Difference between revisions of "SAML"
From MgmtWiki
| Line 9: | Line 9: | ||
==Vulnerabilities== | ==Vulnerabilities== | ||
| − | * The "Golden SAML" is caused by the creation of an [[Identifier]] token that allowed access across multiple applications.<ref>Shaked Reiner, ''Golden SAML: Newly Discovered Attack Technique Forges Authentication to Cloud Apps'' CyberArk (2017-11-21) https://www.cyberark.com/resources/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps</ref> "A federation enables trust between different environments otherwise not related, like Microsoft AD, Azure, AWS and many others. This trust allows a user in an AD, for example, to be able to enjoy SSO benefits to all the trusted environments in such federation." | + | * The "Golden SAML" is caused by the creation of an [[Identifier]] token that allowed access across multiple applications.<ref>Shaked Reiner, ''Golden SAML: Newly Discovered Attack Technique Forges Authentication to Cloud Apps'' CyberArk (2017-11-21) https://www.cyberark.com/resources/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps</ref> "A federation enables trust between different environments otherwise not related, like Microsoft AD, Azure, AWS and many others. This trust allows a user in an AD, for example, to be able to enjoy [[Single Sign-On]] (SSO) benefits to all the trusted environments in such federation." |
==References== | ==References== | ||
Latest revision as of 17:04, 17 June 2024
Full Title or Meme
Security Assertion Markup Language is a collection of standards used in Identifier Management
Problems
There are two terms that SAML defined that defy logical analysis but have propagated misunderstanding to this day.
- Identity - the use in SAML lead to a conflation of the idea of a digital Identifier with a person's identity which it is surely is not.
- Claim - as defined in SAML the term is not problematic, but is use in Microsoft implementations has lead it to be conflated with Attribute.
Vulnerabilities
- The "Golden SAML" is caused by the creation of an Identifier token that allowed access across multiple applications.[1] "A federation enables trust between different environments otherwise not related, like Microsoft AD, Azure, AWS and many others. This trust allows a user in an AD, for example, to be able to enjoy Single Sign-On (SSO) benefits to all the trusted environments in such federation."
References
- ↑ Shaked Reiner, Golden SAML: Newly Discovered Attack Technique Forges Authentication to Cloud Apps CyberArk (2017-11-21) https://www.cyberark.com/resources/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps
