Difference between revisions of "SAML"
From MgmtWiki
(Created page with "==Full Title or Meme== Security Assertion Markup Language is a collection of standards used in Identifier Management ==Problems== There are two terms that SAML defined th...") |
|||
| (2 intermediate revisions by the same user not shown) | |||
| Line 3: | Line 3: | ||
==Problems== | ==Problems== | ||
| − | There are two terms that SAML defined that defy logical analysis but have | + | There are two terms that SAML defined that defy logical analysis but have propagated misunderstanding to this day. |
| − | * Identity | + | * [[Identity]] - the use in SAML lead to a conflation of the idea of a digital [[Identifier]] with a person's identity which it is surely is not. |
| − | * Claim - as defined in SAML the term is not problematic, but is use in Microsoft implementations has lead it to be conflated with [[Attribute]]. | + | * [[Claim]] - as defined in SAML the term is not problematic, but is use in Microsoft implementations has lead it to be conflated with [[Attribute]]. |
| + | |||
| + | ==Vulnerabilities== | ||
| + | |||
| + | * The "Golden SAML" is caused by the creation of an [[Identifier]] token that allowed access across multiple applications.<ref>Shaked Reiner, ''Golden SAML: Newly Discovered Attack Technique Forges Authentication to Cloud Apps'' CyberArk (2017-11-21) https://www.cyberark.com/resources/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps</ref> "A federation enables trust between different environments otherwise not related, like Microsoft AD, Azure, AWS and many others. This trust allows a user in an AD, for example, to be able to enjoy [[Single Sign-On]] (SSO) benefits to all the trusted environments in such federation." | ||
==References== | ==References== | ||
| + | [[Category: Vulnerability]] | ||
[[Category: Identity]] | [[Category: Identity]] | ||
[[Category: Identifier]] | [[Category: Identifier]] | ||
Latest revision as of 17:04, 17 June 2024
Full Title or Meme
Security Assertion Markup Language is a collection of standards used in Identifier Management
Problems
There are two terms that SAML defined that defy logical analysis but have propagated misunderstanding to this day.
- Identity - the use in SAML lead to a conflation of the idea of a digital Identifier with a person's identity which it is surely is not.
- Claim - as defined in SAML the term is not problematic, but is use in Microsoft implementations has lead it to be conflated with Attribute.
Vulnerabilities
- The "Golden SAML" is caused by the creation of an Identifier token that allowed access across multiple applications.[1] "A federation enables trust between different environments otherwise not related, like Microsoft AD, Azure, AWS and many others. This trust allows a user in an AD, for example, to be able to enjoy Single Sign-On (SSO) benefits to all the trusted environments in such federation."
References
- ↑ Shaked Reiner, Golden SAML: Newly Discovered Attack Technique Forges Authentication to Cloud Apps CyberArk (2017-11-21) https://www.cyberark.com/resources/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps
