Single Sign-On

Single Sign-On

Using authentication via Single Sign-On (SSO) has many advantages over simple Username/Password mechanisms. Whereas for the latter, the user has to remember multiple different Username/Password combinations, this overhead can be significantly reduced with SSO. Also, the security of Username/Password relies solely on the strength of the password provided by the user, but SSO allows for the adoption of several technical measures to further enhance the security of the login procedure.

Verification of SAML Tokens - Traps and Pitfalls

Verification of SAML Tokens - Traps and Pitfalls

This post will describe some findings in Single Sign-On area and problems related to the security of SAML-based authentication interfaces.

We will describe 6 attacks: Replay Attack, Token Recipient Confusion, Signature Exclusion, XML Signature Wrapping, Certificate Faking and Certificate Injection.

All 6 attacks are related to the SAML SSO interface and are high critical regarding the security.