New Security Features (SSO-PassKey-OIDC-SAML)

🚀 Exciting Developments in IBM i Security! 🚀

Following the recent release of IBM OS400 7.6, which introduced native support for 5250 OTP login, we are pushing the boundaries of security integration even further.

Green Screens Server for IBM i is made with a focus on security and primarily as a Cloud based solution, which drive us to focus on high security standards and security related features.

We are thrilled to announce that Green Screens Server for IBM i V6 will enable seamless integration between Kerberos Single Sign-On (SSO) and OTP/PassKey technologies (commonly known as FIDO, WebAuthn, and biometric authentication). This advancement allows users with registered PassKeys (or optionally OTP tokens) to securely access the IBM i terminal without needing to enter or even know their passwords.

Green Screens currently support features such as "Verification" and "Bypass Password" mode. However, the latter is not an ideal solution, which has led us to develop a new feature based on "Kerberos S4U2Self" integration with PassKey. Imagine using a fingerprint reader or physical security keys like YubiKey or Google Key to access the system effortlessly—without needing a password or any desktop installation requirements. This truly exemplifies a cloud-based and secure solution.

Additionally, we made a significant progress toward creating an integrated solution for SAML and OIDC standards for 5250 terminal SSO login. While we recognize that this is a complex journey, we are optimistic that the final solution will support a variety of online password-less multi-factor authentication (MFA) integrations. Currently, our main focus is on finalizing SSO-PassKey-OTP integration, and once that is complete, we will turn our attention to Keycloak integration.

We are excited about these innovations and their potential to enhance security and improve the user experience.