About GDHacker IDS
GDHacker IDS is the district's authoritative single sign-on (SSO) and identity service. It centralizes authentication for approved district internal applications and services to improve security, simplify access, and provide consistent audit trails.
Now with SAML2, OIDC support for Service Provider (SP) and Identity Provider (IdP) integrations.
Executive summary
This service was designed and implemented to provide a standards-based, secure authentication platform for internal applications. It implements modern best practices including OAuth 2.0 / OpenID Connect, PKCE, rotating refresh tokens, FIDO2 (passkeys), and SAML2 for federated SSO with third-party and legacy systems.
Scope & authority
This identity service is the district-authorized authentication gateway for integrated applications. Only applications approved by district may delegate authentication to this service. Integration and client registration are managed by the DOB following district policies.
Service details
- Service
- Central SSO / Identity Provider (GDHacker IDS)
- Owner / Maintainer
- Information Security Specialist — YYDS (sole developer and maintainer of this service)
- Environment
- Production — district internal use only
- Primary technologies
- ASP.NET Core (.NET 10), Dapper, OAuth 2.0/OIDC, Microsoft SQL Server, FIDO2, SAML2
- Standards
- OAuth 2.0, OpenID Connect, PKCE, FIDO2 / WebAuthn, SAML2
- Support
- User support via Help Desk. Technical integration support by YYDS at webmaster@gdhacker.com.
Availability & change management
The service is maintained by YYDS. Planned maintenance and configuration changes follow district change control procedures. Emergency fixes and security patches are applied as required to maintain the security and availability of the service.
Security, audit & privacy
Authentication events and administrative actions are logged for audit and incident response. Sensitive configuration and secrets must be stored in a secure vault and rotated periodically. Access to administrative functions and logs is restricted to authorized personnel under district policy.
Integration guidance
Third-party or internal applications that integrate with this service should:
- Register as an OAuth/OIDC client or SAML2 Service Provider (SP) and follow the provided configuration.
- For SAML2, use the published IdP metadata and configure ACS/Logout endpoints as documented.
- Prefer PKCE for public OAuth clients and use confidential client credentials for server-side apps.
- Implement token or assertion validation and handle refresh token rotation according to the integration guide.
Credits
Developed and maintained by YYDS — Information Security Specialist. For deployment, integration, or security questions/feedback, contact YYDS at webmaster@gdhacker.com.
Back to home