Workload identity federation supports OpenID Connect, so it should be compatible with AD FS. But until recently, workload identity federation didn’t work with AD FS-issued access tokens – only ID tokens worked properly. What was the issue there? Continue »
One of the best ways to store a service account key on Windows is to use a CryptoNG key storage provider. That even works with Java. Continue »
Some Google Cloud APIs don’t support service accounts and require us to use domain-wide delegation. But using domain-wide delegation doesn’t mean we have to use service account keys. Continue »
By default, IAP Desktop uses the
rsa-ssh public key signature algorithm when authenticating to a Linux VM. That can be a problem in certain situations, which is why the latest version now adds support for ECDSA.
By deploying a web application behind Identity-Aware-Proxy, we can ensure that an application only receives requests that are authenticated and satisfy the context-aware access rules we’ve configured. But there are still a few things that the web application needs to do itself. Continue »