auto cleared (security feature which is probably not necessary as PWS has a clipboard warning feature already). Can it can be implemented as a double-field copy button?
    1 point
×
×
  • Create New...