Previously, we explored two ways of authenticating to Google Cloud using Kerberos and NTLM credentials. Both ways involved authenticating to AD FS using Integrated Windows Authentication, and then using workload identity federation. But there’s a third way that we haven’t cover yet – and it involves using the SAML HTTP-POST binding.
Continue »
When an application needs to access Google Cloud APIs, it needs credentials. On Google Cloud, we can attach a service account to the underlying compute resource to let the application obtain credentials. On AWS and Azure, we can achieve something to the same effect by using workload identity federation. But what about on-premises?
Continue »
When you create an enterprise app in Azure AD and configure SAML-based single sign-on, Azure AD assumes that the application also supports SAML for sign-out – but as it turns out, not all apps do.
Continue »
When working with cloud services, you occasionally encounter two APIs that essentially do the same thing, but require different authentication or permissions. Such cases tend to pique my interest.
Continue »