Difference between revisions of "SAML"
From MgmtWiki
(→Problems) |
|||
| (One intermediate revision by the same user not shown) | |||
| Line 7: | Line 7: | ||
* [[Claim]] - as defined in SAML the term is not problematic, but is use in Microsoft implementations has lead it to be conflated with [[Attribute]]. | * [[Claim]] - as defined in SAML the term is not problematic, but is use in Microsoft implementations has lead it to be conflated with [[Attribute]]. | ||
| − | == | + | ==Vulnerabilities== |
| − | * The "Golden SAML" is caused by the creation of an [[Identifier]] token that allowed access across multiple applications.<ref>Shaked Reiner, ''Golden SAML: Newly Discovered Attack Technique Forges Authentication to Cloud Apps'' CyberArk (2017-11-21) https://www.cyberark.com/resources/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps</ref> | + | * The "Golden SAML" is caused by the creation of an [[Identifier]] token that allowed access across multiple applications.<ref>Shaked Reiner, ''Golden SAML: Newly Discovered Attack Technique Forges Authentication to Cloud Apps'' CyberArk (2017-11-21) https://www.cyberark.com/resources/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps</ref> "A federation enables trust between different environments otherwise not related, like Microsoft AD, Azure, AWS and many others. This trust allows a user in an AD, for example, to be able to enjoy [[Single Sign-On]] (SSO) benefits to all the trusted environments in such federation." |
==References== | ==References== | ||
| + | [[Category: Vulnerability]] | ||
[[Category: Identity]] | [[Category: Identity]] | ||
[[Category: Identifier]] | [[Category: Identifier]] | ||
Latest revision as of 17:04, 17 June 2024
Full Title or Meme
Security Assertion Markup Language is a collection of standards used in Identifier Management
Problems
There are two terms that SAML defined that defy logical analysis but have propagated misunderstanding to this day.
- Identity - the use in SAML lead to a conflation of the idea of a digital Identifier with a person's identity which it is surely is not.
- Claim - as defined in SAML the term is not problematic, but is use in Microsoft implementations has lead it to be conflated with Attribute.
Vulnerabilities
- The "Golden SAML" is caused by the creation of an Identifier token that allowed access across multiple applications.[1] "A federation enables trust between different environments otherwise not related, like Microsoft AD, Azure, AWS and many others. This trust allows a user in an AD, for example, to be able to enjoy Single Sign-On (SSO) benefits to all the trusted environments in such federation."
References
- ↑ Shaked Reiner, Golden SAML: Newly Discovered Attack Technique Forges Authentication to Cloud Apps CyberArk (2017-11-21) https://www.cyberark.com/resources/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps
