OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

saml-dev message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: IdP Initiated SAML and Man in the middle

Hi!
Im researchingÂthe differentÂproblems with IdP initiated SAML and has come upon many sources that mention the problem with man in the middle vulnerability.Â
I understand that it is a problem. If an attacker can be between the browser and the SP when the response is sent, the attacker can take it and present it as his own.
But isnt this a problem in SP initiated as well? If the attacker can be between the browser and SP and the IdP and browser. It can intercept the response from the IdP and present it to SP. The response will correspond to the authnrequest sent for the original user.

--
Stefan

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]