Can I Use Self Signed Certificates with Beowulf STS?
You can use self-signed certificates for test purposes. However, doing so will disable certain aspects of PKI (public key infrastructure) such as checking for CRL (certificate revocation lists) and therefore we do not recommend this for production environments.
For 100% internally federated systems such as a pure Beowulf+SharePoint install, certificates issued by a domain CA are sufficient. However, we have seen customers who later decided to leverage SSO with third-parties who then had to go back and obtain certificates issued by a publicly trusted CA, with significant effort to reconfigure all the integrated applications. Please choose your configuration responsibility.
Can Beowulf Provide Single SIgn On Services?
Yes, through our SSO configuration for Department of Energy, we have recently proven that Beowulf can be used effectively as a single sign-on service.
Please see our case study on this topic.
Can Beowulf Secure ASP.net Applications Besides SharePoint?
Yes, absolutely. There are three ways. You can replace the forms based login pages of your legacy application with the login pages for the Beowulf Authentication Service. You can leverage our pass-through ASP.net Membership Provider, which will replace the provider of your legacy application. Or, you can convert your legacy application to use claims-based autnetication via Windows Identity Framework. In most cases, you shouldn't need to migrate your existing user database to leverage any of these preferred approaches.
Can Beowulf Secure Web Applications Based on Apache Linux?
Yes, through the use of the external authentication module, we can provide authentication to Linux applications. This approach may require some customization of your application and/or migration of your user database.
Also, any Linux/Apache application that can support Shibboleth can also use Beowulf through the same type of SAML federation.
Is Beowulf Tied to Any Specific Authentication Scheme, Such As Active Directory?
No, we support a wide variety of authentication schemes. One of the reasons for this is that we believe one of the best ways to maintain the security of a SharePoint farm is to ensure that users do not have Active Directory accounts that would allow access to server resources in any way.
Does Beowulf Work with Office 365 and SharePoint Online?
The answer here is complicated, because it depends. Our Authentication Service can be leveraged directly with Office 365 or indirectly by combining Office 365 with ADFS. However, our SharePoint components are full-trust WSPs and cannot be deployed to SharePoint Online.
Our development roadmap includes leveraging recent improvements to the Office 365 and SharePoint API to allow us to replicate many of our most popular features for Office 365 and SharePoint Online. We hope to start releasing some of these features later in 2017.
Why Is Open Source Used in Beowulf?
It is our belief that an implementation of any security related solution will be more secure if it is based on open source which is used and reviewed by many people and organizations, rather than a closed system which is owned by a single organization and whose implementation details are kept secret from the general public. While it may be possible for some large security software companies to keep certain details of their software a secret and still provide sufficient review from within their own staff, we do not pretend that this is possible for a company of our size. We use open source software to provide the necessary peer review, and remain committed to continual testing and updating our codebase whenever vulnerabilities are found.
Why Doesn't Beowulf Support OpenID 2.0 or Oauth 1.0?
While Beowulf did support these standards previously, several security vulnerabilities have caused them to fall out of favor and many providers have deprecated or discontinued their support for OAuth 1.0 and OpenID2. While it is still technically possible to use providers who rely on these standards, it is not recommended.
Is Beowulf vulnerable to the Heartbleed bug?
No. Heartbleed exploits a weakness in older versions of OpenSSL. Beowulf relies on Microsoft IIS to perform all SSL encryption, and therefore is not affected by this issue.