In previous posts we described Single Sign-On
(SSO) and the messages within the authentication flow in detail.
Additionally, we showed implementation pitfalls on the Service
Provider (SP) side resulting in critical vulnerabilities.
In 2012 we started a study about the security of
SAML based Identity Provider (IdP). The motivation to make this study
was very simple – if the Identity Provider is vulnerable, all
Service Providers are affected. In other words – even if the
Service Provider is implemented correctly, an attacker can
successfully get illegitimate access to restricted resources, e.g.
victim's account.
Recent research on web security and related topics. Provided and maintained by members and friends of the Chair for Network and Data Security, Horst Görtz Institute, Ruhr-University Bochum.