Twitter
« HTTP NTLM Information Disclosure | Main | Building Fortify Custom Rules for Spring MVC »
Wednesday
Dec112013

Web-based Single Sign-On and the Dangers of SAML XML Parsing

Security Assertion Markup Language (SAML) is a popular XML-based open standard for exchanging authentication and authorization data between two systems.  In the world of enterprise cloud applications, SAML is one of the most common protocols for implementing single sign-on between enterprise customers and cloud service providers. While implementing SAML authentication for our SendSafely secure file exchange solution, we encounted some security concerns with one of the more popular open source libraries for parsing SAML requests. 

Check out our latest post over at the Send Safely Blog for the complete details. This post should be a must read for any organization that is handling SAML request data.