[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Flaw identified (and apparently fixed) in Google's SAML implementation
http://www.ai-lab.it/armando/pub/fmse9-armando.pdf Importantly "It is immediate to see that the attack originates from one of the simplifications that Google adopted in its SAML SSO solution and namely from simplification (G1) that deprives the authentication assertion of both the ID and SP fields (cf. Section 2). In fact, by performing a similar analysis on the standard SP-Initiated SSO with Redirect/POST Bindings, no attacks have been reported by SATMC despite the several protocol scenarios considered." paul -- Paul Madsen e:paulmadsen @ ntt-at.com NTT p:613-482-0432 m:613-282-8647 aim:PaulMdsn5 web:connectid.blogspot.com
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]