Joonas Bergius 8/3/2021

SAML is insecure by design

Read Original

This article provides a technical critique of the Security Assertion Markup Language (SAML), a standard for single sign-on. It argues that SAML's security design is fundamentally flawed because it relies on signing computed values, making it malleable and vulnerable to exploitation. The author explains the concept with examples, references catastrophic vulnerabilities in real systems like government services, and contrasts it with the desired property of non-malleability in secure systems.

0 comments
#security #authentication #web security
SAML is insecure by design

Comments

No comments yet

Be the first to share your thoughts!

Browser Extension

Get instant access to AllDevBlogs from your browser

Top of the Week

1
React, useEffect, and Stale Closures: How to Avoid Them with Dependencies and useRef
Jivbcoop 4 votes
2
Better react-hook-form Smart Form Components
Maarten Hus 2 votes
3
AGI, ASI, A*I – Do we have all we need to get there?
John D. Cook 1 votes
4
Quoting Thariq Shihipar
Simon Willison 1 votes
5
Dew Drop – January 15, 2026 (#4583)
Alvin Ashcraft 1 votes
6
Using Browser Apis In React Practical Guide
Jivbcoop 1 votes