Jump to content

Steven H. Blackwell

Moderators
  • Posts

    5,051
  • Joined

  • Last visited

  • Days Won

    46

Everything posted by Steven H. Blackwell

  1. View File OAuth OIDC Authentication For The FileMaker Platfrom The FileMaker Platform works with a number of OAuth OIDC Identity Providers and Brokers. This chart reflects that. Also the White Papers in this section discuss the details of this. These papers were co-authored with Wim Decorte. Submitter Steven H. Blackwell Submitted 09/23/2021 Category White Papers FM Version 16  
  2. Version 1.0.0

    9 downloads

    The FileMaker Platform works with a number of OAuth OIDC Identity Providers and Brokers. This chart reflects that. Also the White Papers in this section discuss the details of this. These papers were co-authored with Wim Decorte.
    Free
  3. I strongly recommend that all FileMaker Platform developers and Admins view this video. Steven H. Blackwell Platinum Member Emeritus
  4. Version 1.0.0

    267 downloads

    Wim Decorte and I are pleased to release another White Paper in our on-going series about extending OAuth2 and OIDC in the FileMaker Platform. Addendum 6 Comparative Analysis:Providers and Operating Systems provides an overview of the many options among various IDaaS (Identity as a Service) Providers and Brokers and various versions of FileMaker Server, both on-premise and Cloud-based.
    Free
  5. View File Comparative Analysis Addendum 6 Wim Decorte and I are pleased to release another White Paper in our on-going series about extending OAuth2 and OIDC in the FileMaker Platform. Addendum 6 Comparative Analysis:Providers and Operating Systems provides an overview of the many options among various IDaaS (Identity as a Service) Providers and Brokers and various versions of FileMaker Server, both on-premise and Cloud-based. Submitter Steven H. Blackwell Submitted 11/29/2020 Category White Papers FM Version
  6. When the device gets an iOS upgrade, this system may break. The PersistentID function has some issues. Also, you would have to protect this functionality against any tampering that would defeat its purpose. Steven H. Blackwell Platinum Member Emeritus
  7. View File Sign In With Apple Addendum 5 Wim Decorte and I are pleased to release another in our series of White Papers related to extending oAuth2 and OIDC to the FileMaker Platform. Addendum5 deals with the use of Apple ID and Sign In With Apple to authenticate FileMaker users. Submitter Steven H. Blackwell Submitted 07/16/2020 Category White Papers FM Version 17  
  8. Version 1.0.1

    237 downloads

    Wim Decorte and I are pleased to release another in our series of White Papers related to extending oAuth2 and OIDC to the FileMaker Platform. Addendum5 deals with the use of Apple ID and Sign In With Apple to authenticate FileMaker users.
    Free
  9. tell application "Mail" activate set theSelection to selection set theMessage to item 1 of theSelection set thesender to sender of theMessage set DateSent to date sent of theMessage set thecontent to content of theMessage set thesubject to subject of theMessage end tell tell application "FileMaker Pro Advanced" activate create new record --at after last record go to last record set data cell "Sender" of current record to thesender set data cell "DateSent" of current record to DateSent as string set data cell "MessageBody" of current record to thecontent set data cell "MessageSubject" of current record to thesubject end tell Maybe try this AppleScript.. Note names of fields in FMP database. This won't deal with attachments. Select one item in Mail client, and with FMP database open, then run the AppleScript. Steven H. Blackwell
  10. Basic answer is No. The construct you suggest here has been discussed in the past including directly with Claris/FMI. However it currently is not part of the FileMaker platform. Efforts to generate or invent such a system absent its being an integral part of the Platform lessen security, often by considerable amounts. However, this White Paper might be of help to you: Steven H. Blackwell Platinum Member Emeritus
  11. Good question. I would like to know this as well. Steven H. Blackwell Platinum Member Emeritus
  12. View File OAuth Extensibility Addendum4 Authentication With ADFS Wim Decorte and I are pleased to announce the release of another Addendum in our series of White Papers on extending the oAuth Authentication capabilities of the FileMaker Platform. This one deals with the use of Active Directory Federation Services (ADFS). FileMaker Server has been able to authenticate against Active Directory since 2004 (FileMaker® Pro 7. In order to authenticate users against Active Directory, your FileMaker Server has to be a member server in that Active Directory domain so that FileMaker Server, through the Operating System configuration, would know what domain controller to query for needed information. But what if you cannot have the FileMaker Server in your Domain? This Addendum addresses that issue. Submitter Steven H. Blackwell Submitted 04/08/2020 Category White Papers FM Version 17
  13. Version 1.0.0

    316 downloads

    Wim Decorte and I are pleased to announce the release of another Addendum in our series of White Papers on extending the oAuth Authentication capabilities of the FileMaker Platform. This one deals with the use of Active Directory Federation Services (ADFS). FileMaker Server has been able to authenticate against Active Directory since 2004 (FileMaker® Pro 7. In order to authenticate users against Active Directory, your FileMaker Server has to be a member server in that Active Directory domain so that FileMaker Server, through the Operating System configuration, would know what domain controller to query for needed information. But what if you cannot have the FileMaker Server in your Domain? This Addendum addresses that issue.
    Free
  14. View File OAuth Extensibility Addendum3 Wim Decorte and I are pleased to release another paper in our series on oAuth 2 OIDC and the FileMaker Platform. This one deals with a new IDaaS provider as well as secure password-less authentication. Submitter Steven H. Blackwell Submitted 04/06/2020 Category White Papers FM Version
  15. Version 1.0.0

    452 downloads

    Wim Decorte and I are pleased to release another paper in our series on oAuth 2 OIDC and the FileMaker Platform. This one deals with a new IDaaS provider as well as secure password-less authentication.
    Free
  16. Please see this Tech Info article: https://support.claris.com/s/article/What-to-do-if-FileMaker-Server-Admin-Console-password-is-lost-or-forgotten-1503692949732?language=en_US Steven H. Blackwell Platinum Member Emeritus
  17. View File Addendum2 oAuth Extensibility Working With OneLogin Wim Decorte and I are pleased to announce release of Addendum2 in our oAuth series for the Claris FileMaker Platform. This one focuses on the use of the OneLogin IDaaS service. Submitter Steven H. Blackwell Submitted 03/25/2020 Category White Papers FM Version
  18. Version 1.0.0

    221 downloads

    Wim Decorte and I are pleased to announce release of Addendum2 in our oAuth series for the Claris FileMaker Platform. This one focuses on the use of the OneLogin IDaaS service.
    Free
  19. No to Option 2. It will be the source of much trouble. Regarding Option 1: this is a much better approach, except Windows Server 2019 is not a supported OS for FileMaker® Server 18. Use Server 2012 or 2016. You can convert the files with a fair degree of ease. Link for OS requirements by Server version: https://support.claris.com/s/article/FileMaker-Server-operating-system-requirements-all-versions-1503692927810?language=en_US Steven H. Blackwell Platinum Member Emeritus
  20. We already have this capability for the FileMaker Platform, and we have had it for a number of years. More and more installations are using Two Factor Authentication (2FA) with these hardware devices. SMS in the form of a code sent to a mobile device, especially a telephone, is inherently insecure. How does the provider of the asset know that the recipient of the code is the person the requester claims to be? SMS messages can be re-routed by hijacking the Subscriber Identity Module (SIM) of the device. Note these two articles: https://securityintelligence.com/whats-wrong-with-sms-authentication-two-ibm-experts-weigh-in-on-the-nist-recommendation/ https://www.schneier.com/blog/archives/2020/01/sim_hijacking.html Thanks for replying. Steven H. Blackwell Platinum Member Emeritus
  21. This year 2020 will be one of Change and Challenge for the Claris FileMaker Community. It will require Commitment, Confidence, and Community Effort to see it to a successful conclusion. Herewith, in outline form, are some of the Challenges I foresee we will face: 1. We will need to develop a finer level of audit logging of Personally Identifiable Information (PII). Most logs currently focus on system level activity. A finer level of focus will assist in achieving compliance with various privacy requirements. Prompt response timelines for breaches will be an issue as well. 2. We will need to improve data level protection via encryption. The UI layer is insufficient for this purpose. But in the process of doing this, we must maintain system usability. 3. The practice of sending SMS text messages to mobile devices to achieve Two Factor Authentication (2FA) needs to end. It is inherently insecure, and there are better alternatives. 4. A better approach to 2FA is to adopt hardware tokens of various types. These can be made to work with the FileMaker Platform—indeed they already do so—using expanded oAuth Open ID Connect services. 5. We are going to need to adopt context—based authentication. Not just Who are you? and Are you who you say you are? But also, How do we know this? And from where are you seeking access, on what device, to what asset? This is not particularly easy to adopt; however, it can be done. 6. Mobile accessibility is due for a change. We are at the beginning of end of Wi-Fi. In 2020 we will begin to see adoption of what is called Citizens Broadband Radio Service (CBRS). This is not to be confused with the old CB Radio from the 1970’s. Adoption of CBRS is likely the beginning of Connectivity as a Service. 7. We will begin increasingly to see the containerization of applications and services, e.g. FileMaker Server. a. Unlike virtual machines, they don't need a full OS to be installed within the container. b. Once the container has been created, it can easily be deployed to different servers. From a software lifecycle perspective this is a great help, as containers can quickly be copied to create environments for development, testing, integration, and production. 8. We need to adopt processes that facilitate how data owners can assure they exercise due diligence on cloud-hosted data. The owner is the responsible party here. And it is the owner who likely would suffer the bulk of the onus of any breach. In order to exercise this due diligence, data owners must expect and insist on transparency from hosting and PaaS providers about security processes including who does and does not have access to and knowledge of encryption keys. This will not be a straightforward process. 9. As we experience more and more instances of Machine Learning, we will need to be aware of, and to guard against, manipulation of the Training Data that underpins this process. Such data are susceptible to attack and to manipulation that poisons the data. Even a very small amount of such alteration can affect the machine learning process. 10. The Human Element has always been at the center of effective FileMaker Platform Security. That will become even more the case in 2020 and beyond as we move to Federated Identity Management and to Digital Transformation. The culture of any organization is a governing element for its success. We will have many challenges here properly to account for and to plan for the Human Element. Steven H. Blackwell Platinum Member Emeritus
  22. Perhaps take a look at these papers: https://fmforums.com/files/file/115-how-to-extend-oauth/ https://fmforums.com/files/file/116-addendum-oauth-extensibility/ Open Directory is likely not the best choice for authentication. But it does work. You are correct in believing that a service that supports Group structures is your best avenue. Steven H. Blackwell Platinum Member Emeritus
  23. View File Addendum oAuth Extensibility Wim Decorte and I are pleased to release an Addendum to our recent White Paper entitled How FileMaker Developers Can Extend Authentication Options With New Additional OAuth2 Identity Providers In The FileMaker Platform. This Addendum has some additional technical details for FileMaker Platform developers and server administrators. It also has two Case Studies about where variations of these techniques are in place. Submitter Steven H. Blackwell Submitted 11/13/2019 Category White Papers FM Version
  24. Version 1.0.0

    238 downloads

    Wim Decorte and I are pleased to release an Addendum to our recent White Paper entitled How FileMaker Developers Can Extend Authentication Options With New Additional OAuth2 Identity Providers In The FileMaker Platform. This Addendum has some additional technical details for FileMaker Platform developers and server administrators. It also has two Case Studies about where variations of these techniques are in place.
    Free
  25. During the production process for the oAuth White Paper apparently an important sentence was dropped from Page 24 where we talk about the dbs_config.xml file. Before making changes to that file, make a back-up of it. And after the changes are made, make a second, separate back-up of the revised file. These can be used if needed for roll-backs. Steven H. Blackwell Platinum Member Emeritus
×
×
  • Create New...

Important Information

By using this site, you agree to our Terms of Use.