Popular New Releases in Identity Management
vault
v1.10.1
k9s
v0.25.18
keepassxc
Release 2.7.1
keycloak
nightly
teleport
Teleport 8.3.8
Popular Libraries in Identity Management
by hashicorp go
23963 MPL-2.0
A tool for secrets management, encryption as a service, and privileged access management
by derailed go
15865 NOASSERTION
🐶 Kubernetes CLI To Manage Your Clusters In Style!
by keepassxreboot c++
12572 NOASSERTION
KeePassXC is a cross-platform community-driven port of the Windows application “Keepass Password Safe”.
by keycloak java
12056 Apache-2.0
Open Source Identity and Access Management For Modern Applications and Services
by uuidjs javascript
11964 MIT
Generate RFC-compliant UUIDs in JavaScript
by gravitational go
11583 Apache-2.0
Certificate authority and access plane for SSH, Kubernetes, web apps, databases and desktops
by ramsey php
11544 MIT
A PHP library for generating universally unique identifiers (UUIDs).
by keeweb javascript
10225 NOASSERTION
Free cross-platform password manager compatible with KeePass
by dani-garcia rust
8307 GPL-3.0
Unofficial Bitwarden compatible server written in Rust
Trending New libraries in Identity Management
by apple javascript
3270 MIT
A place for creators and users of password managers to collaborate on resources to make password management better.
by marmotedu go
994 NOASSERTION
企业级的 Go 语言实战项目(可作为Go项目开发脚手架)
by SpectralOps go
776 Apache-2.0
A secrets management tool for developers built in Go - never leave your command line for secrets.
by anthonynsimon python
723 MIT
Timeflake is a 128-bit, roughly-ordered, URL-safe UUID.
by Debdut javascript
672
Generate Easy to Remember, Readable UUIDs, that are Shakespearean and Grammatically Correct Sentences 🥳
by elpy1 shell
566 MIT
SSH over AWS SSM. No bastions or public-facing instances. SSH user management through IAM. No requirement to store SSH keys locally or on server.
by passwall go
546 AGPL-3.0
PassWall Server is the core backend infrastructure for PassWall platform
by lukeed javascript
533 MIT
A tiny (130B to 205B) and fast utility to generate random IDs of fixed length
by jstrieb javascript
448 MIT
Password-protect URLs using AES in the browser; create hidden bookmarks without a browser extension
Top Authors in Identity Management
1
26 Libraries
26481
2
16 Libraries
1186
3
13 Libraries
15808
4
12 Libraries
314
5
10 Libraries
1252
6
10 Libraries
216
7
8 Libraries
247
8
8 Libraries
812
9
8 Libraries
894
10
8 Libraries
135
1
26 Libraries
26481
2
16 Libraries
1186
3
13 Libraries
15808
4
12 Libraries
314
5
10 Libraries
1252
6
10 Libraries
216
7
8 Libraries
247
8
8 Libraries
812
9
8 Libraries
894
10
8 Libraries
135
Trending Kits in Identity Management
Here are some famous NodeJS UUID Libraries. Some of the use cases of NodeJS UUID Libraries include Generating unique IDs for authentication tokens, Generating IDs for distributed databases, Generating IDs for files, and Generating IDs for API requests.
Node.js UUID libraries are libraries created for the Node.js platform that allow developers to generate Universally Unique Identifiers (UUIDs). UUIDs are used to identify objects or records, and are generated in a way that ensures they are unique across all environments and databases. These libraries make it easy to generate UUIDs in Node.js applications.
Let us look at these libraries in detail.
nanoid
- Uses a smaller alphabet and length than other UUID libraries.
- Built-in random generator that is cryptographically secure.
- Simple to use, requiring only one line of code to generate an ID.
cuid
- Ideal for applications that need to store or transfer smaller amounts of data.
- Extremely low chance of collision due to its use of a combination of characters, numbers, and symbols.
- optimized for performance, making it faster than other uuid libraries.
uuid-js
- Lightweight JavaScript library which makes it easy to generate UUIDs from within a browser.
- Uses a cryptographically secure random number generator to generate UUIDs.
- Provides functions for converting UUIDs to strings and vice versa.
js-shortid
- Creates short, non-sequential, URL-friendly IDs.
- Lightweight, and has no dependencies.
- aster than UUID libraries and can generate up to 1 million unique IDs per second.
uuid-mongodb
- Enables developers to generate and use MongoDB’s ObjectIds as UUIDs.
- Provides a range of options for generating UUIDs.
- supports custom UUIDs, allowing developers to specify exactly what type of UUID.
uuid
- Able to generate cryptographically secure random UUIDs.
- Useful when creating a unique identifier for a user or other sensitive data.
- Supports the generation of v4, v5 and v6 UUIDs.
instauuid
- Designed to be more efficient and faster than other Node.js UUID libraries.
- Supports the generation of multiple UUIDs in parallel.
- Offers the ability to create and manage a database of UUIDs.
Trending Discussions on Identity Management
How to call the PIM Graph API endpoints?
Does the @azure/msal-angular package automatically refresh token?
How to Override Identity Management module for Multi-Tenancy
Google One Tap SignIn with Azure B2C, .NET Core and Blazor Webassembly
Database operations and calling API in single transaction
B2C Redirect to specified URI after Login
Azure global admin cannot(disabled) add roles under "Access Control(IAM)"
How to localize or change text for the Identity Management menu items
Assesment of a production network in Hyperledger Fabric
AWS SES 554-No SMTP Service for web.de and GMX email addresses
QUESTION
How to call the PIM Graph API endpoints?
Asked 2022-Mar-21 at 05:52I am trying to call the PIM (Privileged Identity Management) REST endpoints via the Graph API using PowerShell.
In Graph Explorer I try https://graph.microsoft.com/beta/policies/roleManagementPolicies
but it returns "{\"errorCode\":\"MissingProvider\",\"message\":\"The provider is missing.\",\"instanceAnnotations\":[]}"
I have gone down a rabbit hole with the MS documentation on this. Closest I got was they suggested the Powershell SDK, which is the new Microsoft.graph module. The equivalent cmdlet is Get-MgPolicyRoleManagementPolicy
which returns a similar error {"errorCode":"MissingProvider","message":"The provider is missing.","instanceAnnotations":[]}
.
I can't find anywhere how to supply it the missing information. I know this is beta and pretty bleeding edge, but I'm hoping someone has been down this and found a solution. There's an outstanding issue on GitHub for this, but the author/owner is conspicuously absent
ANSWER
Answered 2022-Mar-17 at 08:59This is know issue - https://github.com/microsoftgraph/microsoft-graph-docs/issues/15910?msclkid=c0822b1ca5cf11ec93ebea64a421b423
we will try to escalate this with dev team
QUESTION
Does the @azure/msal-angular package automatically refresh token?
Asked 2022-Jan-26 at 08:38I'm trying to move an existing angular 9 app from using an implicit flow with azure B2C to using the new auth code grant flow with PKCE. I'm using the @azure/msal-angular package and almost have it working. Just waiting on our identity management team to enable some settings.
But I'm wondering if this package automatically refreshes the bear token with the refresh token that we get in the token response? Or do I have to do some manual magic to get the refresh to happen? I'm not finding anything in this package's documentation pertaining to refresh tokens, wondering if anybody out there is using this and knows what the default behavior is with this package as it pertains to the use of the refresh token.
ANSWER
Answered 2022-Jan-26 at 08:38Yes, it automatically handles the token refresh.
From the (Microsoft Documentation):
Acquiring tokens silently (from the cache)
MSAL maintains a token cache (or two caches for confidential client applications) and caches a token after it's been acquired. In many cases, attempting to silently get a token will acquire another token with more scopes based on a token in the cache. It's also capable of refreshing a token when it's getting close to expiration (as the token cache also contains a refresh token).
QUESTION
How to Override Identity Management module for Multi-Tenancy
Asked 2021-Dec-20 at 18:26I was wondering how to Override the Identity Management Module to Work with Multi-tenant Web-Apps in Abp Framework . I want to Make my newly registered Users to become the admin of their own tenant and be able to Manage (Crud + Permission / Role Management ) their Subset users? For now I've created a custom UI to manage them, but I'm curios if it's possible to configure the Identity Management Module to do the job?
ANSWER
Answered 2021-Dec-20 at 18:26Ok looks like I just need to create an "Admin" role and make it my default role for each tennet
QUESTION
Google One Tap SignIn with Azure B2C, .NET Core and Blazor Webassembly
Asked 2021-Oct-11 at 11:46I'm currently using Azure B2C as identity management server to give my Blazor Webassembly client access to a .NET core API, but find the sign in flow to be a bit clunky. I've looked at Google One Tap sign in which is much more smooth but I'm not sure if that can be integrated with Azure B2C or if I need to throw that out. Can Google One Tap signin be incorporated Azure B2C and what are the basic steps to do so? And if that is not possible what are my alternatives?
ANSWER
Answered 2021-Oct-11 at 11:46You can configure Azure AD B2C to allow users to sign in to your application with credentials from external identity providers like Facebook, Google and GitHub.
Google One Tap is part of Google Identity Service, it's a type of Google Authentication without using password and we can use Google Identity Service along side with Azure AD B2C.
First we need to to register Google as an identity provider for your Azure AD B2C tenant, as described in this document.
You need to create a sign-up or sign-in policy, as described at Azure Active Directory B2C: Built-in policies, and add Google as an identity provider for this policy.
Check this example of using Google Identity Provider with Azure AD B2C for more information.
QUESTION
Database operations and calling API in single transaction
Asked 2021-Sep-18 at 09:41We have 2 systems, one Identity Management System that handles authentication and another is an application (say UserApp) (website) that user access. When a user registers, the user account is created in Identity Management System and UserApp database. The data should be in sync between these 2 systems. So the current code does the following when user registers
- the data is inserted into database (using Entity Framework)
- Account is created in IAM using an API call
Scenarios:
- If the database insert is failed then API is not called
- If database insert is successful, API fails then we delete the record. Question is what needs to be done if the delete fails, then the data is not in sync.
What is the best way to handle? The application is developed in C# with SQL Server.
ANSWER
Answered 2021-Sep-18 at 09:41You could make use of database transactions. You could create a database connection and open it.. The first line should be BEGIN TRANSACTION
. This means any subsequent SQL INSERTS/UPDATES
you execute wont be commited until you run the statement COMMIT TRANSACTION
.. If you want to roll back the transaction you would call ROLLBACK TRANACTION
.
So you could:
1Step 01: BEGIN TRANSACTION
2Step 02: Perform INSERT Statement.
3
If the SQL statement succeeds, you know the databse is up and accessible and this step has succeeded. It just that the row has not been commited to the database yet.
1Step 01: BEGIN TRANSACTION
2Step 02: Perform INSERT Statement.
3Step 03: On success of the INSERT statement, then Call the API
4Step 04: If API SUCCEEDS then COMMT TRANSACTION.
5Step 05: If API FAILS or there is an exception, then ROLLBACK TRANACTION
6
That way:
- If the SQL statement fails in any way (DB down, T-SQL error, etc), you exit early
- If the API call fails in any way, you exit early
- You only commit the SQL statement when the INSERT and the API succeeds
If the COMMIT Fails
Now there might be a slim chance the COMMIT fails due to power loss or network outage at that second, etc.. In that case you you would need to call the API to remove/deactivate the user you just created.
QUESTION
B2C Redirect to specified URI after Login
Asked 2021-Aug-14 at 15:21We are using b2c for our identity management. We have a destination link that only authorized users can see. Let's call this https://www.hypertrends.com/my-destination
When they arrive at this page, if they are unauthorized, then they get redirected to the B2C Login. This works perfectly fine. However, after login, we would like to send them back to the original page (i.e. my-destination) they first landed on.
We can't seem to figure out how to get that done. Does anyone have an idea on how this can be implemented in B2C?
ANSWER
Answered 2021-Aug-14 at 15:21Use the authentication library to pass in a value for the “state” parameter. This parameter will be returned in the authentication response to your application.
Encode a value which represents the location of where the user was on the website, and put it in the “state” parameter.
After the user logs in, have the application parse the state parameter and send the user to the correct location.
QUESTION
Azure global admin cannot(disabled) add roles under "Access Control(IAM)"
Asked 2021-Jun-02 at 11:35I activated my global admin role in Privileged Identity Management like so
When I navigate to the Access Control blade under a subscription, I see the Add role assignment options disabled.
Doesn't global admin has global rights and can do this?
Thanks
ANSWER
Answered 2021-Jun-02 at 11:21Doesn't global admin has global rights and can do this?
No. You're global admin in your Azure AD so you can perform all operations in Azure AD. Azure AD roles are different than Azure Subscription roles.
To be able to perform IAM related activities in an Azure Subscription, you must be assigned an Owner
or User Access Administrator
role in that Azure Subscription.
Considering you're the global admin in your Azure AD, you can elevate your permissions to perform IAM activities in Azure Subscription. Please see this link for more details: https://docs.microsoft.com/en-us/azure/role-based-access-control/elevate-access-global-admin.
Other option would be to ask someone in your team with proper access in the Azure Subscription to assign you in Owner
or User Access Administrator
role.
QUESTION
How to localize or change text for the Identity Management menu items
Asked 2021-Mar-03 at 06:36I'm trying to change the text for the "Identity management" menu item which is added up in the ABP framework somewhere. Is it possible find the localization key somewhere to add it to my en.json file or do I have to plunk through the context.Menu.GetAdministration()
menu items in my MenuContributor and hack it there? I've tried a bunch of different variations in the en.json file to no avail.
Thanks.
ANSWER
Answered 2021-Mar-03 at 06:36Extend an existing resource JSON file
- zh-Hans
1{
2 "culture": "zh-Hans",
3 "texts": {
4 "Menu:IdentityManagement": "身份管理"
5 }
6}
7
- en
1{
2 "culture": "zh-Hans",
3 "texts": {
4 "Menu:IdentityManagement": "身份管理"
5 }
6}
7{
8 "culture": "en",
9 "texts": {
10 "Menu:IdentityManagement": "Identity"
11 }
12}
13
Extending IdentityResource
1{
2 "culture": "zh-Hans",
3 "texts": {
4 "Menu:IdentityManagement": "身份管理"
5 }
6}
7{
8 "culture": "en",
9 "texts": {
10 "Menu:IdentityManagement": "Identity"
11 }
12}
13options.Resources
14 .Get<IdentityResource>()
15 .AddVirtualJson("/Localization/LocalizeModuleTest");
16
Effect is as follows
QUESTION
Assesment of a production network in Hyperledger Fabric
Asked 2020-Dec-23 at 05:20I have some questions regarding the deployment of a HLF use case. Suppose we build a platform in which users sell items. The users and their items are stored on the ledger via chaincode. The purpose is to also enforce access control on the items via the chaincode, so that another user for example cannot see a specific item. Then the 2 options regarding the whole identity management are:
The users do not have certificates in Fabric, and all transactions made by the users are forwarded to a single registered Client who interacts with the chaincode. Therefore, the transaction context will always have this client's ID. So from my point of view the username should be always passed to each transaction and implement access control using this username, though a registered Client has full authority over their data.
Every user is registered and enrolled and have their own identity. Every user makes a transaction directly on the blockchain via the chaincode, and access control can be implemented easily by using the stub.ID() and other attributes. That would mean that >100k users would be registered on a CA or multiple CAs.
The questions are:
Is HLF intended and suitable for the 2nd option, or is it made solely for the purpose of interaction between clients of organizations?
Is there a best way to handle this matter?
ANSWER
Answered 2020-Dec-20 at 08:02A ledger stores facts about the history of transactions that led to the current state of an object. The history also stores the users responsible for the current state of the object. If the state of an object is being changed, the admin/authorized user of an organization must be able to see who performed that change.
In the first approach, if you want to see the details of the user doing the "transaction", you'll have to store it somewhere different from the blockchain. While that can be a use-case of your project, it defeats the purpose of storing all facts about the history of a transaction of an object as every time the same user would be doing the transaction.
The second approach fulfills all the motives of incorporating blockchain in a project. Sure, you'll have to register and enroll every user who's creating/modifying an asset but then Access Control Management can be done in a better way. Please read about ACL to know about the granular access you can achieve in Hyperledger Fabric.
Also, you can also encode some information about a user in its x509 certificate with ASN.1
QUESTION
AWS SES 554-No SMTP Service for web.de and GMX email addresses
Asked 2020-Dec-21 at 08:35I am using AWS SES to send out emails automatically through my application. I have configured the Identity management as following:
DKIM is setup correctly. I have no issues sending emails from my domain except for GMX and WEB.de emails where I receive the following error:
1Action: failed
2Final-Recipient: rfc822; xyz@web.de
3(mxweb111) Nemesis ESMTP Service not available
4554-No SMTP service
5554-Reject due to policy restrictions
6
Looking at further documentation, it seems that emails coming from my domain are classified as Spam by their servers.
I have done research and found that I might need to configure Reverse-DNS but as it looks like, AWS SES does not support this?
What else can I do to make my emails get through WEB.de and GMX servers? Thank you.
ANSWER
Answered 2020-Dec-10 at 11:57I was in deep conversations with AWS SES support regarding this issue. This is the outcome:
I also would like to update you that SES internal team were able to confirm a deliverability issue with the recipient ISP and are actively working towards a resolution but we do not have an exact ETA at this time. Due to the nature of the shared IP pool, these types of blocks can happen periodically and we make every effort to resolve these issues as fast as possible. To prevent impact from these types of issues, it is always recommended to use dedicated ips for higher volume sending.
It means that the shared IP addresses used by AWS SES are blacklisted with GMX and WEB.de AWS SES wants to resolve this.
In the meantime, they recommend to use dedicated IP addresses to solve this issue. Please note that these IP addresses have to be "warmed up" in order to not cause trouble on the recipient end (e.g. spam folder issues). Unfortunately, my sending volume is not that high (yet) so I have my fingers crossed I can get those emails send out easily. Otherwise I have to find another solution or need to wait for AWS so solve the blacklist issue. I hope this helps anyone else.
Community Discussions contain sources that include Stack Exchange Network
Tutorials and Learning Resources in Identity Management
Tutorials and Learning Resources are not available at this moment for Identity Management