saml – Page 13 – WindowsTechs.com

SAML Flaws Discovered With SSO Implications

Posted on February 28, 2018 by Marc Handelman

Kelby Ludwig – writing at Duo Lab’s has just posted a fascinating blog entry detailing their recent discovery of SAML vulns potentially affecting a range of implementations and deployments that could be both wide and deep. In this case, all being subj… Continue reading SAML Flaws Discovered With SSO Implications→

VU#475445: Multiple SAML libraries may allow authentication bypass via incorrect XML canonicalization and DOM traversal

Posted on February 27, 2018 by CERT

Multiple SAML libraries may incorrectly utilize the results of XML DOM traversal and canonicalization APIs in such a way that an attacker may be able to manipulate the SAML data without invalidating the cryptographic signature,allowing the attack to potentially bypass authentication to SAML service providers. Continue reading VU#475445: Multiple SAML libraries may allow authentication bypass via incorrect XML canonicalization and DOM traversal→

SAML nameID impersonation

Posted on February 23, 2018 by Rob Powell

We are using the nameId from the SAML response (in email format) to identify and authorize the incoming user on our system.
Could a different authenticated user not alter the SAML response from their redirection to have a dif… Continue reading SAML nameID impersonation→

Cloud Directory Feature AWS Server User Management

Posted on February 21, 2018 by Natalie Bluhm

IT networks are changing dramatically right before our eyes. Perhaps nowhere is that change more visible than in the data center. The migration of infrastructure from on-premises to the cloud…
The post Cloud Directory Feature AWS Server User Manageme… Continue reading Cloud Directory Feature AWS Server User Management→

Managed Identity and Access Management (IAM)

Posted on February 1, 2018 by Natalie Bluhm

Managed identity and access management solutions are making a major impact for IT organizations. Identity management is a major part of any IT organizations management tool infrastructure, and a new…
The post Managed Identity and Access Management (I… Continue reading Managed Identity and Access Management (IAM)→

Managed Authentication

Posted on January 25, 2018 by Jon Griffin

Authentication services are a critical part of every IT organization. It is, after all, how a user accesses the IT resources that they need, and how admins are able to…
The post Managed Authentication appeared first on JumpCloud.
The post Managed Aut… Continue reading Managed Authentication→

Cloud IdP

Posted on January 25, 2018 by Natalie Bluhm

Most IT management tool categories have shifted to the cloud, but not all of them. In the identity management space, the directory service has been slow to join infrastructure, applications,…
The post Cloud IdP appeared first on JumpCloud.
The post C… Continue reading Cloud IdP→

Cloud IdP

Posted on January 25, 2018 by Natalie Bluhm

SAML without AuthnRequestsSigned / WantAssertionsSigned

Posted on January 10, 2018 by Owow

I was asked to add the possibility to use OneLogin to connect on our platform.

I used the official php-saml example provided, made all the configurations needed and everything is working fine with OneLogin.

My question is :… Continue reading SAML without AuthnRequestsSigned / WantAssertionsSigned→

SAML without AuthnRequestsSigned / WantAssertionsSigned

Posted on January 10, 2018 by Owow

I was asked to add the possibility to use OneLogin to connect on our platform.

I used the official php-saml example provided, made all the configurations needed and everything is working fine with OneLogin.

My question is :… Continue reading SAML without AuthnRequestsSigned / WantAssertionsSigned→