In the second release cycle of 2023, we have updated our SSO to include Client Credentials Grant. In addition, we have performed several corrections and improvements as well as regular security updates and life-cycle management on the Identity Platform. For full details, please review the Release Notes.
Features
Client Credentials Grant with OIDC (OpenID Connect)
In brief, the Client Credential Grant permits an application (or client) the ability to request an access token. This token is used instead of having the application configured with an administrator password, thus being more secure.
Ubisecure’s Client Credentials Grant implementation supports two key use cases for the flow.
- Authorised Access use case, also known as Common flow – the Client’s access token is used to impersonate the client and request resources from other servers or applications.
- A lessor used, but available within the specification, configuration method is the Single application use case. In this flow a server is using its own credentials to access local resources on the same server, requiring user’s access rights.
Improved Stability
Also found in this development cycle are several smaller stability improvements. Memory and cache cleaning improvements will help environments with very long uptimes or very high utilisation for SSO. For CustomerID we have resolved a number of registration work-flow errors that could result in additional manual clean-up requirements of the LDAP directory.
Improved Security
With the CI running updates continuously for many of the utilised third-party libraries, we have been able to focus on additional security items. We have updated OpenLDAP MDB to 2.5.16, which includes OpenSSL v3 – an essential update as OpenSSL v1 is no longer being maintained. This OpenLDAP update has been backported to IDS 2023.1 release (SSO 9.3, in SSO 9.2.3).
Improved Information
Addressing a concern raised by a number of customers, we’ve also reorganised the Change Log for Identity Server. With this new format, you can quickly see which version of SSO should be grouped with which version of CustomerID and if there have been essential patches to each core application.
Looking Forward
Over the coming winter, we will be focusing on essential improvements around Swedish BankID, namely the support of the required animated QR codes. We’ll also be performing essential life-cycle management updates – we expect you to be able to see these clearly on a new area of the Developer Portal that will help to illustrate the overall system requirements and maintenance for your on-premise environment; note that using our Identity Cloud will ensure that all of the life-cycle management and upgrade requirements are fully managed by Ubisecure’s Operations Team.
Please have a listen on your favourite podcast, on all major streaming platforms, Let’s Talk About Digital Identity. You will hear from a wide range of guests covering many digital identity hot topics, including development areas. If there are specific features you want developed into the Identity Platform, please reach out to our Operations team or your account team to discuss.
As always, if you have any questions over this release or prior releases, contact us. We are here to help.
About The Author: John Jellema
As VP Product Management, John is responsible for ensuring Ubisecure’s ongoing development of its Identity Platform, optimising the feature development while driving generational change across the IAM delivery platform. Since joining Ubisecure in 2017, John has refocused the cloud and on-premises delivered services to fulfil customer expectations across the Nordics.
Prior to joining Ubisecure, John worked for Verizon as a Global Security Product Manager, developing and managing its DDoS platform around the world. With more than 20 years experience in global product management, John is passionate about seamless technology integration. Standing on the shoulders of giants permits us to achieve greatness today and into the future.
More posts by John Jellema