Authlete’s Post

#Keycloak 26.4 is out with a lot of new capabilities focused on security enhancements, deeper integration, and improved server administration for your self-hosted #iam: * Passkeys for seamless, passwordless authentication of users. * Federated Client Authentication to use #SPIFFE or #Kubernetes service account tokens for client authentication (preview feature). * Simplified deployments across multiple availability zones to boost availability. * #FAPI 2 Final: Keycloak now supports the final specifications of FAPI 2.0 Security Profile and FAPI 2.0 Message Signing. * #DPoP: The OAuth 2.0 Demonstrating Proof-of-Possession at the Application Layer (DPoP) is now fully supported. Improvements include the ability to bind only refresh tokens for public clients, and securing all Keycloak endpoints with DPoP tokens. Read more the full release announcement: https://lnkd.in/ez4sD2Yc

Complete Guide to DNSx for Mass DNS Resolution and Bug BountyThis article provides a comprehensive guide on DNSx, a tool for mass DNS resolution, particularly useful in bug bounty workflows. It helps validate subdomains, detect sensitive DNS records, and potentially identify misconfigured subdomains, which could lead to takeovers. Dnsx is part of the ProjectDiscovery ecosystem and can be installed using Go.https://https://lnkd.in/eWqyi28T

🚀 Just released the FastAgent Security Schema Validation Framework — a full CI-ready setup to validate advanced backend configs with: ✅ mTLS & shared CA trust stores ✅ Certificate pinning ✅ OAuth2 mTLS-bound & DPoP tokens ✅ Composable multi-layer security 🔍 Built with Ajv + TS/JS test suite. 💾 Open-source, CI-friendly, and production-grade. Learn more: https://lnkd.in/g3N4uX82 Repo: https://lnkd.in/gvtfzjSS #FastAgent #Security #DevSecOps #mTLS #OAuth2 #OpenSource

"If an API doesn’t remember you, how does it still know you’re you? 🤔" That’s where Authentication comes in — the digital ID check before granting access. 🪪 Think of it like entering a secured building: 🏢 You show your ID card (Token) 🚪 Security verifies it ✅ You’re allowed inside In APIs, that “ID card” is often a JWT — JSON Web Token. 🔐 The process is simple: 1️⃣ You log in → Server gives you a token 2️⃣ You send that token with every request 3️⃣ Server checks → “Yup, that’s you!” 💡 JWTs make APIs stateless, secure, and easy to scale — no need for the server to store sessions. So next time you call an API, remember - that little token is your digital passport. 🌍 #APISimplified #DotNetAPI

auth shouldn’t be the hardest part of building an api 😌 gotta be able to configure security 🔒 dnapi keeps it simple but flexible enough for real-world auth setups one yaml block and your jwt config is done authority audience ready to plug into any identity provider no manual middleware no custom attribute wiring just clean, declarative security 🧠

Authorization controls what users can do after authentication through three main models: RBAC assigns permissions to roles, ABAC uses attributes and context for fine-grained control, and ACL attaches permissions to individual resources. Real applications like GitHub and Stripe often combine these models. OAuth2 enables delegated authorization without sharing credentials, while JWTs and bearer tokens carry user identity and permissions across systems. The key is choosing the right combination of models and mechanisms based on your application's complexity and security requirements.

SAML or OAuth? They both enable secure authentication — but they’re not the same thing. Our latest article breaks down the differences between these two identity protocols: how each one works, when to use them, and why the right choice depends on your organization’s access needs. Read the full breakdown: https://openv.pn/42WugCm

🚀 wolfSSH 1.4.21 is here! This release includes critical security fixes (CVE-2025-11624 & CVE-2025-11625), #TPM key authentication, ED25519 support, and improved interoperability. Upgrade today & see all the new features in our blog! Download today: https://lnkd.in/giZjRdd9 #secureshell

Want #FIPS 140-3 compliance for your #Linux app’s web engine? WebKit2GTK now supports it through wolfSSL integration with GnuTLS, #OpenSSL, and Gcrypt — making it easier to deploy secure, compliant applications across regulated industries. Learn more:

Developers often grapple with the challenges of SSL/TLS implementation — typically relying on external tools and libraries to help. Unfortunately, this approach can introduce complexity, add points of failure, and make it harder to optimize performance. That's why we took a different path: we designed our own native, high-performance TLS stack from the ground up. In this #HAProxyConf session, William Lallemand from HAProxy discusses this development effort. He highlights key features such as shared session caching, dynamic certificate management, and support for modern protocols like QUIC. Learn how we built a complete, modern, high-performance TLS stack from the expert who lead the charge: https://hubs.la/Q03Nt6TZ0