惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

Threat Intelligence Blog | Flashpoint
Threat Intelligence Blog | Flashpoint
W
WeLiveSecurity
O
OpenAI News
N
News and Events Feed by Topic
K
KPMG report finds enterprise disconnect between AI and its ROI | CIO
cs.CV updates on arXiv.org
cs.CV updates on arXiv.org
Webroot Blog
Webroot Blog
Google Online Security Blog
Google Online Security Blog
云风的 BLOG
云风的 BLOG
N
News | PayPal Newsroom
H
Hacker News: Front Page
博客园_首页
Exploit-DB.com RSS Feed
Exploit-DB.com RSS Feed
The Last Watchdog
The Last Watchdog
钛媒体:引领未来商业与生活新知
钛媒体:引领未来商业与生活新知
H
Heimdal Security Blog
cs.AI updates on arXiv.org
cs.AI updates on arXiv.org
S
Schneier on Security
宝玉的分享
宝玉的分享
H
Hackread – Cybersecurity News, Data Breaches, AI and More
Recent Commits to openclaw:main
Recent Commits to openclaw:main
Y
Y Combinator Blog
Cyberwarzone
Cyberwarzone
Microsoft Security Blog
Microsoft Security Blog
C
CXSECURITY Database RSS Feed - CXSecurity.com
GbyAI
GbyAI
Cloudbric
Cloudbric
TaoSecurity Blog
TaoSecurity Blog
人人都是产品经理
人人都是产品经理
P
Palo Alto Networks Blog
M
MIT News - Artificial intelligence
G
GRAHAM CLULEY
C
Check Point Blog
Apple Machine Learning Research
Apple Machine Learning Research
Last Week in AI
Last Week in AI
T
Troy Hunt's Blog
L
Lohrmann on Cybersecurity
www.infosecurity-magazine.com
www.infosecurity-magazine.com
P
Proofpoint News Feed
Blog — PlanetScale
Blog — PlanetScale
量子位
博客园 - 聂微东
S
Securelist
博客园 - 三生石上(FineUI控件)
F
Full Disclosure
G
Google Developers Blog
L
LINUX DO - 热门话题
P
Proofpoint News Feed
AI
AI
PCI Perspectives
PCI Perspectives

Duende Software Official Site

Duende Software Duende Software Duende Software Duende Software Duende Software Duende Software Stop AI Bots from Wasting Your Server How Duende IdentityServer Filters Claims (And Why It Matters) Core vs Extended Protocols in Duende IdentityServer v8: What You Get and When You Need More Setting Up SAML Single Sign-On in ASP.NET with Duende IdentityServer Your Identity, Your Terms: Duende's Modular Identity Infrastructure and v8.x Release Duende Spring Launch '26: Identity Infrastructure That Expands With You SAML and OpenID Connect (OIDC): Coexistence, Not Competition The 9 Components of SAML You Need to Know, Ranked by Importance The Cost of NOT Implementing Financial-Grade Security Token Issuer Isolation: Why It Matters for Security and Compliance The Composable Identity Pattern: Build What You Need, Skip What You Don't Multi-Brand Identity: When Your Company Needs More Than One Face Post-Quantum Cryptography in .NET 10: A Practical Guide The field Keyword in C# 14: Write Less, Validate More The Real Cost of Build vs. Buy for Identity OAuth 2.1 Made Simple: The Only Flows You Need Beyond localhost: Multi-Instance ASP.NET Core Deployment with .NET 10 Harden Your .NET JSON Deserialization with System.Text.Json and JsonSerializerOptions.Strict ASP.NET Core Cookie Size Limits in Production: Causes and Fixes The Emergency Stop Button - Implementing Immediate Token Revocation in .NET 10 The 2025 OWASP Top 10 and IdentityServer Update Guidance for CVE-2026-40372 - ASP.NET Data Protection Why a Standard JWT Access Token Matters The Identity Governance Checklist You Wish You Had Six Months Ago The History and Future of SAML: Why a 20-Year-Old Protocol Still Matters The Cookie Apocalypse Already Happened Verify - Open Source Sponsorship Why Identity Is Infrastructure, Not a Feature Extending Duende IdentityServer Server-Side Sessions with Dynamic User Metadata Give Your AI Coding Assistant Duende Expertise with Agent Skills and MCP Server Triggering User Registration via OpenID Connect with Duende IdentityServer Improving .NET Security Code with C# 14 Property Extensions Developing Audit Logs with Duende IdentityServer Events Patch Releases: Addressing CVE-2026-26127 in Microsoft.BCL.Memory Client-Initiated Backchannel Authentication (CIBA) in ASP.NET Core 10 with Duende Identity Server Rate Limiting IdentityServer Endpoints It's Probably DNS - Can You Dig It? Security Lingo Explained: Encode vs Encrypt vs Hash Implementing Zero Trust with Resource Isolation Security Lingo Explained: JWT DPoP Security for .NET APIs with JwtBearer Extensions v1.0.0 Announcing the Duende IdentityServer4 Migration Analysis Tool BenchmarkDotNet - Open Source Sponsorship Security Lingo Explained: PAR Why Signing Key Rotation Matters in OpenID Connect and Duende IdentityServer Security Lingo Explained: OP Duende Year-End Review 2025 Security Lingo Explained: BCP Security Lingo Explained: DPoP Security Lingo Explained: Auth Secure frontend apps with the BFF Pattern Scaling with Duende IdentityServer, MCP, and AI Duende IdentityServer v7.4 is now available Duende BFFv4 is now available Securing OpenAPI and Swagger UI with OAuth in .NET 10 Building a Federation Gateway with Duende IdentityServer: Strategies and Considerations for Identity Orchestration
Your IdentityServer v8 Upgrade Checklist: A Quick Pre-Flight Guide
2026-06-11 · via Duende Software Official Site
Summary: Upgrading to IdentityServer v8 doesn't have to be stressful. The release follows an additive infrastructure model, meaning your existing configuration, clients, and deployments continue to work without breaking changes. This guide walks you through a practical pre-flight checklist covering everything from auditing your current setup and backing up your stores, to updating your .NET SDK, running database migrations, and safely rolling out to production. Once you're on v8, you'll also unlock a suite of powerful opt-in features, including Multi-Issuer support, User Management, SAML 2.0, and Financial-Grade Security conformance.

Nobody wakes up on a Monday morning and thinks, “You know what would be fun? Breaking authentication for every user in production.“ But we know that’s exactly what flashes before your eyes when you see “Major Version Upgrade” in the release notes. If you’re feeling that IdentityServer v7-to-v8 upgrade anxiety: we get it.

Here's the good news: migrating from IdentityServer v7 to v8 was designed with one simple rule: don't break what's working. IdentityServer 8 follows an additive infrastructure model. New capabilities are additions, not replacements. Your existing configuration, your clients, and your deployment all keep working.

But even smooth upgrades deserve a little prep. Think of this as your pre-flight checklist. Pilots don't skip it just because they've flown a thousand times, and neither should you.

The Checklist

Before You Touch Anything

Know what you're running. Write down your exact IdentityServer v7 NuGet package version, your .NET version, your database provider, and every custom extension you've wired up (IProfileService, custom grants, middleware, etc.). Future-you will thank present-you.

Scan the release notes and upgrade docs for what affects you. Look for deprecated APIs you're currently using, changes to default behavior (token lifetimes, security defaults), and anything deprecated in IdentityServer v7 and removed in IdentityServer v8.

Back up everything. Configuration store, operational store, deployment artifacts, config files. If it matters, back it up. Not sure if it matters? Back it up.

Clone your environment. Spin up a staging or test environment that mirrors production. Representative data, realistic clients, the works. If you have automated tests for your identity flows, now's their time to shine. If you don't, maybe make that your next project.

Map and know your rollback path. Before you touch production, document how you get back to IdentityServer v7 if something goes wrong. Database restore steps, NuGet package downgrades, DNS or deployment slot swaps. Whatever applies to your setup. You probably won't need it, but the pre-flight checklist isn't complete without it.

The Actual Upgrade

Update your .NET SDK and target framework. IdentityServer v8 targets net10.0. Update global.json and your .csproj TargetFramework before touching NuGet packages.

Update ALL Duende IdentityServer NuGet packages to v8. All of them. At the same time. Don't mix versions. That path leads to sadness.

Run database migrations (if applicable). If you're using EF-backed stores, generate idempotent migration scripts and review the resulting SQL before applying them. For large databases, test on a copy of production data first and estimate migration time.

Build and fix. Run dotnet build. If it compiles, you're already most of the way there. Address any breaking changes, and consult the release notes to learn about before/after examples for each. Note, the biggest change is the move towards proper use of CancellationToken.

Run your tests. Unit tests first, then integration tests. Pay attention to token format, discovery document structure, refresh token behavior, and session management. Compare IdentityServer v7 and IdentityServer v8 outputs side by side if you want extra peace of mind.

Deploy to staging, then production. Staging first. Smoke test with real clients. Then production, ideally during a low-traffic window. Watch p50/p95/p99 latency, token issuance success rate, and error rates on the token endpoint. Compare to your IdentityServer v7 baseline for the first 48 hours.

Ready?

The migration was designed to be straightforward. The core behavior is unchanged, and new features are opt-in. The upgrade isn't a tax, it's an investment in where your identity infrastructure is headed.

Check out the IdentityServer v8 upgrade guide →

Start with the checklist above, set up a test environment, and try the upgrade. If you hit anything unexpected, let us know!

Done with the upgrade? Here's what you unlocked.

IdentityServer v8 is a platform that grows with you. Start with what you need today, add new capabilities tomorrow. Each of these is an independent, opt-in add-on:

  • Multi-Issuer — Have multiple issuers served from the same deployment. Each gets its own OIDC discovery endpoint and signing key rotation.
  • User Management — Modern authentication methods like One-Time Passwords (OTP), passkeys, ... Registration flows, self-service password reset, ... The things AddAspNetIdentity<T>() doesn't give you.
  • SAML — Full SAML 2.0 support as an IdP, and federation to other SPs. That "20-year-old protocol" still runs half the enterprise world, and your customers know it.
  • Financial-Grade Security and Compliance — DPoP, PAR, and sender-constrained tokens validated in an OAuth 2.1 and FAPI 2.0 profile conformance report. Useful for any high-value API.

Happy upgrading!